http://www.wired.com/2014/07/google-project-zero/
By Andy Greenberg
Threat Level
Wired.com
07.15.14
When 17-year-old George Hotz became the world’s first hacker to crack
AT&T’s lock on the iPhone in 2007, the companies officially ignored him
while scrambling to fix the bugs his work exposed. When he later reverse
engineered the Playstation 3, Sony sued him and settled only after he
agreed to never hack another Sony product.
When Hotz dismantled the defenses of Google’s Chrome operating system
earlier this year, by contrast, the company paid him a $150,000 reward for
helping fix the flaws he’d uncovered. Two months later Chris Evans, a
Google security engineer, followed up by email with an offer: How would
Hotz like to join an elite team of full-time hackers paid to hunt security
vulnerabilities in every popular piece of software that touches the
internet?
Today Google plans to publicly reveal that team, known as Project Zero, a
group of top Google security researchers with the sole mission of tracking
down and neutering the most insidious security flaws in the world’s
software. Those secret hackable bugs, known in the security industry as
“zero-day” vulnerabilities, are exploited by criminals, state-sponsored
hackers and intelligence agencies in their spying operations. By tasking
its researchers to drag them into the light, Google hopes to get those
spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing
bugs only in Google’s products. They’ll be given free rein to attack any
software whose zero-days can be dug up and demonstrated with the aim of
pressuring other companies to better protect Google’s users.
“People deserve to use the internet without fear that vulnerabilities out
there can ruin their privacy with a single website visit,” says Evans, a
British-born researcher who formerly led Google’s Chrome security team and
will now helm Project Zero. (His business cards read “Troublemaker.”)
“We’re going to try to focus on the supply of these high value
vulnerabilities and eliminate them.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
