Patching the internet: Google to monitor the web for vulnerabilities with Project Zer - futures io
futures io futures trading



Patching the internet: Google to monitor the web for vulnerabilities with Project Zer


Discussion in Traders Hideout

Updated by kbit
    1. trending_up 221 views
    2. thumb_up 1 thanks given
    3. group 0 followers
    1. forum 0 replies
    2. attach_file 0 attachments




Welcome to futures io: the largest futures trading community on the planet, with well over 100,000 members
  • Genuine reviews from real traders, not fake reviews from stealth vendors
  • Quality education from leading professional traders
  • We are a friendly, helpful, and positive community
  • We do not tolerate rude behavior, trolling, or vendors advertising in posts
  • We are here to help, just let us know what you need
You'll need to register in order to view the content of the threads and start contributing to our community.  It's free and simple.

-- Big Mike, Site Administrator

(If you already have an account, login at the top of the page)

 
Search this Thread
 

Patching the internet: Google to monitor the web for vulnerabilities with Project Zer

(login for full post details)
  #1 (permalink)
Aurora, Il USA
 
Experience: Advanced
Platform: TradeStation
Trading: futures
 
kbit's Avatar
 
Posts: 5,902 since Nov 2010
Thanks: 3,294 given, 3,352 received

Anyone with knowledge of otherwise unknown software vulnerabilities can harness that info to hack the computers of targets, be it for reasons for espionage or income enhancement. Now Google says it has new plans to put that practice on ice.

On Tuesday, the Silicon Valley giant announced that it was bringing onboard several security researchers to join its newly unveiled “Project Zero,” where together they’ll aim “to significantly reduce the number of people harmed by targeted attacks” by searching for critical internet vulnerabilities and bringing them to light before they risk being taken advantage of someone with ill intent.

According to a statement from Google, Project Zero is hiring “the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the internet.”

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Project Zero researcher Chris Evan pleads in Tuesday’s press release. “Yet in sophisticated attacks, we see the use of‘zero-day’ vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.”

A thriving, underground market currently exists for so-called “zero-day” exploits — exploits that take advantage of unpatched glitches, bugs and otherwise outright flaws that the developers responsible for those applications have had no time, or zero days, to issue a repair. Basement hackers and government-paid agencies alike rely on zero days to attack targets, and the right exploits reportedly fetch upwards of six-figures when sellers can prove that the that the vulnerabilities they’ve discovered can do a lot of damage.

So significant are certain zero days, in fact, that a group of cyber experts assembled by United States President Barack Obama last year warned that the US intelligence community should avoid stockpiling exploits; earlier this month, the National Security Agency was sued for failing to adequately explain how it hoards these exploits. Recently, the NSA was accused of keeping details about the colossal Heartbleed bug hidden before it was eventually caught in part by Google’s researchers and patched.

Speaking to Wired journalist Andy Greenberg for an article published this week, Evans added zero-days, no matter who is made aware of them, need to be expunged from the internet.

“People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,” he told Greenberg. “We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.”

According to Greenberg, the “hacker-hunters” who are being brought onboard Project Zero will scour various products in search of bugs, then alert the company responsible for the application and ask them to provide a patch. Developers will then have between 60 and 90 days to issue a fix, at which point Project Zero will publically disclose the vulnerability on an official Google blog. If zero-days are being actively exploited, Greenberg added, then Google’s hackers will aim to find a fix of their own as soon as possible.

“It’s not acceptable to put people at risk by taking too long or not fixing bugs indefinitely,” explained Evans.

https://www.rt.com/usa/173004-google-project-zero-day/

Reply With Quote
The following user says Thank You to kbit for this post:


futures io Trading Community Traders Hideout > Patching the internet: Google to monitor the web for vulnerabilities with Project Zer


July 15, 2014


Upcoming Webinars and Events
 

Free BloodHound Licenses for everyone!

June
 

Every journal equals ten meals for the hungry

June
     



Copyright © 2020 by futures io, s.a., Av Ricardo J. Alfaro, Century Tower, Panama, +507 833-9432, info@futures.io
All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts