Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Project Zero Aims To Find Exploits Before Attackers Do

Posted by Unknown on from the evil-hackers-respond-with-negative-one-day-exploits dept.

DavidGilbert99 (2607235) writes "Google has announced Project Zero, a group of security experts who will hunt down security flaws in all software which touches the Internet. Among the group is a 24-year-old called George Hotz who shot to fame in 2007 when he was the first to unlock the iPhone before reverse engineering the PlayStation 3." Quoting the Project Zero announcement: You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. ... We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. All issues will be reported to the usual public vulnerability databases after vendors are given a short period to fix their systems and software.

7 of 62 comments (clear)

  1. "fuzzing" by xxxJonBoyxxx · · Score: 2

    >> automated software that throws random data at target software for hours on end to find which files cause potentially dangerous crashes.

    You could just replace that with "fuzzing tools." :) The "files...cause...crashes" is kind of funny too.

  2. Legality? by gstoddart · · Score: 2

    So, are they planning on buying copies of said software, and testing it in house?

    Or do they think they're going to be doing penetration testing without permission? Because, the last I heard, that was actually illegal.

    --
    Lost at C:>. Found at C.
    1. Re:Legality? by maliqua · · Score: 2

      The cost of the software for google is cheap compared to the value of the "we're the internet good guys" PR

    2. Re:Legality? by maliqua · · Score: 2

      Just to be clear, i don't think google is the good guys, just that they want to be perceived that way.

  3. Did'nt the courts make that illegal? by Anonymous Coward · · Score: 2, Interesting

    I thought there were stories here about white hat/ black hat the courts don't care - go to jail.( Not that I agree with the rulings) So Google gets a by on the laws?

  4. Re:Code name "Only our back doors" by Sqr(twg) · · Score: 2

    You don't have to trust them. Even if they don't point out the vulnerabilities that the NSA use, they will point out vulnerabilities that the Russians or Chinese might use, and that's already better than nothing.

  5. debug my software please by goombah99 · · Score: 4, Funny

    SO I just post my software and these guys do a free security analysis. Cool, now I can be sloppy!

    --
    Some drink at the fountain of knowledge. Others just gargle.