New Google Security Reward Program Announcement

jones_supa writes Since 2010, Security Reward Programs have been one cornerstone of Google's relationship with the security research community. In 2014, the company rewarded 200 different researchers with a total amount of $1.5 million. Google wants to celebrate the participants' contributions to the company, and in turn, their contributions back to the researchers. For 2015, two additions to the programs are being announced. It has been noted that researchers' efforts through these programs, combined with Google's internal security work, have made it increasingly difficult to find bugs. Of course, that's good news, but it can also be discouraging when researchers invest their time and struggle to find issues. With this in mind, today Google is rolling out a new, experimental program: Vulnerability Research Grants. These are up-front awards that will be provided to researchers before they even submit a bug. To learn more about the current grants, and review your eligibility, have a look at the rules page. Second, also starting today, all mobile applications officially developed by Google on Google Play and iTunes will now be within the scope of the Vulnerability Reward Program.

New CIA security reward program!

https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836451a959e

Google AV... baked in with every product.

[The+New+Guy+2.0]

Google's got something ahead of the antivirus vendors... they're paying to prevent the hole from being open rather than setting up to block what comes in the hole. Chrome's main problem has been "feature not implemented" rather than takeovers that were seen in the early days of Internet Explorer. ChromeOS products are looking to be cheap user machines, and there's yet to be a need for antivirus there.

Factor the price of an antivirus subscription into every Windows machine you're running, and maybe non-programming businesses could switch to Google products in place of Windows.

Re:Google AV... baked in with every product.

ChromeOS doesn't need an antivirus because noone is writing anything targeted for an OS that 10 people use.

Re:Google AV... baked in with every product.

Um, like half of the top 10 selling laptops on Amazon are Chromebooks. And it's been that way for more than 2 years.

Re:Google AV... baked in with every product.

Just because they're sold doesn't mean they actually get used.

A lot of those sales are probably accidental purchases. For example, suppose somebody who isn't all that technical (which is still most people) wants to buy a low-end Windows laptop. They go to Amazon, and see some laptops on there for $200. They like that price, but they don't realize that ChromeOS isn't Windows. Even if they know or notice that there's a difference, they probably don't realize just how crippled ChromeOS is. They buy the laptop, and it arrives several days later. They start using it, find that it can't run their Windows programs, and it's otherwise useless. Not wanting to go through the hassle of returning it, or perhaps out of embarrassment for a bad purchase, they just stick the Chromebook in a drawer and forget about it. Or perhaps the Chromebook was given as a gift, and the recipient can't return it even if they wanted to.

Some of the purchases are probably by more technical people who end up installing a real Linux distro on these Chromebooks, so they can use them as cheap, throw-away laptops. I know one fellow who bought one before he did some traveling, because he didn't want to risk damaging or losing his normal laptop. He wouldn't care so much if his $200 Chromebook got damaged or lost. He would care if his $2800 rMBP got damaged or lost, though. As soon as he was done traveling, he went right back to his MacBook, and his Chromebook sits unused.

And I know there are a token number of Google fanatics who actually try to use their Chromebooks with ChromeOS. They'll rail on about how "great" ChromeOS is, even though they end up using their Windows laptop most of the time for anything aside from web browsing.

Don't be deceived by what you see on Amazon. It very well may not be the real picture.

Re:Google AV... baked in with every product.

Just because they're sold doesn't mean they actually get used.

A lot of those sales are probably accidental purchases. For example, suppose somebody who isn't all that technical (which is still most people) wants to buy a low-end Windows laptop. They go to Amazon, and see some laptops on there for $200. They like that price, but they don't realize that ChromeOS isn't Windows. Even if they know or notice that there's a difference, they probably don't realize just how crippled ChromeOS is. They buy the laptop, and it arrives several days later. They start using it, find that it can't run their Windows programs, and it's otherwise useless. Not wanting to go through the hassle of returning it, or perhaps out of embarrassment for a bad purchase, they just stick the Chromebook in a drawer and forget about it. Or perhaps the Chromebook was given as a gift, and the recipient can't return it even if they wanted to.

Some of the purchases are probably by more technical people who end up installing a real Linux distro on these Chromebooks, so they can use them as cheap, throw-away laptops. I know one fellow who bought one before he did some traveling, because he didn't want to risk damaging or losing his normal laptop. He wouldn't care so much if his $200 Chromebook got damaged or lost. He would care if his $2800 rMBP got damaged or lost, though. As soon as he was done traveling, he went right back to his MacBook, and his Chromebook sits unused.

And I know there are a token number of Google fanatics who actually try to use their Chromebooks with ChromeOS. They'll rail on about how "great" ChromeOS is, even though they end up using their Windows laptop most of the time for anything aside from web browsing.

Don't be deceived by what you see on Amazon. It very well may not be the real picture.

and you are ?

Re:Google AV... baked in with every product.

[kangsterizer]

Err Windows contain a very good antivirus by default. Its actually better than anything you can buy.
Not only that - but using Google-only products drives you to an ecosystem that is going to be worse than Windows ever was.

Arguably, Windows, will all of its shortcomings was and still is pretty damn open.
Not in code, but in APIs, tools, etc. That's actually how it won so much marketshare in the 90's. (its now also getting more and more open in code, tho).

ChromeOS on the other end, is pretty closed. You want a kernel driver? Dream on. If you don't make your own hardware, or don't use Google-approved hardware, you're out of luck, it will not work and you can't make it work without rooting the machine (ie you can't sell or even give away that product to customers).

You want to customize some API? Dream on. This one is impossible without replacing the OS.

All this is trivial on Windows (and regular Linux, or even OSX, for example).

Re:Google AV... baked in with every product.

Err Windows contain a very good antivirus by default. Its actually better than anything you can buy.

Err no it is not better than anything you can buy.

Take a look at some of the reports here: http://www.av-comparatives.org/
MSE is one of the worst out there!

Re:Google AV... baked in with every product.

What are you on about? ChromeOS is open source. You want to modify some component of it? Go nuts. I'd like to see you make changes to the Windows API.

Re:Google AV... baked in with every product.

LOL!

Windows Defender/MSE is rated as the worst AV software, free or commercial.

Re:Google AV... baked in with every product.

Who pays for an AV solution? home users should be using the builtin one or one of the many good free ones. Business pay at most a couple of bucks a user and they pay that for the additional management products.

Re:Google AV... baked in with every product.

[bloodhawk]

If your business is so simple that you can operate in a browser then you can just as easily lock down a windows machine to only let the browser run, hell you don't even need to use ie or AV software then if you do it correctly.

Re:Google AV... baked in with every product.

[bloodhawk]

No it isn't, the reports are heavily biased as they test for areas that MSE isn't designed to address, as an AV product it is excellent however you should combine MSE (anti virus) with an antimalware product (like malwarebytes) depending on what you are using your machine for.

Re:Google AV... baked in with every product.

There are like about a couple of dozen models of Chromebook laptops, there are thousands of models of windows laptops. each windows one could sell only 10% of chromebook numbers and they would still be obliterating them in numbers.

Re:Google AV... baked in with every product.

[The+New+Guy+2.0]

If you're browser-only... why do you need Windows? Linux/Chromium seems able to handle that.

Come work for us (without the perks of employment)

Good way of indirectly hiring security testers at far below market rates.

*Note: I am not having a go at Google here. I genuinely think this is an interesting way to find out what the market will bear in terms of contracting rates.
Will free up the market as their will be no (or at least less) HR / legal / etc interference. Just putting a contract out there and someone can get straight to work.

Women-only or can anyone apply ?

Google are in the sexist organisation code.org, so can anyone tell me if this competition will also be open to men ?

Tax all mobile apps to pay others to find all bugs

The chain is as strong as the weakest link.

Re:Ask yourselves these questions... apk

Can ghostery/adblock do 17 things hosts do for speed, security, & reliability:

Yep, sure can.

That's $7500 each

Wow, a pittance of $7500 each - so much for having a career as a security researcher. I'd sell the bugs to Romanian criminals and make some real money.

leet

Anyone else notice the prices are 'leet and elite?

7h47'5 5w337

I wish I was 1337 so that I could get paid from leet to eleet
**Grant amounts will vary from $1,337 USD up to $3,133.7**

I'm do 'em 1 better (I stop ad infections)

APK Hosts File Engine 9.0++ SR-1 32/64-bit:

http://start64.com/index.php?o...

FREE & adds speed, security, + reliability, doing more with less, more efficiently vs. addons + fixes DNS' redirect security issues:

---

A.) Hosts do more than:

1.) AdBlock ("souled-out" 2 Google/Crippled by default http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/... )
2.) Ghostery (Advertiser owned) - "Fox guards henhouse" http://en.wikipedia.org/wiki/G...
3.) Request Policy -> http://yro.slashdot.org/commen...

B.) Hosts add reliability vs. downed/redirected dns (& overcome site redirects e.g. /. beta).

C.) Hosts secure vs. malicious domains too -> http://tech.slashdot.org/comme... w/ less "moving parts" complexity

D.) Hosts files yield more:

1.) Speed (adblock & hardcodes fav sites - faster than remote dns)
2.) Security (vs. malicious domains serving malcontent + block spam/phish & trackers)
3.) Reliability (vs. downed, Kaminsky redirected (99% ISP DNS' = unpatched vs. it), DGA, Fastflux, & dynDNS botnets)
4.) Anonymity (vs. dns request logs + dnsbl's).

---

* Hosts do more w/ less (1 file) @ faster levels (ring 0) vs redundant inefficient addons (slowing slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ os, & 1st net resolver queried w\ 45++ yrs.of optimization).

* Addons = more complex + slow browsers in messagepassing (use a few concurrently & see) & are nullified by native browser methods - It's how Clarityray's destroying Adblock.

* Addons slowup slower usermode browsers layering on more - & bloat RAM consumption + excessive cpu use too (4++gb extra in FireFox https://blog.mozilla.org/nneth...)

(Instead, work w/ a more capable native kernelmode part you already have - hosts (An integrated part of the ip stack))

APK

P.S.=> "The premise is quite simple: Take something designed by nature & reprogram it to make it work for the body rather than against it..." - Dr. Alice Krippen: "I am legend"

...apk

No, it can't (true story)

Result? W. Palant RAN after he wrote me by email 1st saying "hosts are a shitty solution" to which I replied:

"Show us adblock can do more for added speed, security, reliability, & anonymity than hosts can, + that adblock does it more efficiently than hosts"

Which on my latter 'point-in-challenge' on efficiency AdBlock's proven by research to be MASSIVELY inefficient -> https://blog.mozilla.org/nneth... & adblock does FAR less than hosts (especially crippled by default).

I sent Wladimir Palant that challenge in response to his statement from 2 different email addresses I use!

Result = Still no answer from him in regard to my challenge put to him to this very day MONTHS later - that tell you anything? It did me!

He knows his addon is less efficient & features laden by FAR vs. hosts - Wladimir Palant RAN like a scared rabbit!

ClarityRay's also DESTROYING AdBlock - via native browser methods to DUMP what addons you use (it can't DO THAT to hosts files).

I only tell it how it is on hosts' superiority vs. AdBlock - Funny part is, Wladimir Palant running does too!

Especially considering "Almost ALL Ads Blocked" has 'souled-out' -> Google & Others Pay Adblock Plus To Show You Ads Anyway: http://news.slashdot.org/comme... & ABP too http://finance.yahoo.com/news/...

APK

P.S.=> Bottom-Line: Hosts = a superior solution that also fixes DNS redirect security issues (vs. browser addons & their inefficiencies + messagepassing overheads as well as myriad lack of abilities hosts have from 1 file that's part of the IP stack itself - faster, more efficient, & less redundant as well, since TCP/IP has 45++ yrs. of refinement & optimization in it, & runs in a higher CPU serviced ring of privelege & operations in kernelmode vs. slower usermode layering over browsers slowing them more, & hosts = 1st resolver queried by the OS itself also)... apk

Ask yourselves these questions

Can adblock do 16 things hosts do for speed, security, & reliability:

1.) Protect vs. malicious sites/servers (beyond malicious ads: See 2-10 next)
2.) Protect vs. fastflux botnets + stop communication to C&C servers
3.) Protect vs. dynamic dns botnets + stop communication to C&C servers
4.) Protect vs. DGA botnets + stop communication to C&C servers
5.) Protect vs. downed DNS (adds reliability)
6.) Protect vs. DNS redirect poisoned dns
7.) Protect vs. trackers
8.) Protect vs. spam
9.) Protect vs. phishing
10.) Protect vs. bandwidth caps
11.) Get you past a dnsbl
12.) Keep you off dns request logs
13.) Speed up websurfing by adblocks & hardcoded fav. sites
14.) Work on ANY webbound app (think stand-alone email programs) multiplatform.
15.) Give you easily texteditor controlled data for the above
16.) Do all that & block ads (better than addons) more efficiently in cpu cycles + memory usage

* "?"

APK

P.S.=> ANSWER ="NO" to each above on AdBlock doing it as well or at all!

AdBlock does far less than hosts do & less efficiently - hosts by way of comparison, do MORE w/ less + Hosts start (as 1st resolver queried) w/ the IP stack before REDUNDANT inefficient addons BEGIN to operate:

AdBlock's 4++gb & 100% CPU usage flooring inefficiency -> https://blog.mozilla.org/nneth... + ClarityRay defeats it + it 'souled-out' & is crippled by default paid off to not do its job http://techcrunch.com/2013/07/... & ABP too http://finance.yahoo.com/news/...

AdBlock adds complexity/room for breakdown/exploit + from a slower mode of operations (usermode = more messagepassing overheads vs. hosts in kernelmode).

For the BEST hosts file?

APK Hosts File Engine 9.0++ SR-1 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk