Home > other >  Decryption Project Zero: Google internal super hacker team
Decryption Project Zero: Google internal super hacker team

Time:10-03

The famous American science and technology media "wired" regular contributors Andy Greenberg (Andy Greenberg) recently wrote on Google (weibo) within the secret security team "Project Zero" has carried on the detailed, Greenberg said, almost all of the members of the team is the world's top Internet hackers, and the establishment of the team mission is to fight the global hackers, and lets users can be more confident to click on ads, and more comfortable life, enjoy the Internet
below is the article summary:

When George Hotz (George Hotz) in August 2007, successfully unlocking the iPhone, making the iPhone can be limited to the AT& T network, but also support other GSM network, including AT& T and apple, almost all companies are have intention to not intentional of neglect the existence of hotz, but left he had discovered devices, system leakage series,

After hotz said he spent in the blog for five weeks, clever apply some simple hardware changes and more complex software methods all memory read and write access to the PS3 system is obtained and the power of advanced control of the processor, in other words, he has cracked the PS3 system completely, and the practice of SONY is its formal sued to the court, and eventually in hotz promise not to break any SONY products under the premise of settlement,

Earlier this year, when hotz success find Google Chrome operating system vulnerabilities, Google instead of civil lawsuit against him, but given a reward of $150000, the former two months later, hotz received a letter from Google safety engineer Chris Evans (Chris Evans) offers email, who invited him to join Google's Internet security elite team, the team's main duty is to find exists in every corner of the Internet security vulnerabilities,

super hacker team

Recently, Google introduced herself first official foreign Internet safety Project "Project Zero" of the main case, it is understood that the team is mainly composed of Google's top internal safety engineer, and they only mission is to find, track and repair these global software security vulnerabilities, at the same time, the "Project Zero" processing by the security holes are usually belong to the category of "zero-day vulnerabilities", hackers or government organized team of hackers can use these vulnerabilities on the network to monitor operations, such as

Google said, "the Project Zero" team is not limited to seek system security vulnerabilities in the Google has its own products, because they will be looking for loopholes on any of the software product, after found a loophole, who are exposed to, and in this way to encourage companies to Google teamed up against hackers,

"People should be without having to worry about security holes or cases enjoy Internet privacy, and our team will be focused on to find out the high value of the security vulnerabilities, and eliminate it," Project Zero, who is responsible for the Google Chrome security team Evans said,

News pointed out that "Project Zero" has been drafted some elite personnel from inside the Google hacker and establish their own "dream team", for example, in 2013, found that exists in Adobe Flash and a large number of holes in the Microsoft Office of New Zealand humanistic - Hawkes (Ben Hawkes), the well-known "zero-day vulnerabilities killing" expert tower weiss - Mr Mandy (Tavis McCourt Ormandy), cracked Google Chrome OS George hotz and once found apple's iOS, OSX and mysterious Swiss Safari multiple vulnerabilities hackers Brett - Ian bell (Brit Ian Beer) are members of the team,

, Evans said the team is currently looking for work is still going on, and plans to more than 10 full-time Internet security researchers, most of them can not Google headquarters office, and use of target software professional search tool vulnerability scanning, thus found the vulnerability of the system is likely to contain, software design,

What really motivates

So, Google "Project Zero" for the construction of the team purpose is for the sake of what? , Evans said, Google hope that through this project the Internet become more safe, and can offer more freedom by working conditions to attract many top security personnel to join our company, because Google is always firmly believe that a more secure, happy environment of Internet use causes more assured users click on ads, and thus benefit the Google,

"As long as we can enhance the confidence of users on the Internet, so Google will also benefit by means of indirect," Evans said,

At the same time, Project Zero is uniquely with Google in recent years the development strategy, after "snowden event" exposure, Google has to strengthen the investigation of its own strategy, because snowden had revealed the national security agency in spying on Google user information, on the relevant link encryption, Google after recently, Google also in Chrome plug-ins ways for the user's E-mail is encrypted, and released a over what the email service provider agree or disagree to use this list of encryption approach,

The American civil liberties union chief technical expert Chris Soghoian (Chris Soghoian), said Google to build our "Project Zero" team is understandable, because Google security team for the government to monitor behavior has been very upset about this, they naturally want to be able to respond to this,

And, like many other companies, Google has also been found in reward for years of code of goodwill hackers, however, find the work seems to have their own software flaw is not perfect, because the product such as Chrome often need to rely on adobe Flash these third-party code to run, in March, Evans has even compiled a in the past four years by hackers found that 18 of the Flash hole forms,

block concept

According to former Google security researchers Morgan Marquis - bowie (Morgan Marquis Boire), according to the concept of "Project Zero" behind the team shape also traced back to 2010, he talks with Evans' in a midnight, at the time of about 4 o 'clock in the morning, two people are exploring beyond Google software defects and the defect of the impact of Google users,

"For many when writing secure software need to use a third party for the people of the code, it feels very depressed, because hackers can always attack you the weakest position, it's like wearing a kimono in you ride a motorcycle, I am afraid, even if wearing helmets cannot guarantee the security," bowie said,

Therefore, Google will hope that through "Project Zero" the wisdom of the team members to find a loophole exists in other products, after finding loopholes, the team will first warned of the software developers, and then to the other side of 60-90 days to fix bugs, then Google will be in "Project Zero" posted on the blog this loophole, Google said that in order to avoid these holes by hackers use, Google will usually put pressure on software developers, and urged its as far as possible within seven days to fix vulnerabilities,

"Take too long time, or to appear loophole inaction is unacceptable behavior," Evans said,

, of course, "Project Zero" team can completely eliminate the Internet safety problems at present we have not known, but Ben hawkes, one of the team members said, "Project Zero" team actually doesn't need to deal with each zero-day vulnerabilities, but according to the influence of vulnerability to selectively involved, this is mainly because now security holes are used by the hackers are usually not exist independently, but need to cooperate with other series of vulnerability to successfully conquer the computer's own defense, so the "Project Zero" usually only need to block one of the holes can make the whole hacker invasion plan fails,

"We will leave his mark in the field, and now also is to seal best zero-day vulnerabilities," Evans said finally, (Tom)
  • Related