What is "Dream Team" Project Zero "gathered by Google's ultra-superior bug hunter and hacker's priests?


Increase traffic and bring down the systemDoS attackTry all combinations of passwords that seem to be applicable and break through ID authenticationPassword crackThere are various kinds of cyber attacks. Google is hard to defend even among cyber attacks on July 15 (Tuesday) on local timeZero Day AttackWe specialize in researching and developing measures "Project Zero"And announced the attitude to stand up against the cyber attack from the top.

Google Online Security Blog: Announcing Project Zero

Meet 'Project Zero,' Google's Secret Team of Bug-Hunting Hackers | Threat Level | WIRED

Zero-day attack is to set up an attack that exploits the vulnerability until vulnerability is discovered in software or system until patch is distributed. When a zero day attack is received, an attack is executed when the vulnerability is not corrected, so that software or system can not protect against attacks and may cause serious damage, and in March 2014 IsDamage of zero day attack by Microsoft WordI am encountering it.

ByAnonymous 9000

For zero day attack without effective countermeasures, Google established a security team called "Project Zero". To the team, Google's security experts gather, investigate software to identify vulnerabilities, and investigate countermeasures for zero day attack methods. Also, not limited to products of Google, if products with a large number of users are supported and investigated regardless of vendor and type.

Members of Project Zero include Ben Hawkes, who discovered vulnerabilities in Adobe Flash and Microsoft Office applications, Tavis Ormandy, a security researcher who has made numerous achievements for cyber attacks and is researching vulnerabilities related to anti-virus software , Experts on cyber attacks such as George Hotz, an award-winning hacker hacking Google Chrome's defense system, and Ian Beer, who has also discovered vulnerabilities in iOS / OS X / Safari I have a series of names.

ByDavid Goehring

What feels interesting is the price Google will receive from other companies. Mr. Chris Evans, Google security engineer, says that "Project Zero is completely altruistic", that is to say, to investigate the vulnerabilities of other companies' software victims. According to Mr. Evans, the safety of the Internet will increase the number of users, resulting in a profit to Google.

However, Wired says, "Project Zero is attractive to many security researchers, and Google has the advantage of being able to hire experts in the security field preferentially, and hired researchers will then be able to use other There is a possibility of being assigned to a department, "pointed out the merit that Google can obtain instead of researching other companies' software without charge.

When Project Zero discovered a vulnerability of another company 's software, we inform developers promptly of the vulnerability and give a delay of 60 to 90 days to create and distribute patch patches. If the patch is not distributed by the end of the grace period, we will publish that the vulnerability was discovered on Project Zero's official blog. When a hacker finds a vulnerability within the grace period, it is disclosed that "we can not put the user at risk", we will release the vulnerability within 7 days.


Whether Project Zero can discover vulnerabilities of all software released innumerably remains questionable, Hawkes, one of the members, said, "The software to be investigated is decided by a precisely-tailored strategy Even though we can not find all vulnerabilities, I think it is possible to give hackers a lot of shock. " Many vulnerabilities discovered by hackers are often present on the same line. If you discover and repair one vulnerability, it is possible to shut down multiple attacks on the vulnerability at once, so Project Zero Even if you can not find all vulnerabilities, there is always the possibility of preventing zero day attack beforehand.

According to Mr. Evans, Project Zero is promoting recruitment of experts who are members, and soon the members of the team will exceed 10 people. Actual activities of Project Zero, and what kind of movements hackers will exhibit against Project Zero, we are paying attention to future developments.

in Note,   Software,   Web Service, Posted by darkhorse_log