Google Project Zero: Debugging the Internet
Google Project Zero: Google's special security research team looks into zero-day vulnerabilities in Google products and other software that touch the Internet. Microsoft's Windows 8.1 is the latest hit, with the team announcing bug to the public, two days before scheduled patch.
Microsoft has been mighty miffed these past couple of days, as Google's security researchers pointed out a security flaw on Windows 8.1 just two days before Microsoft could issue a patch.
The Windows 8.1 security flaw was first announced privately in the Google Security Research mailing list by a researcher (or hacker) named Forshaw, on October 13, 2014. Microsoft was then given 90 days to fix the problem, before the flaw would be made public, according to the team's protocol. The 90-day period passed and no patch was issued, but Microsoft Security Response Center senior director Chris Betz complained that he had requested that details on the vulnerabilities be kept under wraps until January 13, when the patch would be issued. There is cause to wonder if this is Google saying 'Gotcha' without protecting their customers. Google Project Zero: Behind the scenes
Google Project Zero has been somewhat controversial this past year, earning some flak for what critics saw as a marketing tool. Project Zero is Google's secret team of bug-hunting hackers, who are paid to look for security vulnerabilities in every single piece of popular software to touch the Internet. It is named after 'zero day', the computing term which means a previously unknown vulnerability in some software that can be attacked.
The research team has not been around for very long under this cool name: Google announced the team back in July, 2014. One of the team's members is the notorious genius 17-year-old George Hotz, who cracked AT&T's iPhone lock in 2007 and then went on to dismantle Google Chrome's defenses in early 2014.
The team is tasked with finding vulnerabilities in Google products as well as any insidious security flaws in software that could be exploited by state-sponsored hackers, criminals and intelligence agencies. The aim of the team is to pressure companies into protecting Google's users.
This ethos may be another 'altruistic' evidence of Google's latest efforts to make the Internet more user-friendly for users, not necessarily businesses. But there may be another reason for Project Zero – simply recruiting some of the finest minds to Google. Some critics see this as benefiting only Google, as black market prices for zero-day vulnerabilities go up with each bug exposed. The Project Zero Team
Besides the American Holtz, other members of this dream team include New Zealander Ben Hawkes who has discovered dozens of bugs in Microsoft Office apps and Adobe Flash in 2013, Swiss Brit Ian Beer who was credited with finding six bugs in Apple's Safari, iOS and OSX and English researcher Travis Ormandy who recently showed how antivirus software can actually have zero day flaws that make users less secure.
Want to be a part of this elite team? They might still be hiring if you are prodigy enough!
Follow