The Threat
A few years back Edward Snowden revealed that NSA has been spying on the internet users, compromising their identities as well as the highly confidential data. Clearly the data that we publish on the internet are no longer safer, we might not even know when our confidentiality has been compromised. The attacks are made by some professional hackers which are either highly funded by the terrorist organization or are hired by several companies which are looking forward to dominate in the market. These hacker attacks the vulnerabilities in the software or services, these vulnerabilities are particularly the flaws in the coding. Some good hackers manage to post those vulnerabilities to the web so that the vendors are aware of their fault and deploy the patch to fix that problem, every year more than thousands of attacks are made.
Google stepping in
Security being the top priority for Google, the search giant has introduced a PROJECT_ZERO which will ensure a zero-day attack.
Cybersecurity expert will form a team which will consist mostly of hackers all around the world, this team will analyze the vulnerabilities of the software or the services on the web not just those belonging to Google but also several other companies related to it such as in Google Chrome as far as the security is concerned services such as Adobe Flash Player will also be analyzed.
If found any bugs those vendors will be notifies in close real time and a warning will be mentioned in the public regarding the bug and the users will be aware of it, facility is provided to track down the bug-fix for user, also the bug will be filed in an external database. Google being the widely used search engine has now become the most common vector of attack through the web browser, but Google also have the strongest SSL encryption for search, gmail, drive and data moving between different data centre. According to the blog post made by the research herder Chris Evans, "Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100 percent of their time toward improving security across the Internet. We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis-and anything else that our researchers decide is a worthwhile investment."
Now the question arises what’s in it for the search giant, according to Chris Evans, research herder this project has been considered as “primarily altruistic”, other than this project can act as a recruitment tool hiring hackers all around the world.
Hackers Hackers all around the world
George Hotz a professional hacker known for breaking the AT&T’s lock in iPhone by developing an app and posted the bug online, he was also able to hack the Sony PlayStation 3 and also posted it online.
As soon as Edward Snowden revealed NSA spying on user’s information Google started working on that Chrome plug-in that encrypts user’s information.
Heartbleed- This is the most serious vulnerabilities in popular OpenSSL cryptography library due to this weakness in OpenSSL the information of user can easily be compromised. This bug allows anyone to steal information protected by the OpenSSL, the secret key used to encrypt traffic and to identify the service providers. With this the attacker can steal data, eavesdrop on communication directly from the service provider and the users. This bug has been fixed by deploying FIXED OPENSSL, this fix has been patched by every software, distribution, and appliance vendors, independent software vendors.
Like Google many other companies such as Microsoft and Yahoo have their bug bounty programs with which they hire some good hacker to attack the software and ferret out the bug and fix them.
No comments:
Post a Comment