GoTenna Gives Work-Around for Smartphone Dead Zones
| |||
 Smartphone users often become used to the frustration of sitting in a dead zone with no Wi-Fi or data service. But if a New York City start-up has its way, those times will be a thing of the past. GoTenna is taking pre-orders for its flagshiphardware product, which it says will let smartphone users communicate via their own closed network much like a high-tech pair of walkie-talkies.GoTennas are sold in pairs. One user keeps an antenna nearby (in a pocket or backpack -- something within 20 feet of a phone) and it connects to his or her iOS or Android phone via Bluetooth low energy, or Bluetooth LE. A second user does likewise.If the two antenna holders are separated, the goTennas create a closed network using low-frequency radio waves, and users can send messages to one or more goTenna users without connecting to a telephony network or Wi-Fi. The company says no messages are stored on a server, guaranteeing user privacy. A free app provided with the antennas is used to type a text message or share a location. That message travels from smartphone A to goTenna A to goTenna B, then to smartphone B -- all in milliseconds. The provided app also offers offline maps and full messaging capabilities. Range Varies The range offered by goTenna depends on the user’s location and nearby topography or environment. The company offers an interactive module on its Web site that simulates what to expect in various environments and elevations. GoTenna says the antennas can reach 50 miles in range if they’re in the right location. That range narrows down to a few miles in congested urban environments. The goTenna battery will last around 72 hours with intermittent use and around 30 hours if it’s on constantly, according to the company. When turned off, it can hold a charge for more than a year. The developers say the product was borne of frustration reaching friends and family via smartphone even when they were in areas that presumably should have solid reception. They say one application for goTenna is in emergency situations -- company co-founders Daniela and Jorge Perdomo came up with the idea during Superstorm Sandy in 2012. We asked CEO Daniela Perdomo why nobody else has thought of this idea before. "There is something of an innovation paradox when it comes to goTenna's technology," she said. "We're marrying old, not-very-sexy RF engineering with the modern smartphone, and making them both better in the process." Daniela serves as the company CEO while her brother works as CTO. Units Selling Fast The Perdomos developed goTenna using their own money, then raised $1.8 million in seed funding last year. Among their backers were Bloomberg Beta, Andreessen Horowitz and MentorTech Ventures. A crowdfunding pre-sale aimed to earn $50,000 with goTenna. While the company wouldn’t disclose how many units it had sold in the pre-sale, "we can tell you that we reached our $50,000 campaign goal in 2-1/2 hours," said Daniela Perdomo. The antennas sell for $150 per pair during the pre-order period, but the price will double once the discounted units are sold out. The units will ship in the fall. | |||
Monday 28 July 2014
Yammer Moved to Office 365, Co-Founder Leaves Microsoft
By Barry Levine
| |||||||||||||||||||||||||
Related Topics
Latest News
| Microsoft is moving its Yammer product into its Office 365 and Outlook development teams. And Yammer co-founder and chief executive David Sacks announced Thursday that he is leaving Microsoft.Since it bought Yammer two years ago for $1.2 billion, Microsoft has been integrating Yammer into its products as a key business collaboration tool. "Thank you to my current and former YamFamily for six great years and to Microsoft for the last two," Sacks tweeted on Twitter. "I look forward to new adventures." 'A Major Tool' He also sent out a long e-mail to Microsoft employees, saying that Yammer's central belief has been that "social networking would become a major tool for enterprise communication." In a statement, Microsoft thanked Sacks for his commitment to Yammer and Microsoft and wished him the best in his future endeavors. The marketplace is now filled with business collaboration tools, including Jive, Salesforce's Chatter, Convo, VMware's SocialCast, and others. Microsoft CEO Satya Nadella has said that workplace productivity is a central focus at his company, but he has also talked about streamlining the company. The cloud-hosted Yammer allows businesses to establish intranets and extranets with profiles, activity streams, file sharing, discussion forums, blogs and messaging. A key question is how Microsoft sees Yammer at this point. The other Yammer co-founder, Adam Pisoni, told Business Insider that the tech giant now sees Yammer as a "freemium on-ramp to other Microsoft services," instead of the basis for a new collaborative framework for productivity. Yammer for Schools A "Yammer North" unit was created last year to integrate Yammer into Redmond, and to impart some of the dot-com pacing for software releases into the mother ship. Instead of Microsoft's quarterly software updates, for instance, Yammer, like many Net-based startups, updated its software very frequently and responded to feedback from users. The idea was to combine Yammer's sense of speed with Microsoft's sense of scale. Charles King, an analyst with industry research firm Pund-IT, told us that, since "social networking as it applies to business is primarily a collaborative tool, [the place] to put it is with other collaborative tools, like Office 365." "In that way, the move makes sense," he said. However, King asked, "Did Microsoft need to pay $1.2 billion for something they've now [stuck] into Office 365?" Earlier this month, Microsoft announced that it was bundling Yammer with the Office 365 versions for schools and midsize businesses. This allowed subscribers of Office 365 Midsize Business and Office 365 Education to get Yammer/Enterprise edition for free. "This simple licensing change, significantly reduces the friction in cross-organization collaboration and will enable your users to work with customers, partners, and parents and students without having to worry about additional costs," said Enterprise Social GM Jared Spataro in a post on Office Blogs. The company announced in November that Yammer Enterprise was being added to all Office 365 Enterprise plans. | ||||||||||||||||||||||||
Scientists Crush Diamond with Laser
For the first time, physicists have been able to simulate here on Earth the pressure you might find at the center of Saturn. In a new study, scientists slammed a tiny sliver of a diamond with the most powerful laser system in the world, compressing the diamond to the density of lead. The goal: to generate conditions that are relative to planetary cores. | |
| Scientists are trying to determine what happens to matter when it is exposed to the immense pressures at the center of gas giant planets and stars. And to help them figure it out, they have hit a tiny sliver of a diamond with the largest laser system on Earth."The goal of the shots is to try and create planetary core conditions on Earth," said Ray Smith, a physicist at Lawrence Livermore National Laboratory. "And by that I mean very high pressure and relatively low temperature." Up until 15 years ago, it was expected that if you compressed materials to very high pressures they would behave in a manner very easy to understand, Smith explained. The general thinking was that if you imagine atoms as balls, those balls would simply get closer together at very high pressures. But most scientists don't think that way anymore. Instead, the theoretical consensus is that matter behaves in a much more complicated way at high pressures -- but there haven't been experiments that can back up those theoretical predictions. But now, for the first time, Smith and his colleagues have been able to simulate here on Earth the pressure you might find at the center of Saturn. In a new study in Nature, they describe how they slammed a tiny sliver of a diamond with the most powerful laser system in the world, compressing the diamond to the density of lead. "The initial goal, which we achieved, is to generate conditions that are relative to planetary cores," said Smith, lead author of the paper. "The expectation is that we will get these really weird states of matter." The diamond sliver that got hit with the laser was tiny -- 3 millimeters by 0.2 of a millimeter. It was attached to the outer wall of a small gold cylinder 1 centimeter tall and half a centimeter wide that in turn was placed in a high-tech spherical vacuum chamber 32 feet in diameter. (Itty-bitty cylinder, great big chamber.) The entire setup is part of the National Ignition Facility, or NIF, at Livermore, and it is so futuristic-looking it stood in for the Enterprise's warp core in the movie "Star Trek Into Darkness." The NIF was designed to do nuclear fusion experiments, but for a short amount of time Smith and his team were able to use it to put the highest pressure ever possible into their diamond sample. Over the course of the experiment, the diamond sliver was exposed to 50 million times Earth's atmospheric pressure. To put that in perspective, the pressure at the deepest parts of our oceans is about 1,000 times atmospheric pressure. If you go to the center of the Earth where our planet's iron core resides, it is 3.6 million times atmospheric pressure. | |
HP Drops $50M on Hortonworks' Hadoop
| |||
| Continuing to walk the walk when it comes to addressing the big data needs of its enterprise customers, Hewlett-Packard has invested a whopping $50 million in Hadoop distributor Hortonworks.The partnership will help speed the adoption of Enterprise Apache Hadoop by integrating the Hortonworks Data Platform with the HP HAVEn data processing stack. The HAVEn platform is comprised of software, services, and hardwarethat analyze 100 percent of an enterprise's data -- structured and unstructured -- so executives can make the best decisions for their businesses. The open-source Apache Hadoop is a framework for processing large data sets. It is intended to provide insights into large stores of structured and unstructured data. Hortonworks was founded in 2001 by members of the original Hadoop development and operations team at Yahoo. Additionally, the companies will integrate their engineering strategies and work together to enable HP customers to deploy the Hortonworks Data Platform as the Hadoop component of HP HAVEn. Understanding, Using Data is Key HP will also work to certify HP Vertica with Apache Hadoop YARN, the architectural center of Hadoop 2.0. YARN, a cluster resource management layer whose acronym stands for Yet Another Resource Manager, was released last October. It allows Hadoop to do more than just batch-oriented tasks because computing clusters can be allocated as needed to match workloads. "The ability to understand data and put it to effective use is now more crucial than ever," said Colin Mahony, general manager of HP Vertica. Mahony said Hortonworks has consistently addressed thebusiness and technology needs of its customers in this new era of information and data. "And we look forward to partnering with the Hortonworks team to deliver innovative big data solutions to our customers," he added. Hortonworks CEO Rob Bearden said his company was looking forward to working with HP to help their joint customers move to a more modern data architecture. "Through deep integration with Enterprise Apache Hadoop, HP customers will be able to easily build their next generation of applications with the Hortonworks Data Platform," Bearden said. HP CTO Joins Hortonworks Board The enhanced partnership comes with an added bonus for HP: a seat on the Hortonworks board of directors, to be filled by Martin Fink, executive vice president and chief technology officer at HP. This will allow the companies to work together more efficiently on Hadoop strategies. As the leader of HP's cloud business, Fink is helping move the industry to cloud-based provider and consumption models. During his nearly 30 years at HP, Fink has led the company's open-source and Linux strategies. Fink said joining forces with Hortonworks demonstrated HP's continued commitment to open-source technology for the enterprise. "I'm excited to be able to partner with the Hortonworksleadership team to help them deliver flexible, tailored, open solutions to customers on the industry's most powerful big data platform," he said. | |||
Will OS X Yosemite Bring More Grief for Apple?
For those willing to brave the possible bugs in an unfinished operating system, Apple's beta version of OS X Yosemite can be installed on any Mac running Mavericks. The beta is free to download, as will be the full update in the fall. Yosemite will replace Apple's Mavericks OS X, which has been plagued with complaints from users. | |
| Apple released to the public the beta version of its OS X 10.10 Yosemite operating system on Thursday. The beta had already been released to developers, but is now open to a limited number of Apple users, marking the first time since 2000 that Apple has made a Mac OS open to the public prior to its completion.Yosemite, which is set to launch this fall, is the successor to Apple's Mavericks OS, which has been plagued with problems since it launched last October. Complaints from users include problems with installation, the Mail app and support for multiple monitors, as well as numerous other issues. Yosemite was announced at Apple's Worldwide Developer Conference in San Francisco in June, and is said to support increased integration with Apple's iOS for mobile devices. The company released the fourth preview version of the OS to developers on July 21. A Million Guinea Pigs The public beta is limited to the first million users who sign up. Although Apple fans will have the opportunity to check out Yosemite's new look, some functionality such as making iPhone calls from your Mac or turning your iPhone into a hotspot for your Mac, will remain unavailable for now. For those willing to brave the possible bugs in an unfinished piece of software, the beta can be installed on any Mac running Mavericks. The beta is free to download, as will be the full update in the fall. Users can sign up for the beta program using their Apple IDs. Included among the improvements are a flatter look inspired by the current iOS design, an enhanced toolbar, changes to the way notifications work, and file-sharing with mobile devices through the AirDrop program, similar to the way Dropbox works. Party Like It's 1999 Opening the latest OS beta to the public may give Apple a better shot at avoiding the problems and bad press that plagued Mavericks and the much derided iOS 7 update. However, the company appears to be looking to further integrate the styling of the two operating systems, with screenshots from Yosemite indicating that icons in 10.10 will sport the flatter look of recent iOS updates. Apple hasn't released a public beta of an operating system since the introduction of OS X in 2000. Then, eager users could have a copy of the beta version mailed to them on a CD-ROM for $30. The company's latest move comes amidst allegations that security backdoors in iOS could allow surveillance and law enforcement agencies such as the National Security Agency to access user data stored on the company's 600 million mobile devices. Cupertino has denied the accusations, saying that data cannot be transmitted to third parties without user consent. Apple said it had "never worked with any government agency from any country to create a backdoor in any of our products or services." The company has also been accused by Chinese journalists of collecting information on user locations within that country. The security researcher who uncovered the backdoors, Jonathan Zdziarski, said he believed the vulnerabilities were unintentional weaknesses on Apple's part, rather than the result of overt cooperation with the NSA. "I am not suggesting some grand conspiracy," Zdziarski said in a blog post. "There are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer." | |
EU Poses 26 Questions on 'Right To Be Forgotten'
By Dan Heilman
| |||||||||||||||||||||||
Related Topics
Latest News
| Google, Bing, Yahoo! and the European Union are playing a game of 20 Questions. Except that it's 26 questions, and it's no game. European Union privacy watchdogs had representatives from Google and other search engines on the hot seat Thursday over how, and if, they're implementing the EU's guidelines over Internet users' "right to be forgotten."The EU wants Google, Yahoo! and Bing to set up a system that will manage requests to take down links to outdated or irrelevant information about search-engine users. To nudge the process along, the EU's national data-protectionregulators met with representatives from the three search giants in Brussels on Thursday. The regulators asked six questions orally and gave the three companies until next Thursday to answer 26 further questions submitted in writing. Details Wanted The issue of the right to be forgotten has only been in the news for a couple of months. In May a European court ordered Google to delete links to information about a mortgage foreclosure after the party involved argued that the information had become irrelevant. Christina Warren, senior tech analyst for Mashable.com, told us the questions are a way for the EU to figure out how to make guidelines that can be enforced -- but that they should have been asked before a ruling went into effect, not after. "Google was able to choose its method of implementation," she said. "One could argue that any official guidelines won't be strong enough to protect EU citizens, because Google set the initial bar for what they would do themselves." The questions asked during Thursday's meeting touched on such topics as the information the search engines request from a data subject before considering a delisting request; and whether Web site publishers are notified of delisting, and under which legal basis that notification is done. The 26 questions calling for a written response were more specific. A report in The Wall Street Journal listed the questions as worded, and they included: -- Do you ask for a proof of identify or some other form of authentication and if yes, what kind? -- Do you have any automated process defining if a request is accepted or refused? -- Will you create a database of all removal requests or removal agreements? Realistic? Google said at the meeting that to date it had received 91,000 delisting requests regarding 328,000 links to Web addresses, and that over half the requests had been granted. It has rejected just over 30 percent of the requests, and asked for more information on 15 percent. Bing and Yahoo! have received significantly fewer requests. The information gathered at the meeting will be used to create guidelines for data protection authorities. The guidelines are expected before the end of the year. But Warren believes the EU's priorities in this matter are already misplaced. "One of the most difficult things about this law is that it doesn't appear that the regulators fundamentally understand the technology and what is entailed in indexing a site or a search query," she said. "I'm not sure if any of Google's answers will be able to convey the realities of how search engines work to the regulators, or if that will have any impact on how they say the implementations should work." | ||||||||||||||||||||||
Watson Gets His First Customer Service Gig
| |||
| IBM's Watson supercomputer, made famous by beating two expert humans on the TV game show Jeopardy, has since been making his living by using his super-intelligent knowledge base for business verticals, like medicine. Now, IBM is working with financial services provider USAA to employ Watson in his first consumer-facing role.USAA specializes in offering services to current and former members of the U.S. military. The Watson Engagement Advisor pilot program is designed to assist military men and women transition to civilian life through natural language-based remote access to the supercomputer. Soon-to-be-civilian military personnel who are USAA members will be able to ask the ex-Jeopardy champ questions relating to making the transition. According to Big Blue, Watson has been spending his spare time digesting and analyzing over 3,000 documents on transition-related subjects, including USAA's business data, so he apparently knows something about the subject. Understands Context Possible topics of inquiries could include job searching, moving, insurance, home buying, or military benefits. The project is intended to help define the ways in which a digital assistant -- who learns as he interacts and as he is asked to find connections -- can gain value and provide quality advice. One way Watson differs from a regular search engine or a directory is that he is designed to understand the context around questions that people ask. Visitors to the USAA Web site will be able to type in questions and receive answers from Watson, and he can also direct them to Web pages with relevant information. Mike Rhodin, SVP of the IBM Watson Group, said in a statement that, through this pilot, "we expect to learn how intelligent assistants like IBM Watson can help service members who may not know exactly where or how to start the daunting transition process." 155,000 Military Personnel Watson will certainly be kept busy. About 155,000 military personnel move from active duty to civilian life every year. IBM and USAA said that typical questions might be, "Can I be in the reserve and collect veteran's compensation benefits?" or "How do I make the most of the post-9/11 GI Bill?" Inquiries can be made to Watson via a desktop or laptop computer, or through a mobile device. USAA is known for the quality of its customer service, so the addition of Watson has the potential to take that to a new level -- or diminish that reputation. USAA EVP of member experience Shon Manasco told news media, "Through this experience, we expect to learn how intelligent assistants like IBM Watson can help service members who may not know exactly where or how to start the daunting transition process." IBM is positioning this Watson Engagement Advisor as a service to help companies interact with customers. It said that the Watson remote service can be used to help customer service agents, or it can interact directly with customers over the cloud. Its key features, the company said, include using big data to make evidence-based decisions, and helping organizations better understand customers through patterns in their past histories. | |||
Wednesday 16 July 2014
Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers
Hacking wunderkind George Hotz’s latest gig: An intern on Google’s elite hacking team. 
Tribune Review, Andrew Russell/AP
Tribune Review, Andrew Russell/AP
When 17-year-old George Hotz became the world’s first hacker to crack AT&T’s lock on the iPhone in 2007, the companies officially ignored him while scrambling to fix the bugs his work exposed. When he later reverse engineered the Playstation 3, Sony sued him and settled only after he agreed to never hack another Sony product.
When Hotz dismantled the defenses of Google’s Chrome operating system earlier this year, by contrast, the company paid him a $150,000 reward for helping fix the flaws he’d uncovered. Two months later Chris Evans, a Google security engineer, followed up by email with an offer: How would Hotz like to join an elite team of full-time hackers paid to hunt security vulnerabilities in every popular piece of software that touches the internet?
Today Google plans to publicly reveal that team, known as Project Zero, a group of top Google security researchers with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software. Those secret hackable bugs, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. By tasking its researchers to drag them into the light, Google hopes to get those spy-friendly flaws fixed. And Project Zero’s hackers won’t be exposing bugs only in Google’s products. They’ll be given free rein to attack any software whose zero-days can be dug up and demonstrated with the aim of pressuring other companies to better protect Google’s users.
Google security engineer Chris Evans, who is recruiting top talent for Project Zero . Ariel Zambelich/WIRED
Ariel Zambelich/WIRED
“People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,” says Evans, a British-born researcher who formerly led Google’s Chrome security team and will now helm Project Zero. (His business cards read “Troublemaker.”) “We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.”
Project Zero has already recruited the seeds of a hacker dream team from within Google: New Zealander Ben Hawkes has been credited with discovering dozens of bugs in software like Adobe Flash and Microsoft Office apps in 2013 alone. Tavis Ormandy, an English researcher who has a reputation as one of the industry’s most prolific bug hunters most recently focused on showing how antivirus software can include zero-day flaws that actually make users less secure. American hacker prodigy George Hotz, who hacked Google’s Chrome OS defenses to win its Pwnium hacking competition last March, will be the team’s intern. And Switzerland-based Brit Ian Beer created an air of mystery around Google’s secret security group in recent months when he was credited under the “Project Zero” name for six bug finds in Apple’s iOS, OSX and Safari.
Evans says the team is still hiring. It will soon have more than ten full-time researchers under his management; Most will be based out of an office in its Mountain View headquarters, using flaw-hunting tools that range from pure hacker intuition to automated software that throws random data at target software for hours on end to find which files cause potentially dangerous crashes.
Google Vs. The Spooks
And what does Google get out of paying top-notch salaries to fix flaws in other companies’ code? Evans insists Project Zero is “primarily altruistic.” But the initiative–which offers an enticing level of freedom to work on hard security problems with few restrictions–may also serve as a recruiting tool that brings top talent into Google’s fold, where they may later move on to other teams. And as with other Google projects, the company also argues that what benefits the internet benefits Google: Safe, happy users click on more ads. “If we increase user confidence in the internet in general, then in a hard-to-measure and indirect way, that helps Google too,” Evans says.
This fits with a larger trend in Mountain View; Google’s counter-surveillance measures have intensified in the wake of Edward Snowden’s spying revelations. When the leaks revealed that the NSA was spying on Google user information as it moved between the company’s data centers, Google rushed to encrypt those links. More recently, it revealed its work on a Chrome plug-in that would encrypt users’ email, and launched a campaign to name which email providers do and don’t allow for default encryption when receiving messages from Gmail users.
When a zero-day vulnerability gives spies the power to completely control target users’ computers, however, no encryption can protect them. Intelligence agency customers pay private zero-day brokers hundreds of thousands of dollars for certain exploits with that sort of stealthy intrusion in mind. And the White House, even as it has called for NSA reform, has sanctioned the agency’s use of zero-day exploits for some surveillance applications.
All of that makes Project Zero the logical next step in Google’s anti-spying efforts, says Chris Soghoian, a privacy-focused technologist at the ACLU who has closely followed the zero-day vulnerability issue. He points to the now-famous “fuck these guys” blog post by a Google security engineer addressing the NSA’s spying practices. ”Google’s security team is angry about surveillance,” Soghoian says, “and they’re trying to do something about it.”
Like other companies, Google has for years paid “bug bounties”–rewards for friendly hackers who tell the company about flaws in its code. But hunting vulnerabilities in its own software hasn’t been enough: The security of Google programs like its Chrome browser often depend on third-party code like Adobe’s Flash or elements of the underlying Windows, Mac, or Linux operating systems. In March, Evans compiled and tweeted a spreadsheet, for instance, of all eighteen Flash bugs that have been exploited by hackers over the last four years. Their targets included Syrian citizens, human rights activists, and the defense and aerospace industry.
Colliding Bugs
The idea behind Project Zero, according to former Google security researcher Morgan Marquis-Boire, can be traced back to a late-night meeting he had with Evans in a bar in Zurich’s Niederdorf neighborhood in 2010. Around 4am, the conversation turned to the problem of software outside of Google’s control whose bugs endanger Google’s users. “It’s a major source of frustration for people writing a secure product to depend on third party code,” says Marquis-Boire. “Motivated attackers go for the weakest spot. It’s all well and good to ride a motorcycle in a helmet, but it won’t protect you if you’re wearing a kimono.”
Hence Project Zero’s ambition to apply Google’s brains to scour other companies’ products. When Project Zero’s hacker-hunters find a bug, they say they’ll alert the company responsible for a fix and give it between 60 and 90 days to issue a patch before publicly revealing the flaw on the Google Project Zero blog. In cases where the bug is being actively exploited by hackers, Google says it will move much faster, pressuring the vulnerable software’s creator to fix the problem or find a workaround in as little as seven days. “It’s not acceptable to put people at risk by taking too long or not fixing bugs indefinitely,” says Evans.
Project Zero bug hunter Ben Hawkes. Ariel Zambelich/WIRED
Ariel Zambelich/WIRED
Whether Project Zero can actually eradicate bugs in such a wide collection of programs remains an open question. But to make a serious impact, the group doesn’t need to find and squash all zero-days, says Project Zero hacker Ben Hawkes. Instead, it only needs to kill bugs faster than they’re created in new code. And Project Zero will choose its targets strategically to maximize so-called “bug collisions,” the cases in which a bug it finds is the same as one being secretly exploited by spies.
In fact, modern hacker exploits often chain together a series of hackable flaws to defeat a computer’s defenses. Kill one of those bugs and the entire exploit fails. That means Project Zero may be able to nix entire collections of exploits by finding and patching flaws in a small part of an operating system, like the “sandbox” that’s meant to limit an application’s access to the rest of the computer. ”On certain attack surfaces, we’re optimistic we can fix the bugs faster than they’re being introduced,” Hawkes says. “If you funnel your research into these limited areas, you increase the chances of bug collisions.”
More than ever, in other words, every bug discovery could deny attackers an intrusion tool. “I’m confident we can step on some toes,” Hawkes says.
Case in point: When George Hotz revealed his Chrome OS exploit in Google’s hacking competition last March to win the contest’s six-figure prize, another competition’s contestants had simultaneously come up with the same hack. Evans says he also learned of two other private research efforts that had independently found the same flaw—a four-way bug collision. Instances like that are a hopeful sign that the number of undiscovered zero-day vulnerabilities may be shrinking, and that a team like Project Zero can starve spies of the bugs their intrusions require.
“We’re really going to make a dent in this problem,” Evans says. “Now is a very good time to make a bet on putting a stop to zero-days.”
Google 'Project Zero' Team to Hunt Vulnerabilities
By Dan Heilman
| |||||||||||||||||||||
Related Topics
Latest News
| If it takes a thief to catch a thief, Google is hoping that it takes a hacker to catch a hacker. The search engine giant Tuesday announced a new initiative, Project Zero, that it hopes will cut down on targeted attacks. The company has put together a team to improve security across the Internet.Project Zero is a group of top Google security researchers whose mission is to track down and squelch software security flaws, called zero-day vulnerabilities by security experts. Zero-day bugs are exploited mostly by criminals, but also sometimes by state-sponsored hackers and intelligenceagencies. A prominent recent example is the "heartbleed" bug that made vulnerable large amounts of online data, including passwords. In announcing the initiative, Google pointed to zero-day vulnerabilities found in Adobe Flash Player that were used to target human-rights activists. Pressure Put on Developers Google's hope is that its researchers will help fix the flaws that lead to such breaches -- and not just in Google products. Project Zero's hackers will be free to attack any software whose vulnerabilities can be discovered and demonstrated. Google hopes that by doing so, it will pressure software developers to better protect Google's users. Google, like some other companies, has paid bounties in the past when users have discovered flaws in its code. But now, with the security of Google programs often depending on third-party code such as Adobe's Flash, the company feels the need to formalize its bug-hunting efforts. "You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications," wrote Chris Evans, a member of Google's security research team, in a company blog post. "Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage." A Chance to Make a Patch Although Google is still recruiting and hiring Project Zero team members, it's already assembled a group well known in security circles, including: Ben Hawkes, who has been credited with discovering numerous bugs in widely used software such as Adobe Flash and the Microsoft Office applications; American hacker George Hotz, who defeated Google's Chrome OS defenses to win the company's Pwnium hacking competition earlier this year; and Ian Beer, who was credited with finding six bugs Apple's iOS, OSX and Safari platforms. Google hopes to have at least 10 full-time hackers working in its Mountain View, California, headquarters. Google pledged that the work done under Project Zero will be transparent, with every bug filed and documented in a database. Bugs will be shown to the affected software vendor, and will be made public only after the vendor has had the chance to release a patch. "You'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," said Google's Evans. | ||||||||||||||||||||
Subscribe to:
Posts (Atom)