Shellsec / Hacking / Artikler v / Hacking News - Google warns Microsoft and Apple: fix the vulnerability..

Tråd bedømmelse:
  • 0 Stemmer - 0 Gennemsnit
  • 1
  • 2
  • 3
  • 4
  • 5
Visning af Tråd
Hacking News - Google warns Microsoft and Apple: fix the vulnerability..
14-02-2015, 13:02 (Denne besked var sidst ændret: 14-02-2015, 23:19 af Doctor Blue.)
#1
Spagnum er Offline
Arrangør
*****
 		Indlæg: 681
Registreret: Mar 2013
Omdømme: 24
Hacking News - Google warns Microsoft and Apple: fix the vulnerability..
hackingnews.com Skrev:Google said that its elite team consisting of hackers and programmers search security deficiencies of its software applications and other companies, Google warning that if its competitors will not eliminate vulnerabilities within 90 days, then they will make public.
Google claims that software vendors must act quickly because cybercriminals act with lightning speed when identifying errors, according to Bloomberg.

Microsoft and Apple declined to comment on this sensitive subject, while other members of the industry say that Google team usurp a recurring role best government authorities.

I’m not sure who made Google the official referee of the marketplace for vulnerability notification,” said John Dickson, a principal with software security company Denim Group Ltd. in San Antonio. He said pressuring companies to fix flaws is a good idea, but “what noble motives they had in mind could be called into question given the fact that they essentially outed vulnerabilities for two of their biggest rivals.

If these companies can’t even get along, that’s just bad for security for the whole ecosystem,” said Jake Kouns, chief information security officer for Risk Based Security Inc. in Richmond, Virginia.

Google founded this team last July and named it “Project Zero” after the much-dreaded “zero day”, security deficiencies may be exploited by malevolent before developers need to know

Update : “We support a variety of efforts, including Project Zero and our Security Reward Programs, to find and fix online threats,” Aaron Stein, spokesman for the Mountain View, California-based Google said in an e-mail.
http://www.hackingnews.com/cyber-crime/g...-disclose/
Don't learn to hack, hack to learn
Find alle beskeder fra denne bruger
Citer denne besked i et svar
15-02-2015, 01:31 (Denne besked var sidst ændret: 15-02-2015, 01:32 af iTick.)
#2
VIPiTick er Offline
x64 has PIC
****
 		Indlæg: 650
Registreret: Jul 2013
Omdømme: 47
RE: Hacking News - Google warns Microsoft and Apple: fix the vulnerability..
Jeg kan nu godt forstå Google, selv om de inden for kort tid, har frigivet 3 0-days til Windows.
Det er så fjernt for mig at forstå, at et kvart år, ikke er nok for Microsoft, til at lukke et hul.
Ok, en sjælden gang i mellem, er det en designfejl, og det kan være lidt svært at rette. F.eks. den "nye" JasBug, som nogle sikkert har kendt i flere år.
Blackhats følger godt med i hvad der sker rundt omkring. Og mange af dem, rapporterer ikke deres 0-days, de holder dem for sig selv, så de ikke bliver patched for hurtigt. Så finder Google et hul, burde Microsoft bukke i støvet, og se at få lukket hullet i en fart.
Det er heller ikke kun blackhats, der bruger disse 0-days. Virksomheder som Vupen tjener kassen på at sælge dem til andre virksomheder. Selv Kevin Mitnick er begyndt på det ræs.

Det vælter ud med huller dagligt, og de fleste offentliggjorte kan ses på http://www.securityfocus.com/vulnerabilities
---
Writing a shellcode decoder stub in assembly is like talking gibberish in such a way that it is still perfectly intelligible. - iTick
Besøg denne brugers hjemmeside Find alle beskeder fra denne bruger
Citer denne besked i et svar
« Ældre | Nyere »




User(s) browsing this thread: 1 Gæst(er)
Kontakt os | Shellsec | Vend tilbage til toppen | Let (arkiv) udseende | RSS synkronisering |