Google announcing Project Zero

Discussion in 'other security issues & news' started by dogbite, Jul 15, 2014.

  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    "You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.
    ...
    Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks. We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet."

    http://googleonlinesecurity.blogspot.com.tr/2014/07/announcing-project-zero.html
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Sounds good, every little helps!

    This bottom bit sounds like a dig at Microsoft's NSA et al, exploit contributions.

     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    http://threatpost.com/google-project-zero-may-prove-a-big-win-for-security
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    http://arstechnica.com/security/201...find-zero-day-vulnerabilities-before-the-nsa/
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,083
    Location:
    Texas
  6. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    According to a Trend Micro report there is a prevalence of fake apps on Google Play Store.
    These fake apps are cleverly disguised to look and act like the real apps but loaded with malicious code.
    This report comes just as Google announced Project Zero.

    JD Sherry, vice president of technology and solutions at Trend Micro says ...

    http://www.computerworld.com/s/article/9249779/Almost_a_million_fake_apps_are_targeting_your_phone
     
  7. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Another reason not to use garbage like "AV" from companies like Trend Micro when they can't even understand the difference between malicious apps and vulnerability hunting.

    Different things, different teams. Project Zero has nothing to do with malware.
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    What about criminal state-sponsored actors? Oh, I remember, that's all legal because the executive says so, including retroactive immunity.

    Personally, I think this is in part a response to the rightful outrage felt at the sentiment involved in that infantile smiley face on the NSA slide.

    Incidentally, I guess this is one way that the Internet is effectively going to Balkanize - not by region, but by corporates. So that you'll have one suite of end-to-end protections that apply in Google-land (which mean that only Google gets to see your info), and presumably others for MS and Apple etc.
     
  9. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    AV marketing is irrelevant and best ignored IMO.

    Re Google, I suspect they are engaging in the popular exercise known as "lying," and will not do more than pay lip service to defying the NSA's efforts.

    (Only a suspicion, mind...)
     
  10. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    After everything google has done ... How can people be so gullible to believe anything google says? :(

    Gullible Jones you really should change your name ....lol :)
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Oh, I reckon they are economical with the truth, but you can follow the money for their commercial interests - they're at least predictable like that. Whereas the state-sponsored lot are Starship-crazed and rather less predictable.
     
  12. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Mainly because Google isn't some kind of entity, it's a series of groups with different interests, like most companies. There are groups with positive interests and there are groups with greed interests. If you want to be ignorant of the groups working to create a positive change, that's your choice.

    If you want to start a thread about paranoid nonsense with no evidence (e.g. Google working with NSA), vacate to the privacy forum. Thanks.
     
  13. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    No thanks elapsed.
    Wilders is a forum you come to learn/comment/ discuss about security and privacy, which often are so interrelated as to be dependent on each other.....AND I should have the freedom to disagree with what I feel is faulty or not relevant. Whether google is an entity or not has nothing to do with it. It has a TOS, and if you want to discount what is painfully obvious then that's YOUR choice.

    What makes you think Wilders privacy forum necessarily caters for those who typically engage in "paranoid nonsense". Prove it.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I don't see a reason why Google would be lying but we'll soon seen what's true. If they start to inform other developers about CVEs in their products, I guess they were not lying. Otherwise Gullible Jones was right.
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Wilders isn't a forum, it's a collection of many forums. This forum is "Other security issues & news", and that's what is being discussed. In other words, don't take it off topic with some nonsensical dribble, especially considering what a manoeuvre like this might one day represent for the positive impact of the Internet as a whole.

    No one here argued over what you have the freedom to do.

    The privacy forums are where you can express your "creative ideas" about "what company is doing what" as much as you want, where you can engage with like-minded fellows that appreciate fiction over proven fact. There are also many threads already created about Google et al. there where you can contribute until your heart is content.
     
  16. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,466
    @elapsed: well speak of the devil:

    http://www.osnews.com/story/27850/Backdoors_and_surveillance_mechanisms_in_iOS_devices

    Yes, yes, that's iOS not Android; but how likely do you think it is that only iOS would incorporate backdoors? Android is a bigger user base.

    I would also point out that, while Google execs can wring their hands if they want, the federal government has courts, law enforcement agencies, and an army. Google does not. Follow the political power.

    Edit: though actually I think you may be right, insofar as unknown zero-days aren't needed if permanent preinstalled backdoors exist. (Though these things are functionally the same to end users, and to crooks.)
     
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Yes. So I'll rephrase....Wilders SECURITY FORUMS are forums you come to learn/comment/ discuss about security and privacy, which often are so interrelated as to be dependent on each other..

    ....which changes nothing.. Instead of being pedantic, you might realize I was talking in general. IN other words, security and privacy often dovetail all through these boards.

    The topic is google, I mentioned google. I don't see a special forum for google. Until there is it is not off topic to simply disagree with someone and I disagree with you, which doesn't give you the right to turn around and stifle commentary because it doesn't agree with yours. (I don't see Moderator next to your name) Since you take it on yourself to degrade the folks who post on the other subforums at Wilders as if they're some kind of nut job you might wanna come off that high horse you're on.

    Instead of berating people who don't agree with YOUR OPINION get your head out the sand. The NSA doesn't only affect privacy it also affects security. If you don't believe anything at all about all that, and the 9 or so major companies including google who are involved then you're disagreeing with what most people know and believe as fact with plenty of official documentation.

    Yes you could say prove google is in bed with the NSA and I could just as well say prove they arent. I think there's more precedent to NOT believe them after the many underhanded ways they've come up with to snoop.

    As for "creative ideas" LOL LOL :rolleyes: What have they got to do with facts? facts which the good part of the Privacy Boards search out and discuss.
     
  18. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Jack Wallen testing the claims made by TM press release.

    I opted to test apps from the Widget, Media & Video, and Finance category -- seeing as how
    Trend Micro claims that 100% of those apps have repackaged or fake apps associated with them.
    After installing five widgets from the top 100, I ran both Malwarebytes and Trend's own software.
    Neither scanner found a single threat.

    I also checked to see if these same widgets had fake versions associated with them. Not one
    came up with a fake app on the Google Play Store.

    I contacted HCK Partners (which sent out the press release on behalf of Trend Micro)

    In response, they walked back both claims and attempted to clarify the information in the
    original release:

    http://www.techrepublic.com/article/trend-micro-backs-off-google-play-malware-claims/
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
    https://www.darkreading.com/risk/pr...oogles-zero-day-hunt-has-grown/d/d-id/1335549
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.