Heart of Texas Network Consultants Blog

Heart of Texas Network Consultants has been serving the Central Texas area since 1992, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Google Strengthens Zero-Day Exploit Research

b2ap3_thumbnail_google_research_400.jpgWith all of the zero-day exploits popping up lately, such as the GameOver Zeus malware and Heartbleed bug a few months ago, it only makes sense to step up research on how and why it occurs. Google is doing just that with its new research program, rightfully dubbed Project Zero.

Zero-day vulnerabilities are classified as vulnerabilities against which no vendor has released a patch, making them highly dangerous and easily exploitable. These vulnerabilities target both corporate and consumer users alike, and are generally able to avoid detection by the general public until the patch has been released. Zero-day attacks are mostly unexpected, and are often used in targeted attacks to execute malicious code.

Google might already have a bounty system in place for those who find exploits in their products, but this initiative takes things a step further. The idea behind Project Zero is to fund research for any popular software on which many people depend upon, and ways to limit the damage and exploitation of these programs in the event of a zero-day attack.

Additionally, Google has created an external database which will hold the research results. Rather than immediately let the public know about exploitations and vulnerabilities, Google waits until the problem becomes public or has been patched. This is presumably to prevent hackers from knowing about the flaw and exploiting it, and gives third-party developers a chance to patch it before causing a big fuss over nothing.

The interesting thing about this endeavor is that it is open to the general public, but it has not been explained how researchers can sign up for the project. Discussions concerning vulnerabilities and exploitations will be available to the general public post-patching, including how long it took the vendor to fix the problem (if it were fixed at all).

This is good news for those who praise Google's role in finding vulnerabilities in software. The search-engine giant has an impressive track record of research into Microsoft and Apple's software vulnerabilities, and they often credit Google for reporting vulnerabilities directly to them. Similar to Google, Microsoft also has a program for research, but unlike the "bug bounty" feature of Google's Project Zero, Microsoft doesn't reward those who notify them of product vulnerabilities.

If you are ever concerned about the status of your network's security, contact Heart of Texas Network Consultants at (254) 848-7100. We'll work with you to keep your systems up-to-date and as safe as can be from the latest security threats and vulnerabilities.

Old Mobile Devices Might Be Hurting Your Business’...
Alert: Google and Yahoo Doppelgangers Threaten the...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, November 22 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

2012
January
February
March
April
May
June
August
September
October
November
December