Read more.The team was put together to help cut down targeted attacks across the Internet.
Read more.The team was put together to help cut down targeted attacks across the Internet.
Google are one of the better bad companies out there. Anything positive is good, anything negative is bad. Same old same old
This can only be good.... can't it?
Depends on how much flak they get for penetration testing other companies software. They can be accused of outright black hat hacking if a contract is not in place dictating it's being done grey hat for the greater good.
Main PC: Asus Rampage IV Extreme / 3960X@4.5GHz / Antec H1200 Pro / 32GB DDR3-1866 Quad Channel / Sapphire Fury X / Areca 1680 / 850W EVGA SuperNOVA Gold 2 / Corsair 600T / 2x Dell 3007 / 4 x 250GB SSD + 2 x 80GB SSD / 4 x 1TB HDD (RAID 10) / Windows 10 Pro, Yosemite & Ubuntu
HTPC: AsRock Z77 Pro 4 / 3770K@4.2GHz / 24GB / GTX 1080 / SST-LC20 / Antec TP-550 / Hisense 65k5510 4K TV / HTC Vive / 2 x 240GB SSD + 12TB HDD Space / Race Seat / Logitech G29 / Win 10 Pro
HTPC2: Asus AM1I-A / 5150 / 4GB / Corsair Force 3 240GB / Silverstone SST-ML05B + ST30SF / Samsung UE60H6200 TV / Windows 10 Pro
Spare/Loaner: Gigabyte EX58-UD5 / i950 / 12GB / HD7870 / Corsair 300R / Silverpower 700W modular
NAS 1: HP N40L / 12GB ECC RAM / 2 x 3TB Arrays || NAS 2: Dell PowerEdge T110 II / 24GB ECC RAM / 2 x 3TB Hybrid arrays || Network:Buffalo WZR-1166DHP w/DD-WRT + HP ProCurve 1800-24G
Laptop: Dell Precision 5510 Printer: HP CP1515n || Phone: Huawei P30 || Other: Samsung Galaxy Tab 4 Pro 10.1 CM14 / Playstation 4 + G29 + 2TB Hybrid drive
You would hope so...but you know what these large companies are like: "You found a flaw in our system and told us so we could fix it and prevent major issues to our customer base. You could have been stealing data (or enter other stupid reason here) so prepare to be sued". C'est la vie.
I doubt that.
If they are penetration-testing someone else's system or software on machines belonging to those other people, yeah sure, get a contract to do it.
If they nuy a copy of XYZ software, install it on thir own (Google) lab machines and test it, I can't see why they need either permission from, or even knowledge of, the software developers to do it.
And, as pointed out, vulnerabilities found will only be reported to the developer, and not made public until a patch is available.
In theory at least, the more legitimate people that probe and test, the better chance we all stand of problems being fixed before those that would exploit them find out.
This SEEMS like a good idea, but personally, I have a very low opinion of Google and I'm just a bit reluctant to trust them on anything.
Ha ha, from what I've seen Saracen, you barely even trust yourself on the internet
Well, you have to remember those little Ts & Cs when you install the software in addition to how far it broaches into the computer misuse act or the equivalent in each country
I trust myself. Just not much of anybody else.
Computer Misuse Act isn't relevant, if you're testing on your own PC, because it's about unauthorised access.
Got any examples of T&Cs that preclude you testing software on your own PCs for vulnerabilities? I'd love to do an article about software vendors so unsure of their own product they try to prevent users testing their security.
Microsoft's Services agreement for Office 365 :
There are very similar entries on other software I use, Section 4.5 on Adobe's Licenses and Terms of use for example.7.3. Are there things I can't do with the software or Services? Yes. In addition to the other restrictions in this Agreement, you may not circumvent or bypass any technological protection measures in or relating to the software or Services or disassemble, decompile, or reverse engineer any software or other aspect of the Services that's included in or accessible through the Services, except and only to the extent that the applicable copyright law expressly permits doing so; separate components of the software or Services for use on different devices; publish, copy, rent, lease, or lend the software or the Services; or transfer the software, any software licenses, or any rights to access or use the Services. You may not use the Services in any unauthorized way that could interfere with anyone else’s use of them or gain access to any service, data, account, or network. You may not enable access to the Services by unauthorized third-party applications.
So these are gerneralistically to do with decompiling or reverse engineering but unless they just sit there poking it with a stick, they're going to take a very long time to find the issues they want to find. If Google can prove all they're doing is poking then they might get away with it....any thing else and they're putting themselves out for a suit.
There are currently 1 users browsing this thread. (0 members and 1 guests)