So, do we get a "get out of jail free" card if we start trying to hack google to find these vulnerabilities, and do we have to register somewhere so u guys know it's just us trying to win a prize and not actually attack ur sites/code, or are u encouraging us to attack your services -- no holds barred? :D
I'm a bit rusty on some of this stuff because of working on other projects, etc., and I'm wondering what kind of resources you guys are going to be providing to help us get our feet wet again? Any chance of some youtube videos and "Hack Google 101" blog enteries, or are we pretty much on our own?
Anyway, thank u very much for the new offer, guys/google, and I think I found a new "hobby." :D.
Would be great to explain what they are looking for in a mainstream language that non technical user can understand to make the flaw's hunt fairer to anyone. Also, Google have probably specific flaw they are looking for and rewarding $20000 will be at reach of the most perverting flaw for the most technical genius who already know programming. This reducing the amount of people who can report google's flaw to google team ;-) Cunning!
Not too sure this would ever be doable by the non-technical community. Doing something like this will require years of study, familiarity with system and various OS architectures and instruction sets, XSS, SQL Injection and the use of an interactive disassembler. I have this skillset, but I'm just not up to snuff on the latest, greatest techniques. Basically, this is Google's "call to arms" for the technically oriented that are staying in the background, and upping the reward will (hopefully) pull them out of the woodwork -- and Google knows this...
Overall, this is a great move by Google. It will stimulate the security market and also help to make their services much less vulnerable to attack, and that will translate into more folks using their products, such as Android and Chrome -- and that translates into more bucks for Google. Smart move on their behalf.
While I appreciate "the hunt", can we get a waiver in writing detailing that we can actually hack Google because we're "on a mission from God"? Pat Murphy LPT Security Consulting
Pls which email can we report the bug to. And i got a message from dis email(vulnerabilityrewards2012@gmail.com) after reporting a bug on gmail that i am rewarded with $3133. Pls hw true is it.
8 comments :
Stand alone vulerabilities, aren't as in demand as custom built attacks. Eg: Stuxnet
---
Andrew Wallace
Independent consultant
http://www.n3td3v.org.uk/
So, do we get a "get out of jail free" card if we start trying to hack google to find these vulnerabilities, and do we have to register somewhere so u guys know it's just us trying to win a prize and not actually attack ur sites/code, or are u encouraging us to attack your services -- no holds barred? :D
I'm a bit rusty on some of this stuff because of working on other projects, etc., and I'm wondering what kind of resources you guys are going to be providing to help us get our feet wet again? Any chance of some youtube videos and "Hack Google 101" blog enteries, or are we pretty much on our own?
Anyway, thank u very much for the new offer, guys/google, and I think I found a new "hobby." :D.
Randall Jouett
Amateur Radio: AB5NI
Would be great to explain what they are looking for in a mainstream language that non technical user can understand to make the flaw's hunt fairer to anyone. Also, Google have probably specific flaw they are looking for and rewarding $20000 will be at reach of the most perverting flaw for the most technical genius who already know programming. This reducing the amount of people who can report google's flaw to google team ;-) Cunning!
@McFred
Not too sure this would ever be doable by the non-technical community. Doing something like this will require years of study, familiarity with system and various OS architectures and instruction sets, XSS, SQL Injection and the use of an interactive disassembler. I have this skillset, but I'm just not up to snuff on the latest, greatest techniques. Basically, this is Google's "call to arms" for the technically oriented that are staying in the background, and upping the reward will (hopefully) pull them out of the woodwork -- and Google knows this...
Overall, this is a great move by Google. It will stimulate the security market and also help to make their services much less vulnerable to attack, and that will translate into more folks using their products, such as Android and Chrome -- and that translates into more bucks for Google. Smart move on their behalf.
Randall Jouett
Amateur Radio: AB5NI
Unequivocally, yes. Despite the risks, vulnerability research is enormously valuable. Security is a mindset, and looking for vulnerabilities nurtures that mindset.
While I appreciate "the hunt", can we get a waiver in writing detailing that we can actually hack Google because we're "on a mission from God"?
Pat Murphy
LPT Security Consulting
Pls which email can we report the bug to. And i got a message from dis email(vulnerabilityrewards2012@gmail.com) after reporting a bug on gmail that i am rewarded with $3133. Pls hw true is it.
So its kind of more strict I guess, the updated rules for rewards program more tougher than before..
Post a Comment