Google big move: who can hack into Chromebook who will award $ 100,000

Computers
Google big move: who can hack into Chromebook who will award $ 100,000

According to foreign reports, from 2010 launched the “catch the bug bounty” program since Google six years in time to the security researcher has paid more than $ 6 million bonus (only in the last year alone paid more than $ 2 million bonus) . The company is now further expand its Chrome rewards program: increase the maximum award amount for Chromebook and added a new reward program.

Catch the worm bounty program is the company’s internal security plan has a useful complement. It can only encourage hackers individuals or organizations to help companies looking for loopholes, and encourage them to find loopholes in the report to the company by appropriate means, rather than exploit these vulnerabilities or to sell all kinds of illegal activities such vulnerability information to others for profit.

Last year, Google offered $ 50,000 to encourage people to attack Chromebook guest mode, look for one of the loopholes. However, according to the company’s security team said that so far it has not received any reports of successful attacks.

Thus, Google will reward amount has doubled, up to $ 10 million. The company hopes to be able to invade someone by hacking Chrome OS. “Excellent research worth rewarded. Therefore, the reward of our six-figure annual effective, there is no quota restrictions, nor the total award amount limit.” Google claims.

In addition, Google also added a “download protection bypass” bounty program. In short, as long as it was found to bypass Chrome’s Safe Browsing download protection method, the company will be to provide them with incentives. Related reward rules are as follows:

1. Chrome browser Safe Browsing feature must be enabled, and must have an updated database (after installing a new Chrome browser, this database may take several hours to be formed).

2. Safe Browsing server on the network must be accessible.

3. The binary data must be placed where it is possible to perform a user (for example, the Downloads folder).

4. does not require users to change the file name to expand or restore it from being blocked download directory.

5. requires the user to perform any operation for most users must be reasonable and possible. Can not require the user to perform a reasonable operating more than three (example: click to download, open the .zip archive and execute .exe file). But all this will be based on specific circumstances. You can not expect the user to ignore the warning message.

6. Download the data can not be downloaded to the protection of the Safe Browsing feature sends Ping. You can view the chrome: counter increments //histograms/SBClientDownload.CheckDownloadStats to check on the download protection Ping. If the counter is increased, indicating that the authentication information has been sent successfully. (Except for # 7 in addition to the counter, which calculates the authentication information is not sent.)

7. Binary parked domain data and any signature not appear in the list of good, you can visit chrome: // histograms / SBClientDownload be checked. Have signed or download the data listed in the fine on the list can not be increased.

Safe Browsing lists a series of URLs that contain malicious viruses or phishing content for Chrome, Firefox and Safari browsers and Internet service providers.