Google: 'We'll pay $100K if you can hack a Chromebook remotely'
The move doubles last year's top reward of $50,000, available exclusively for attacks that achieve a persistent compromise on a Chromebook in 'guest mode'
http://www.zdnet.com/article/google-well-pay-100k-if-you-can-hack-a-chromebo... -- RR "Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them"
On 3/17/16, Rayzer <Rayzer@riseup.net> wrote:
exclusively for attacks that achieve a persistent compromise on a Chromebook in 'guest mode'
http://www.zdnet.com/article/google-well-pay-100k-if-you-can-hack-a-chromebo...
Doesn't this thing use Intel's AMT processor and NIC? Intel's probably protected their source code access processes with more than $100k against any researcher, same with Google, but as we've just seen NSA already FISA'd / moled both their source. So what's the difference? Or the point? If Google wants to pull a stunt, it should open it's own code and start paying out along that new bug discovery asymptote. Regardless of whether you sell software / hardware or not... "We're closed, and awesome" really doesn't cut it anymore when the bad guys have the source everyone else thought was closed. .
On Thu, Mar 17, 2016 at 10:41 PM, grarpamp <grarpamp@gmail.com> wrote:
On 3/17/16, Rayzer <Rayzer@riseup.net> wrote:
exclusively for attacks that achieve a persistent compromise on a Chromebook in 'guest mode'
http://www.zdnet.com/article/google-well-pay-100k-if-you-can-hack-a-chromebo...
Doesn't this thing use Intel's AMT processor and NIC? Intel's probably protected their source code access processes with more than $100k against any researcher, same with Google, but as we've just seen NSA already FISA'd / moled both their source. So what's the difference? Or the point?
If Google wants to pull a stunt, it should open it's own code and start paying out along that new bug discovery asymptote.
Regardless of whether you sell software / hardware or not... "We're closed, and awesome" really doesn't cut it anymore when the bad guys have the source everyone else thought was closed.
Most of ChromeOS is open source. The BIOS, AIUI, is Coreboot. Most of what isn't open source can't legally be open sourced because it's other people's IP, like the codecs, Flash, etc. If you care, go compile and run ChromiumOS.
participants (3)
-
grarpamp -
Rayzer -
Sean Lynch