|
Project Zero
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. History After finding a number of flaws in software used by many end-users while researching other problems, such as the critical "Heartbleed" vulnerability, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. The new project was announced on 15 July 2014 on Google's security blog. When it launched, one of the principal innovations that Project Zero provided was a strict 90-day disclosure deadline along with a publicly visible bugtracker where the vulnerability disclosure process is documented. While the idea for Project Zero can be traced back to 2010, its establishment fits into the larger trend of Google's counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden. The team was formerly heade ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Google
Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. It has been referred to as "the most powerful company in the world" and one of the world's most valuable brands due to its market dominance, data collection, and technological advantages in the area of artificial intelligence. Its parent company Alphabet is considered one of the Big Five American information technology companies, alongside Amazon, Apple, Meta, and Microsoft. Google was founded on September 4, 1998, by Larry Page and Sergey Brin while they were PhD students at Stanford University in California. Together they own about 14% of its publicly listed shares and control 56% of its stockholder voting power through super-voting stock. The company went public via an initial public offering (IPO) in 2004. In 2015, Google was reor ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Christopher Evans (computer Security Expert)
Christopher Evans or Chris Evans may refer Entertainment * Chris Evans (actor) (born 1981), American actor * Chris Evans (presenter) (born 1966), British broadcaster * Chris Evans (artist) (born 1967), British artist * Chris Tally Evans, British artist, director and writer * Christopher Evans (author) (born 1951), British author of science fiction and children's books * Christopher Evans (musician) (born 1987), Ugandan vocalist * Christopher Leith Evans (born 1954), American artist Politics * Chris Evans (Australian politician) (born 1958), member of the Australian Senate * Chris Evans (British politician) (born 1977), British Labour Co-operative politician * D. Christopher Evans, American law enforcement officer and acting administrator of the Drug Enforcement Administration Sports * Chris Evans (American football) (born 1997), American football running back for the Cincinnati Bengals * Chris Evans (footballer) (born 1962), Welsh footballer and manager * Chris Evans (ice hocke ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Spectre (security Vulnerability)
Spectre refers to one of the two original transient execution CPU vulnerabilities (the other being Meltdown), which involve microarchitectural timing side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack. Two Common Vulnerabilities and Exposures IDs related to Spectre, (bounds check bypass, Spectre-V1, Spectre 1.0) and (branch target injection, Spectre-V2), have been issued. JIT engines used for JavaScript were found to be vulnerable. A website can read data stored ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Meltdown (security Vulnerability)
Meltdown is one of the two original transient execution CPU vulnerabilities (the other being Spectre). Meltdown affects Intel x86 microprocessors, IBM POWER processors, and some ARM-based microprocessors. It allows a rogue process to read all memory, even when it is not authorized to do so. Meltdown affects a wide range of systems. At the time of disclosure (2018), this included all devices running any but the most recent and patched versions of iOS, Linux, macOS, or Windows. Accordingly, many servers and cloud services were impacted, as well as a potential majority of smart devices and embedded devices using ARM-based processors (mobile devices, smart TVs, printers and others), including a wide range of networking equipment. A purely software workaround to Meltdown has been assessed as slowing computers between 5 and 30 percent in certain specialized workloads, although companies responsible for software correction of the exploit reported minimal impact from general benchmark ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
LastPass
LastPass is a password manager distributed in subscription form as well as a freemium model with limited functionality. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets. LogMeIn, Inc. (now GoTo) acquired LastPass in October 2015. On December 14, 2021, LogMeIn announced that LastPass would be made into a separate company and accelerate its release timeline. In 2022, LastPass suffered significant security incidents. User data, billing information, and vaults (with some fields encrypted and others not) were breached, leading many security professionals call for users to change all their passwords and switch to other password managers. Overview A user's content in LastPass, including passwords and secure notes, is protected by one master password. The content is synchronized to any device the user uses the LastPass software or app extensions on ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cloudbleed
Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. As a result, data from Cloudflare customers was leaked to all other Cloudflare customers that had access to server memory. This occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected. Some of the leaked data was cached by search engines. Discovery The discovery was reported by Google's Project Zero team. Tavis Ormandy posted the issue on his team's issue tracker and said that he informed Cloudflare of the problem on February 17. In his own proof-of-concept attack he got a Cloudflare server to return "private messages from major dating sites, full messages from a well-known chat service, online password manager data, frame ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cloudflare
Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San Francisco, California. According to '' The Hill'', it is used by more than 20 percent of the entire Internet for its web security services. History Cloudflare was founded in July 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn. Prince and Holloway had previously collaborated on Project Honey Pot, a product of Unspam Technologies that served as some inspiration for the basis of Cloudflare. From 2009, the company was venture-capital funded. On August 15, 2019, Cloudflare submitted its S-1 filing for IPO on the New York Stock Exchange under the stock ticker NET. It opened for public trading on September 13, 2019 at $15 per share. In 2020, Cloudflare co-founder and COO Michelle Zatlyn was named president, making her one of the few ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Row Hammer
Row hammer (also written as rowhammer) is a security exploit that takes advantage of an unintended and undesirable side effect in dynamic random-access memory (DRAM) in which memory cells interact electrically between themselves by leaking their charges, possibly changing the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times. The row hammer effect has been used in some privilege escalation computer security exploits, and network-based attacks are also theoretically possible. Different hardware-based techniques exist to prevent the row hammer effect from occurring, including required support in some processors and types of DRAM memory modules. Background In dynamic RAM (DRAM), each bit of stored data occu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Engadget
''Engadget'' ( ) is a multilingual technology blog network with daily coverage of gadgets and consumer electronics. ''Engadget'' manages ten blogs four of which are written in English and six have international versions with independent editorial staff. It has been operated by Yahoo since September 2021. History ''Engadget'' was founded by former '' Gizmodo'' technology weblog editor and co-founder Peter Rojas. ''Engadget'' was the largest blog in Weblogs, Inc., a blog network with over 75 weblogs, including ''Autoblog'' and ''Joystiq,'' which formerly included ''Hackaday''. Weblogs Inc. was purchased by AOL in 2005. Launched in March 2004, ''Engadget'' is updated multiple times a day with articles on gadgets and consumer electronics. It also posts rumors about the technological world, frequently offers opinion within its stories, and produces the weekly Engadget Podcast that covers tech and gadget news stories that happened during the week. On December 30, 2009, ''Engadget' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft
Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washington, United States. Its best-known software products are the Windows line of operating systems, the Microsoft Office suite, and the Internet Explorer and Edge web browsers. Its flagship hardware products are the Xbox video game consoles and the Microsoft Surface lineup of touchscreen personal computers. Microsoft ranked No. 21 in the 2020 Fortune 500 rankings of the largest United States corporations by total revenue; it was the world's largest software maker by revenue as of 2019. It is one of the Big Five American information technology companies, alongside Alphabet, Amazon, Apple, and Meta. Microsoft was founded by Bill Gates and Paul Allen on April 4, 1975, to develop and sell BASIC interpreters for the Altair 8800. It rose to do ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012; it was subsequently made available for download via Microsoft Developer Network, MSDN and Microsoft TechNet, TechNet on August 15, 2012, and later to retail on October 26, 2012. Windows 8 introduced major changes to the operating system's platform and graphical user interface, user interface intended to improve its user experience on tablet computer, tablets, where Microsoft Windows, Windows was now competing with mobile operating systems, including Android (operating system), Android and iOS. In particular, these changes included a touch-optimized Windows shell based on Microsoft's Metro (design language), Metro design language and the Start menu#Third version, Start screen, a new platform for developing apps with an emphasis on touchscreen input, integration with online services, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Steven Vittitoe
Stephen or Steven is a common English first name. It is particularly significant to Christians, as it belonged to Saint Stephen ( grc-gre, Στέφανος ), an early disciple and deacon who, according to the Book of Acts, was stoned to death; he is widely regarded as the first martyr (or "protomartyr") of the Christian Church. In English, Stephen is most commonly pronounced as ' (). The name, in both the forms Stephen and Steven, is often shortened to Steve or Stevie. The spelling as Stephen can also be pronounced which is from the Greek original version, Stephanos. In English, the female version of the name is Stephanie. Many surnames are derived from the first name, including Stephens, Stevens, Stephenson, and Stevenson, all of which mean "Stephen's (son)". In modern times the name has sometimes been given with intentionally non-standard spelling, such as Stevan or Stevon. A common variant of the name used in English is Stephan ; related names that have found some curre ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
