On this week’s Quotes of the Week: Google triples it bounty rewards, Windows 95 was installed on a smart watch and Shellshock continues to affect systems worldwide.
Google Triples its Bounty Reward
“We understand that our cash reward amounts can be less than these alternatives, but we offer you public acknowledgement of your skills and how awesome you are, a quick fix and an opportunity to openly blog/talk/present on your amazing work” – Tim Willis, Chrome Security Team
Google announced that it is increasing its offer for those who find bounty’s in any of its software. Tim Willis of the Google Chrome security team announced on the Chrome blog the increase in bountys would mean a reward of up to $15,000 for great reports with some bug hunters getting $30,000 in the last month. If you want to impress Google, a working exploit of a bug will receive a higher reward. Read more about it here.
Someone installed Windows 95 on a smartwatch
Here is Windows 95 running on a Smartwatch. Why? As with most unspeakable horrors, the answer is: because they can. pic.twitter.com/LlUXEjOhaT
— Karin Kosina (@kyrah) October 7, 2014
Probably one of the least useful and least impactful hacks, a hacker somewhere decided to load Windows 95 onto a Samsung Smartwatch to see what happens. Very little in fact. A Youtube video showing the operating system starting up was sped up twenty-five times suggesting that it was quite slow to start. After this Windows would not run any programmes because of a memory error. View the Youtube video here
The story of Shellshock
“Fox and Stallman didn’t know it at the time, but they were building the tools that would become some of the most important pieces of our global communications infrastructure for decades to come.” –
A comprehensive story written by Robert McMillan on how BASH came to be built within the internet and how the Shellshock bug became a major threat to the software companies worldwide. Read the article here.
Bugs happen
“I’ve experienced the gut-wrenching unpleasantness of being part of a team that was responsible for shipping a major bug.” – Nick Arnott
Nick Arnott writes about the recent iOS 8.0 bug that affected the owners of the new iPhone 6 worldwide. He describes how situations like this can happen and reminds us that not every bug will be caught by testers. Read the article here.
Meta Bugs (zilla)
“Our exploit allows us to bypass that and register using any email we want, even if we don’t have access to it, because there is no validation that you actually control that domain” – Shahar Tal, Check Point
Bugzilla is a popular tool for managing bugs in Linux and Mozilla and many of the open source Linux distributions. However a bug has been found in the software that allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. In effect a hacker could see all vulnerable bugs that were reported for linux based software. A patch has been applied to the software. The story again questions the security of open-source software. You can read more on the story here.
If you have any suggestions for quotes of the Week, you can contribute through the discussion on TEST Huddle here.