Google's Elite Security Team, Project Zero

阅读

When Apple launched the iPhone through an exclusive partnership with AT&T in 2007, seventeen-year-old George Hotz wanted to use an iPhone but not with AT&T. He wanted to make calls through hsi own T-Mobile network, so he cracked AT&T’s lock on the iPhone. Apple scrambled to fix the bug that allowed this, but offcially ignored George Hotz.

Later in 2011, Hotz reverse engineered the Playstion 3 and posted a copy of the root keys on his website. Snoy sued him but settled after Hotz promise never to hack Sony products again.

Then in early 2014, at Google’s hacking competition, Hotz discovered a security hole in Google’s Chrome OS. The company gave him $150,000 reward. Two months later, Google’s security engineer Chris Evans offered him a position in a team of elite hackers. George Hotz accepted the offer and now workds for Google’s security team Project Zero.

Project Zero worked in secret until Google publically revealed the team in July 2014. Its sole mission is tracking down and getting rid of security flaws in the world’s software. These flaws are called zero-day vulnerabilities, which are a common target of cyber criminals.

Project Zero’s hackers aren’t just looking into the products that Google makes. They are free to hack any software in the world. Why? They want to make a safer Internet for everyone. The team’s plicy is simple. The team notifies vendors of vulnerabilities immediately, If fixes are not available within 90-days, bug reports automatically become available to the public. The 90-day diclosure policy appears to be working in most case. The Adobe Flash team fixed 37 Project Zero vulnerabilities(for 100%) within 90-day period. The Project Zero blog indicates that 85% of all velnerabilities are patched before the deadline.

However, recently Google’s strict 90-day policy came under fire form Microsoft and Apple. The Project Zero ream publicly disclosed bugs which were present in Windows 8.1 and MacOS X before Microsoft and Apple released patches. Microsoft heavily criticized Google since the company was scheduled to realese a patch just two days later. Recently Google loosened its 90-day policy with an additional 14-day grace period. Now vendors have an addtional 14 days to patch vulnerabilities as long as the inform Google of the release schedule before the deadline.

“People deserve to use the Internet without fear that vulnerabilities out there can ruin their privacy with a single website vistit. We’re goting to try to focus on the supply of these hight value vulnerabilities and elimnate them.” says Evans.

分析核心语法

熟悉句式4

句式3为【主语 + 动词（vt） + 宾语】
句式4为【主语 + 动词 + 宾语（间接宾语） + 宾语（直接宾语）】

The company gave him a reward.
公司给他奖励。

Chris Evans offered him a position.
克里斯·埃文斯提供给他一个职位。

The team notifies vendor of vulnerabilities.
团队向厂商通报漏洞。
中国式英语：The team notifies vendosrs vulnerablities.(X)

They inform Google of the release schedule.
他们向谷歌告知上线计划。
中国式英语：They inform Google the release schedule.(X)

关系代名词that和which

关系代名词，连接两个句子，兼顾连词和代名词的作用。根据先行词和**格种类不同，关系代名词也会相应发生变化。
先行词，是修饰关系代名词从句的名词。
格在关系代名词从句**中发挥作用。

The team disclosed bugs. They were present in Windows 8.1.
等同于：
The team disclosed bugs that were present in Windows 8.1.
The team disclosed bugs which were present in Windows 8.1.

先行词bugs指物，主语是they，此时用主格关系代名词that或者which。
团队公布了bug，他们存在于Windows 8.1。

The hackers are looking into the products. Google makes them.
等同于：
The hackers are looking into the products that Google makes them.
The hackers are looking into the products which Google makes them.

先行词the products指物，宾语是them，此时用主格关系代名词that或者which。
黑客们调查产品谷歌制造的。

关系代名词引导非限定性定语从句

熟悉关系代名词引导非限定性定语从句。这类词用于补充说明前文的内容。关系代名词前面加（,）可以理解为【连接词 + 代名词】，也是关系代名词引导非限定性定语从句和关系代名词引导限定性定语从句的区别，后面我们慢慢探索和掌握

These flaws are called zero-day vulnerabilities, and they are a common target of cyber criminals.
等同于：
These flaws are called zero-day vulnerabilities which are a common target of cyber criminals.

先行词vulnerabilities指物，主语为they，此时用主格关系代名词which，引导非限定性定语从句时候不能用that。