November 03, 2010, 3:51 PM — Google is offering hackers the chance to win a cash bounty if they can find vulnerabilities in the search giant's top Web applications such as YouTube, Blogger, Gmail and Google.com. Successful Google invaders can be awarded up to $3,133.70 for their hack as well as get their name added to a Google credit Web page.
Google is only rewarding hackers who can find vulnerabilities using scripting language or injecting code onto a Web page. Attacks not included under the new program include vulnerabilities found in Android, Google desktop programs (Picasa, Google Desktop, etc.), distributed denial of service (DDoS), attacks against Google's corporate infrastructure and gaming Google's search algorithms.
While Google's new security challenge shouldn't affect regular users, it's always good to know what's going on. Here's what you need to know about Google's new bug bounty program.
Which Google Web applications can be targeted?
Google says that any Web app that "displays or manages highly sensitive authenticated user data or accounts" can be targeted. This could include many commonly used Google apps including Gmail, Google Docs, Blogger and YouTube.
Does that mean my account can be targeted?
No. Attacks against regular users to test an app's vulnerability are forbidden. Google has directed its hacker helpers to "never attempt to access anyone else's data." Google also explicitly states that a hacker's testing "must not violate any law."
What if I feel my account is being targeted?
It's highly unlikely that Google's bug bounty program will cause a rise in attacks on regular users. Nevertheless, there are other hackers out there who are not high-minded enough to help Google improve its security. Google has a variety of ways to report abuse. Gmail users can flag messages as spam or phishing attempts from within their Gmail window. There are also pages to help you report other types of abuse for Google Web apps such as Google Docs, Gmail and Google Buzz.
Why is Google doing this?