Thursday, November 21, 2024
6.5 C
New York

Google Employees to the Rescue with Operation Rosehub

It’s nice to see people coming together to work on a project that will clearly help protect millions if not billions of consumers worldwide. And that’s exactly what we observed last year with Google employees and Operation Rosehub. Some workers dedicated up to 20 percent of their work day helping to patch a critical remote code execution vulnerability, dubbed the “Mad Gadget Vulnerability” that was potentially going to affect thousands of Open Source Projects on Github.


This bug is one that consists of a remote code execution that would allow a hacker a way into the Apache Commons Collection (ACC) library and potentially destroy all that was there. Because the ACC Library is used across several Java applications, all a hacker would need to do is to attack just one system that used it to cause havoc to them all. This same Mad Gadget bug was used to attack more than 2,000 computers used to control the Muni Metro System in San Francisco.


Once the Mad Gadget bug had been disclosed publicly, several companies admitted to having been affected by it and had now patched it into their software. Among these businesses were IBM, Adobe, Oracle, HP, Cisco, Intel, Jenkins, VMWare, SolarWinds, and HP. But, even after it had been patched, one eagle-eyed Google employee spotted that several open source libraries were still using the vulnerable versions of the ACC library. “We recognized that the industry best practices had failed. An action was needed to keep the open source community safe. So rather than simply posting a security advisory asking everyone to address the vulnerability, we formed a task force to update their code for them. That initiative was called Operation Rosehub,” states software engineer, Justine Tunney.

One thing to note also is that according to Open Source Blog, one of the reasons why the Muni Metro System was compromised s down to the fact that their system isn’t open source. If it had of been, Google engineers could have got in and patched it for them and no one would have been none the wiser.



More News To Read

Hot this week

Brooklyn Defendants Charged in Rideshare Hacking Scheme: Jailbroken Phones Used to Exploit Uber

Brooklyn federal court has charged two defendants, Eliahou Paldiel...

Detecting Defects in Next-Generation Computer Chips: The Future of TMD-Based Semiconductors

As technology advances, the demand for smaller, more powerful...

Merging Galaxies in the Early Universe: The Birth of a Monster Galaxy

Astronomers have recently observed a fascinating event in the...

Topics

Brooklyn Defendants Charged in Rideshare Hacking Scheme: Jailbroken Phones Used to Exploit Uber

Brooklyn federal court has charged two defendants, Eliahou Paldiel...

Detecting Defects in Next-Generation Computer Chips: The Future of TMD-Based Semiconductors

As technology advances, the demand for smaller, more powerful...

Merging Galaxies in the Early Universe: The Birth of a Monster Galaxy

Astronomers have recently observed a fascinating event in the...

NASA’s Roman Space Telescope to Uncover Galactic Fossils and Dark Matter Mysteries

NASA’s Roman Space Telescope is set to transform our...

Black Myth: Wukong – A Game that Gamers Love Despite Media Backlash

In a gaming industry increasingly influenced by social agendas,...

Gravitational Waves Reveal a ‘Supercool’ Secret About the Big Bang

In 2023, physicists made a groundbreaking discovery that could...

Related Articles

Popular Categories

Send this to a friend