Written by Amanda Kleha, Google Apps Security & Compliance teamThe Google Apps Security & Compliance team, which provides email and web security for more than 40,000 companies, regularly tracks trends in spam, viruses, and other threats. Check …
Written by Steve WeisCryptography is notoriously hard to get right and if improperly used, can create serious security holes. Common mistakes include using the wrong cipher modes or obsolete algorithms, composing primitives in an unsafe manner, hard-co…
Written by Thomas DuebendorferIn view of mass defacements of hundreds of thousand of web pages – with the intent to misuse them to launch drive-by download attacks – security researchers from ETH Zurich, Google, and IBM Internet Security Systems were i…
Written by Niels Provos, Anti-Malware TeamIt has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running mal…
Written by Chris Evans, Security TeamGoogle encourages its employees to contribute back to the open source community, and there is no exception in Google’s Security Team. Let’s look at some interesting open source vulnerabilities that were located and …
Written by Panayiotis Mavrommatis, Anti-Malware TeamIn the past year, the number of sites affected by malware/badware grew from a handful a week to thousands per week. We noted your suggestions to improve communication for webmasters of affected sites …
Posted by Srinath Anantharaju, Security TeamCross-site scripting (aka XSS) is the term used to describe a class of security vulnerabilities in web applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of …