Google Data

Written by Oliver Fisher”This site may harm your computer”You may have seen those words in Google search results — but what do they mean? If you click the search result link you get another warning page instead of the website you were expecting. But …

Written by Amanda Kleha, Google Apps Security & Compliance teamThe Google Apps Security & Compliance team, which provides email and web security for more than 40,000 companies, regularly tracks trends in spam, viruses, and other threats. Check …

Written by Steve WeisCryptography is notoriously hard to get right and if improperly used, can create serious security holes. Common mistakes include using the wrong cipher modes or obsolete algorithms, composing primitives in an unsafe manner, hard-co…

Written by Thomas DuebendorferIn view of mass defacements of hundreds of thousand of web pages – with the intent to misuse them to launch drive-by download attacks – security researchers from ETH Zurich, Google, and IBM Internet Security Systems were i…

Posted by Michal ZalewskiWe’re happy to announce that we’ve just open-sourced ratproxy, a passive web application security assessment tool that we’ve been using internally at Google. This utility, developed by our information security engineering team,…

Posted by Niels ProvosWe’ve been protecting Google users from malicious web pages since 2006 by showing warning labels in Google’s search results and by publishing the data via the Safe Browsing API to client programs such as Firefox and Google Desktop…

Written by Will DrewryFrom operating systems to web browsers, open source software plays a critical role in the operation of the Internet. The security of open source software is therefore quite important, as it often interacts with personal informatio…

Written by Niels Provos, Anti-Malware TeamIt has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running mal…

Posted by Ian FetteWe’ve been targeting malware for over a year and a half, and these efforts are paying off. We are now able to display warnings in search results when a site is known to be malicious, which can help you avoid drive-by downloads and ot…

Written by Chris Evans, Security TeamGoogle encourages its employees to contribute back to the open source community, and there is no exception in Google’s Security Team. Let’s look at some interesting open source vulnerabilities that were located and …

Posted by Will Drewry, Security TeamSecurity testing of applications is regularly performed using fuzz testing. As previously discussed on this blog, Srinath’s Lemon uses a form of smart fuzzing. Lemon is aware of classes of web application threats a…

Posted by Srinath Anantharaju, Security TeamCross-site scripting (aka XSS) is the term used to describe a class of security vulnerabilities in web applications. An attacker can inject malicious scripts to perform unauthorized actions in the context of …

Posted by Niels Provos, Anti-Malware TeamSome of you might have seen this message while searching on Google, and wondered what the reason behind it might be. Instead of search results, Google displays the “We’re sorry” message when we detect anomalous …

Posted by Brian Rakowski and Garrett Casto, Anti-Phishing and Anti-Malware TeamsOK, so it might be a little early to declare victory, but we’re excited about the Safe Browsing API we launched today. It provides a simple mechanism for downloading Google…

Posted by Colin Whittaker, Anti-Phishing TeamIn addition to targeting malware, we’re interested in combating phishing, a social engineering attack where criminals attempt to lure unsuspecting web surfers into logging into a fake website that looks like…