Google Data

Posted by Eric Sachs, Senior Product Manager, Google SecurityGoogle’s participation in the Internet Identity Workshop (IIW) has grown from a few lone individuals at its founding in 2005 to fifteen Googlers at the last IIW. The reason for this growt…

Posted by Michael Zalewski, Security Team.Many people view the task of writing secure web applications as a very complex challenge – in part because of the inherent shortcomings of technologies such as HTTP, HTML, or Javascript, and in part because of …

Posted by Chris EvansWe’ve seen some speculation recently about a purported security vulnerability in Gmail and the theft of several website owners’ domains by unauthorized third parties. At Google we’re committed to providing secure products, and we m…

Posted by Eric Sachs, Senior Product Manager, Google SecurityA year ago, a number of large and small websites announced a new open standard called OAuth. This standard is designed to provide a secure and privacy-preserving technique for enabling specif…

Written by Oliver Fisher”This site may harm your computer”You may have seen those words in Google search results — but what do they mean? If you click the search result link you get another warning page instead of the website you were expecting. But …

Written by Amanda Kleha, Google Apps Security & Compliance teamThe Google Apps Security & Compliance team, which provides email and web security for more than 40,000 companies, regularly tracks trends in spam, viruses, and other threats. Check …

Written by Steve WeisCryptography is notoriously hard to get right and if improperly used, can create serious security holes. Common mistakes include using the wrong cipher modes or obsolete algorithms, composing primitives in an unsafe manner, hard-co…

Written by Thomas DuebendorferIn view of mass defacements of hundreds of thousand of web pages – with the intent to misuse them to launch drive-by download attacks – security researchers from ETH Zurich, Google, and IBM Internet Security Systems were i…

Posted by Michal ZalewskiWe’re happy to announce that we’ve just open-sourced ratproxy, a passive web application security assessment tool that we’ve been using internally at Google. This utility, developed by our information security engineering team,…

Posted by Niels ProvosWe’ve been protecting Google users from malicious web pages since 2006 by showing warning labels in Google’s search results and by publishing the data via the Safe Browsing API to client programs such as Firefox and Google Desktop…

Written by Will DrewryFrom operating systems to web browsers, open source software plays a critical role in the operation of the Internet. The security of open source software is therefore quite important, as it often interacts with personal informatio…

Written by Niels Provos, Anti-Malware TeamIt has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running mal…

Posted by Ian FetteWe’ve been targeting malware for over a year and a half, and these efforts are paying off. We are now able to display warnings in search results when a site is known to be malicious, which can help you avoid drive-by downloads and ot…

Written by Chris Evans, Security TeamGoogle encourages its employees to contribute back to the open source community, and there is no exception in Google’s Security Team. Let’s look at some interesting open source vulnerabilities that were located and …

Posted by Will Drewry, Security TeamSecurity testing of applications is regularly performed using fuzz testing. As previously discussed on this blog, Srinath’s Lemon uses a form of smart fuzzing. Lemon is aware of classes of web application threats a…