Blog Profile / Google Online Security Blog

Filed Under:Technology / Google
Posts on Regator:115
Posts / Week:0.7
Archived Since:April 5, 2015

Blog Post Archive

Android Security 2017 Year in Review

Posted by Dave Kleidermacher, Vice President of Security for Android, Play, ChromeOS Our team’s goal is simple: secure more than two billion Android devices. It’s our entire focus, and we’re constantly working to improve our protections to keep users safe.Today, we’re releasing our fourth annual Android Security Year in Review. Show More Summary

Distrust of the Symantec PKI: Immediate action needed by site operators

Posted by Devon O’Brien, Ryan Sleevi, Emily Stark, Chrome security team We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). Show More Summary

A secure web is here to stay

Posted by Emily Schechter, Chrome Security Product Manager Team For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Show More Summary

Vulnerability Reward Program: 2017 Year in Review

Posted by Jan Keller, Google VRP Technical Pwning Master As we kick-off a new year, we wanted to take a moment to look back at the Vulnerability Reward Program in 2017. It joins our past retrospectives for 2014, 2015, and 2016, and shows...Show More Summary

Announcing turndown of the deprecated Google Safe Browsing APIs

Posted by Alex Wozniak, Software Engineer, Safe Browsing Team In May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect...Show More Summary

Android Security Ecosystem Investments Pay Dividends for Pixel

Posted by the Android security team [Cross-posted from the Android Developers Blog]In June 2017, the Android security team increased the top payouts for the Android Security Rewards (ASR) program and worked with researchers to streamline the exploit submission process. Show More Summary

More details about mitigations for the CPU Speculative Execution issue

Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program Manager Yesterday, Google’s Project Zero team posted detailed technical information on three variants of a new security issue involving speculative execution on many modern CPUs. Show More Summary

Today's CPU vulnerability: what you need to know

Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program Manager [Google Cloud, G Suite, and Chrome customers can visit the Google Cloud blog for details about those products][For more technical details about...Show More Summary

Securing communications between Google services with Application Layer Transport Security

Posted by Cesar Ghali and Julien Boeuf, Engineers on the Security & Privacy Team At Google, protection of customer data is a top priority. One way we do this is by protecting data in transit by default. We protect data when it is sent to Google using secure communication protocols such as TLS (Transport Layer Security). Show More Summary

Additional protections by Safe Browsing for Android users

Posted by Paul Stanton, Safe Browsing Team In our efforts to protect users and serve developers, the Google Safe Browsing team has expanded enforcement of Google's Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android. Show More Summary

Tizi: Detecting and blocking socially engineered spyware on Android

Posted by Anthony Desnos, Megan Ruthven, and Richard Neal, Google Play Protect security engineers and Clement Lecigne, Threat Analysis Group Google is constantly working to improve our systems that protect users from Potentially Harmful Applications (PHAs). Show More Summary

Lock it up! New hardware protections for your lock screen with the Google Pixel 2

Posted by Xiaowen Xin, Android Security Team The new Google Pixel 2 ships with a dedicated hardware security module designed to be robust against physical attacks. This hardware module performs lockscreen passcode verification and protects...Show More Summary

New research: Understanding the root cause of account takeover

Posted by Kurt Thomas, Anti-Abuse Research; Angelika Moscicki, Account Security Account takeover, or ‘hijacking’, is unfortunately a common problem for users across the web. More than 15% of Internet users have reported experiencing the takeover of an email or social networking account. Show More Summary

Introducing the Google Play Security Reward Program

Posted by Renu Chaudhary, Android Security and Rahul Mishra, Program Manager We have long enjoyed a close relationship with the security research community. To recognize the valuable external contributions that help us keep our users...Show More Summary

Behind the Masq: Yet more DNS, and DHCP, vulnerabilities

Posted by Fermin J. Serna, Staff Software Engineer, Matt Linton, Senior Security Engineer and Kevin Stadmeyer, Technical Program Manager Our team has previously posted about DNS vulnerabilities and exploits. Lately, we’ve been busy reviewing the security of another DNS software package: Dnsmasq. Show More Summary

Broadening HSTS to secure more of the Web

Posted by Ben McIlwain, Google Registry The security of the Web is of the utmost importance to Google. One of the most powerful tools in the Web security toolbox is ensuring that connections to websites are encrypted using HTTPS, which prevents Web traffic from being intercepted, altered, or misdirected in transit. Show More Summary

Safe Browsing: Protecting more than 3 billion devices worldwide, automatically

Posted by Stephan Somogyi, Safe Browsing Emeritus and Allison Miller, Security & Privacy [Cross-posted from The Keyword]In 2007, we launched Safe Browsing, one of Google’s earliest anti-malware efforts. To keep our users safe, we’d show them a warning before they visited a site that might’ve harmed their computers. Show More Summary

Chrome’s Plan to Distrust Symantec Certificates

Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome Security This post is a broader announcement of plans already finalized on the blink-dev mailing list.At the end of July, the Chrome team and the PKI community converged upon...Show More Summary

Final removal of trust in WoSign and StartCom Certificates

Posted by Andrew Whalley and Devon O'Brien, Chrome Security As previously announced, Chrome has been in the process of removing trust from certificates issued by the CA WoSign and its subsidiary StartCom, as a result of several incidents...Show More Summary

Announcing Google Capture the Flag 2017

Posted by Josh Armour Security Program Manager On 00:00:01 UTC of June 17th and 18th, 2017 we’ll be hosting the online qualification round of our second annual Capture The Flag (CTF) competition. In a ‘Capture the Flag’ competition we create security challenges and puzzles in which contestants can earn points for solving them. Show More Summary

Copyright © 2015 Regator, LLC