PHPNews

Behind the Masq: Yet more DNS, and DHCP, vulnerabilities

Written by Google Online Security Blog - Published on Google Online Security Blog
Aggregated on Monday October 2, 2017 - Permalink

Posted by Fermin J. Serna, Staff Software Engineer, Matt Linton, Senior Security Engineer and Kevin Stadmeyer, Technical Program Manager Our team has previously posted about DNS vulnerabilities and exploits . Lately, we’ve been busy reviewing the security of another DNS software package: Dnsmasq . We are writing this to disclose the issues we found and to publicize the patches in an effort to …

Continue reading »


Broadening HSTS to secure more of the Web

Written by Google Online Security Blog - Published on Google Online Security Blog
Aggregated on Wednesday September 27, 2017 - Permalink

Posted by Ben McIlwain, Google Registry The security of the Web is of the utmost importance to Google. One of the most powerful tools in the Web security toolbox is ensuring that connections to websites are encrypted using HTTPS , which prevents Web traffic from being intercepted, altered, or misdirected in transit. We have taken many actions to make the use of HTTPS more widespread, both within …

Continue reading »


Safe Browsing: Protecting more than 3 billion devices worldwide, automatically

Written by Google Online Security Blog - Published on Google Online Security Blog
Aggregated on Monday September 11, 2017 - Permalink

Posted by Stephan Somogyi, Safe Browsing Emeritus and Allison Miller, Security & Privacy [Cross-posted from The Keyword ] In 2007, we launched Safe Browsing, one of Google’s earliest anti-malware efforts. To keep our users safe, we’d show them a warning before they visited a site that might’ve harmed their computers. Computing has evolved a bit in the last decade, though. Smartphones …

Continue reading »


Chrome’s Plan to Distrust Symantec Certificates

Written by Google Online Security Blog - Published on Google Online Security Blog
Aggregated on Monday September 11, 2017 - Permalink

Posted by Devon O’Brien, Ryan Sleevi, Andrew Whalley, Chrome Security This post is a broader announcement of plans already finalized on the blink-dev mailing list . At the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ultimately remove, trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web. This plan, …

Continue reading »


From Chrysaor to Lipizzan: Blocking a new targeted spyware family

Written by Google Online Security Blog - Published on Google Online Security Blog
Aggregated on Wednesday July 26, 2017 - Permalink

Posted by Megan Ruthven Android Security, Ken Bodzak Threat Analysis Group, Neel Mehta Threat Analysis Group Android Security is always developing new ways of using data to find and block potentially harmful apps (PHAs) from getting onto your devices. Earlier this year, we announced we had blocked Chrysaor targeted spyware, believed to be written by NSO Group, a cyber arms company. In the …

Continue reading »


Final removal of trust in WoSign and StartCom Certificates

Written by Google Online Security Blog - Published on Google Online Security Blog
Aggregated on Thursday July 20, 2017 - Permalink

Posted by Andrew Whalley and Devon O'Brien, Chrome Security As previously announced , Chrome has been in the process of removing trust from certificates issued by the CA WoSign and its subsidiary StartCom, as a result of several incidents not in keeping with the high standards expected of CAs. We started the phase out in Chrome 56 by only trusting certificates issued prior to October 21st 2016, …

Continue reading »