Google Services Updated to Address OpenSSL CVE-2014-0160 (the Heartbleed bug)

Google online security - Thu, 2014-04-17 23:36
Posted by Matthew O'Connor, Product Manager
Read more
Categories: Security

Street View and reCAPTCHA technology just got smarter

Google online security - Wed, 2014-04-16 15:31
Posted by Vinay Shet, Product Manager, reCAPTCHA 

Have you ever wondered how Google Maps knows the exact location of your neighborhood coffee shop? Or of the hotel you’re staying at next month? Translating a street address to an exact location on a map is harder than it seems. To take on this challenge and make Google Maps even more useful, we’ve been working on a new system to help locate addresses even more accurately, using some of the technology from the Street View and reCAPTCHA teams.
Read more
Categories: Security

Testing for Heartbleed vulnerability without exploiting the server.

Mozilla security - Sat, 2014-04-12 15:19

Heartbleed is a serious vulnerability in OpenSSL that was disclosed on Tuesday, April 8th, and impacted any sites or services using OpenSSL 1.01 – 1.01.f and 1.0.2-beta1. Due to the nature of the bug, the only obvious way to test a server for the bug was an invasive attempt to retrieve memory–and this could lead to the compromise of sensitive data and/or potentially crash the service.

Read more
Categories: Security

Heartbleed Security Advisory

Mozilla security - Wed, 2014-04-09 06:25

Issue

OpenSSL is a widely-used cryptographic library which implements the TLS protocol and protects communications on the Internet. On April 7, 2014, a bug in OpenSSL known as “Heartbleed” was disclosed (CVE-2014-0160). This bug allows attackers to read portions of the affected server’s memory, potentially revealing data that the server did not intend to reveal.

Impact

Read more
Categories: Security

Google’s Public DNS intercepted in Turkey

Google online security - Sat, 2014-03-29 23:45
Posted by Steven Carstensen, Software Engineer

We have received several credible reports and confirmed with our own research that Google’s Domain Name System (DNS) service has been intercepted by most Turkish ISPs (Internet Service Providers).
Read more
Categories: Security

If you could tell a user three things to do to stay safe online, what would they be?

Google online security - Wed, 2014-03-26 18:32
Posted by Rob Reeder, User Experience Research Team

At Google, we’re constantly trying to improve security for our users. Besides the many technical security features we build, our efforts include educating users with advice about what they can do to stay safe online. Our Safety Center is a great example of this. But we’re always trying to do better and have been looking for ways to improve how we provide security advice to users.
Read more
Categories: Security

Using FuzzDB for Testing Website Security

Mozilla security - Tue, 2014-03-25 21:14

After posting an introduction to FuzzDB I received the suggestion to write more detailed walkthroughs of the data files and how they could be used during black-box web application penetration testing. This article highlights some of my favorite FuzzDB files and discusses ways I’ve used them in the past.

If there are particular parts or usages of FuzzDB you’d like to see explored in a future blog post, let me know.

Read more
Categories: Security

Staying at the forefront of email security and reliability: HTTPS-only and 99.978 percent availability

Google online security - Thu, 2014-03-20 16:53
Posted by Nicolas Lidzborski, Gmail Security Engineering Lead

Cross-posted on the Official Google Blog and Gmail Blog
Read more
Categories: Security

Update on Plugin Activation

Mozilla security - Fri, 2014-02-28 23:24

To provide a better and safer experience on the Web, we have been working to move Firefox away from plugins.

After much testing and iteration, we determined that Firefox would no longer activate most plugins by default and instead opted to let people choose when to enable plugins on sites they visit. We call this feature in Firefox click-to-play plugins.

Read more
Categories: Security
Syndicate content