Monday, September 23, 2019
Google

How Google adopted BeyondCorp: Part 3 (tiered access)

Posted by Daniel Ladenheim, Software Engineer, and Hunter King, Security Engineer Intro This is the third post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal...
Google

Trust but verify attestation with revocation

Posted by Rob Barnes & Shawn Willden, Android Security & Privacy TeamBillions of people rely on their Android-powered devices to securely store their sensitive information. A vital component of the Android security stack is the key attestation system. Android...
Google

Expanding bug bounties on Google Play

Posted by Adam Bacchus, Sebastian Porst, and Patrick Mutchler — Android Security & Privacy We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support. At Google, we understand the strength...
Google

Protecting Chrome users in Kazakhstan

Posted by Andrew Whalley, Chrome SecurityWhen making secure connections, Chrome trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug connections during website development, or...
Google

How Google adopted BeyondCorp: Part 2 (devices)

Posted by Matt McDonald, Software Engineer, and Sebastian Harl, Software Engineer Intro This is the second post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the...
Google

New Research: Lessons from Password Checkup in action

Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse researchBack in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever...
Google

Making authentication even easier with FIDO2-based local user verification for Google Accounts

Posted by Dongjing He, Software Engineer and Christiaan Brand, Product Manager Passwords, combined with Google's automated protections, help secure billions of users around the world. But, new security technologies are surpassing passwords in terms of both strength and convenience. With...
Google

Awarding Google Cloud Vulnerability Research

Posted by Felix Groebert, Information Security EngineeringToday, we’re excited to announce a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. A prize of $100,000.00 will be paid to the reporter of the best vulnerability...
Google

Understanding why phishing attacks are so effective and how to mitigate them

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, Daniela Oliveira, Professor at the University of FloridaPhishing attacks continue to be one of the common forms of account compromise threats. Every day, Gmail blocks more than 100 million phishing emails and...
Google

Adopting the Arm Memory Tagging Extension in Android

Posted by Kostya Serebryany, Google Core Systems, and Sudhi Herle, Android Security & Privacy Team As part of our continuous commitment to improve the security of the Android ecosystem, we are partnering with Arm to design the memory tagging...
Google

Titan Security Keys are now available in Canada, France, Japan, and the UK

Posted by Christiaan Brand, Product Manager, Google Cloud Credential compromise as a result of phishing is one of the most common causes of security breaches. Security keys provide the strongest protection against these types of attacks, and that’s...
Google

Chrome Fuzzer Program Update And How-To

Posted by Max Moroz, Fuzzing Evangelist, and Ned Williamson, Fuzzing Entrepreneur TL;DR We increased the Chrome Fuzzer Program bonus from $500 to $1,000 as part of our recent update of reward amounts. Chrome Fuzzer Program is a part of...
Google

Bigger Rewards for Security Bugs

Posted by Natasha Pabrai and Andrew Whalley, Chrome Security Team Chrome has always been built with security at its core, by a passionate worldwide community as part of the Chromium open source project. We're proud that community includes world...
Google

How Google adopted BeyondCorp

Posted by Lior Tishbi, Program Manager and Puneet Goel, Product Manager It's been almost five years since we released the first of multiple BeyondCorp papers, describing the motivation and design principles that eliminated network-based trust from our internal networks....
Google

Google Public DNS over HTTPS (DoH) supports RFC 8484 standard

Posted by Marshall Vale, Product Manager and Alexander Dupuy, Software EngineerEver since we launched Google Public DNS in 2009, our priority has been the security of DNS resolution. In 2016, we launched a unique and innovative experimental service --...
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...
SC Magazine

Dani Martínez – IOActive

Dani MartínezSecurity ConsultantIOActive Why nominated: Dani Martínez proved to be a self-starter, beginning his career in IT he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez also dove write in and began a cybersecurity blog...
SC Magazine

Maurice Stebila – Harman, a Samsung Company

Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company Why nominated: Maurice Stebila has spent more than 30 years in the automotive, manufacturing and financial services industry supporting two of the world’s largest companies – EDS/General Motors and Harman by Samsung...
SC Magazine

Ed Adams – Security Innovation

Ed AdamsPresident and CEOSecurity Innovation Why Nominated: A highly respected veteran of the cybersecurity industry, Security Innovation CEO Ed Adams has taken on several new leadership roles in the year or so. Last April, he was named to board of directors of...
SC Magazine

David Archer – Galois

David ArcherPrincipal scientistGalois Why Nominated: Archer, an advocate for preserving privacy of data even when it’s used in decision-making both within the U.S. at all levels of government as well as internationally, directs research in privacy-preserving information technologies. Profile:  David Archer is all...