SecurityRatty: Google Online Security Blog

All Your iFrame Are Point to Us

2008-02-11 13:57:00 by Panayiotis Mavrommatis in Google Online Security Blog

...security, we analyzed the version numbers reported by web servers on which we found malicious pages. Specifically, we looked at the Apache and the PHP versions exported as part of a server's response. We found that over 38% of both Apache and PHP versions were outdated increasing the risk of remote content injection to these servers Our "...

Help us fill in the gaps!

2007-11-29 14:28:00 by Niels Provos in Google Online Security Blog

Posted by Ian Fette We've been targeting malware for over a year and a half , and these efforts are paying off. We are now able to display warnings in search results when a site is known to be malicious, which can help you avoid drive-by downloads and other computer compromises. We are already distributing this data through the Safe Browsing...

Tags: malware, distribute malware, malware sites, safe, avoid drive-by downloads, internet safe, site, google products, display warnings

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog

...Security Team Google encourages its employees to contribute back to the open source community, and there is no exception in Google's Security Team. Let's look at some interesting open source vulnerabilities that were located and fixed by members of Google's Security team. It is interesting to classify and aggregate the code flaws leading to...

Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil

Information flow tracing and software testing

2007-09-17 09:32:00 by Niels Provos in Google Online Security Blog

...information flow tracing using dynamic analysis. Primarily, this work has been aimed at malware and exploit detection and defense. However, none of the resulting software has been made publicly available While Flayer is still in its early stages, it is available for download under the GNU Public License. External contributions and feedback...

Tags: input, flayer marks, initial input samples, flayer, fuzz, fuzz testers require, checks, dynamic analysis framework, sanity checks

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...information that's viewed by another user. An attacker can inject malicious scripts that are executed in the context of the victim's session. The exploit is triggered when a victim visits the website at some point in the future, such as through improperly sanitized blog comments and guestbook entries, which facilitates stored XSS Reflected...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

The reason behind the "We're sorry..." message

2007-07-09 11:54:00 by Niels Provos in Google Online Security Blog

Posted by Niels Provos, Anti-Malware Team Some of you might have seen this message while searching on Google, and wondered what the reason behind it might be. Instead of search results, Google displays the "We're sorry" message when we detect anomalous queries from your network. As a regular user, it is possible to answer a CAPTCHA - a reverse...

Tags: web servers, vulnerable web servers, message, google, worms, google displays, worms pdf, queries, detect anomalous queries

Phishers and Malware authors beware!

2007-06-18 14:59:00 by Niels Provos in Google Online Security Blog

Posted by Brian Rakowski and Garrett Casto, Anti-Phishing and Anti-Malware Teams OK, so it might be a little early to declare victory, but we're excited about the Safe Browsing API we launched today. It provides a simple mechanism for downloading Google's lists of suspected phishing and malware URLs, so now any developer can access the...

Tags: api, google, google desktop, garrett casto, malware urls, brian rakowski, declare victory, simple mechanism, close attention

Thwarting a large-scale phishing attack

2007-06-11 11:35:00 by Niels Provos in Google Online Security Blog

...information. In any case, phishing MySpace became profitable enough (more than phishing more traditional targets) that many of the active phishers began targeting it Interestingly, the attack vector for this new attack appeared to be MySpace itself, rather than the usual email spam. To observe the phishers' actions, we fed them the login...

Tags: myspace, myspace profiles, real myspace content, myspace account, attack, dummy myspace account, phishers move, phishers, lower-value sites

Web Server Software and Malware

2007-06-05 09:30:00 by Niels Provos in Google Online Security Blog

...information and only root URLs were examined, therefore hosts that did not present a root URL (e.g. /index.htm) were not included in the statistics. This may have contributed to the disparity with the Netcraft numbers Amongst Apache servers, about 35% did not report any version information. Presumably the lack of version information is...

Tags: servers serve malware, servers, apache servers, malicious servers, web server software, server software, web servers, microsoft iis, microsoft iis features

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo