Hacker News
- Google pulling China CNNIC CA from its products http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html?m=1 159 comments
- HTTPS as a ranking signal http://googleonlinesecurity.blogspot.com/2014/08/https-as-ranking-signal_6.html 206 comments
- Announcing Project Zero http://googleonlinesecurity.blogspot.com/2014/07/announcing-project-zero.html 81 comments
- A roster of TLS cipher suites weaknesses http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html 10 comments
- Gmail security warnings for suspected state-sponsored attacks http://googleonlinesecurity.blogspot.com/2012/06/security-warnings-for-suspected-state.html 111 comments
- Chrome to block insecure resources by default http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html 36 comments
- Improving SSL certificate security http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certificate-security.html 13 comments
Lobsters
- POODLE: SSL 3.0 fallback exploit http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html 5 comments networking , security
- Google Search using HTTPS as a ranking signal http://googleonlinesecurity.blogspot.com/2014/08/https-as-ranking-signal_6.html 4 comments practices , security
- CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html 3 comments lowlevel
- CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html 32 comments linux
- Over the course of the coming weeks, Google will be moving to distrust the “Class 3 Public Primary CA” root certificate operated by Symantec Corporation, across Chrome, Android, and Google products. https://googleonlinesecurity.blogspot.com/2015/12/proactive-measures-in-digital.html 19 comments sysadmin
- More security for chess.com users? https://googleonlinesecurity.blogspot.com/2011/11/protecting-data-for-long-term-with.html 5 comments chess
- Google smacks Symantec down over bad certs https://googleonlinesecurity.blogspot.com/2015/10/sustaining-digital-certificate-security.html 172 comments sysadmin
- Google Online Security Blog: Strengthening 2-Step Verification with Security Key http://googleonlinesecurity.blogspot.com/2014/10/strengthening-2-step-verification-with.html 3 comments sysadmin
- Strengthening 2-Step Verification with Security Key http://googleonlinesecurity.blogspot.com/2014/10/strengthening-2-step-verification-with.html 10 comments crypto
- Fewer bugs, mo’ money - Update to the Google Chrome vulnerability rewards program http://googleonlinesecurity.blogspot.com/2014/09/fewer-bugs-mo-money.html 3 comments netsec
- Google - Gradually sunsetting SHA-1 http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html 25 comments programming
- HTTPS webpages will rank higher on Google Search http://googleonlinesecurity.blogspot.com.es/2014/08/https-as-ranking-signal_6.html 57 comments privacy
- India CCA (included in MS Root Store) trust breached http://googleonlinesecurity.blogspot.com/2014/07/maintaining-digital-certificate-security.html 8 comments sysadmin
- Unauthorized SSL certs issued by National Informatics Centre in India for Google domains http://googleonlinesecurity.blogspot.com/2014/07/maintaining-digital-certificate-security.html 11 comments netsec
- Google announces End-to-End Chrome extension alpha for sending secure emails with OpenPGP http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html 56 comments technews
- 91.4% of non-spam emails sent to Gmail users come from authenticated senders using DKIM & SPF http://googleonlinesecurity.blogspot.com/2013/12/internet-wide-efforts-to-fight-email.html 54 comments sysadmin
- Google Online Security Blog: Iranian phishing on the rise as elections approach http://googleonlinesecurity.blogspot.com/2013/06/iranian-phishing-on-rise-as-elections.html?m=1 4 comments netsec
- Google Online Security Blog: Google Public DNS Now Supports DNSSEC Validation http://googleonlinesecurity.blogspot.com/2013/03/google-public-dns-now-supports-dnssec.html?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3A+googleonlinesecurityblog+%28google+online+security+blog%29 7 comments netsec
- Chrome detects fake *.google.com SSL cert, Turkish CA admits issuing intermediate CA certs to 3rd parties in 2011 http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html 52 comments netsec
- Google Talks About the Dangers of User Content http://googleonlinesecurity.blogspot.com/2012/08/content-hosting-for-modern-web.html 28 comments programming
- Google Accounts: Security warnings for suspected state-sponsored attacks (from Google Online Security Blog) http://googleonlinesecurity.blogspot.com/2012/06/security-warnings-for-suspected-state.html 56 comments netsec
- Is SSL "man-in-the-middle" viable for filtering HTTPS traffic on a LAN? http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html 69 comments netsec
- Google Raises Bug Bounties Across the Board http://googleonlinesecurity.blogspot.com/2012/04/spurring-more-vulnerability-research.html 7 comments netsec
- Trends in Circumventing Web-Malware Detection http://googleonlinesecurity.blogspot.com/2011/08/four-years-of-web-malware.html 2 comments netsec
- Fuzzing at scale - the story of how Google employees found ~100 security bugs in Adobe Flash http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html 43 comments netsec
- Google announces new login method to keep your password much safer than it currently is. This is huge. http://googleonlinesecurity.blogspot.com/2011/02/advanced-sign-in-security-for-your.html 7 comments reddit.com
- Google to pay hackers who find vulnerabilities http://googleonlinesecurity.blogspot.com/2010/11/rewarding-web-application-security.html 8 comments programming
- Google launches vulnerability rewards program for Google web properties http://googleonlinesecurity.blogspot.com/2010/11/rewarding-web-application-security.html 4 comments netsec
- Google to add option for SMS-based verification at login (ie. Username/password, then enter the code they just texted you) http://googleonlinesecurity.blogspot.com/2010/09/moving-security-beyond-passwords.html 3 comments technology
- Google to offer two factor authentication. http://googleonlinesecurity.blogspot.com/2010/09/moving-security-beyond-passwords.html 3 comments netsec
- Google's take on the right approach to reporting and fixing software vulnerabilities http://googleonlinesecurity.blogspot.com/2010/07/rebooting-responsible-disclosure-focus.html 11 comments programming
- Google's latest method of highlighting suspicious Gmail account activity - a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert. http://googleonlinesecurity.blogspot.com/2010/03/detecting-suspicious-account-activity.html 13 comments technology
- Keyczar: Safe and Simple Cryptography http://googleonlinesecurity.blogspot.com/2008/08/keyczar-safe-and-simple-cryptography.html 14 comments programming
Linking pages
- The one essential truth of computer security | CSO Online http://www.infoworld.com/d/security-central/one-essential-truth-computer-security-028 22 comments
- Looking back at 9 years of Hacker News http://debarghyadas.com/writes/looking-back-at-9-years-of-hacker-news/ 0 comments
- Web Application Security - Incompleteness http://getahead.org/blog/joe/2007/10/29/web_application_security.html 0 comments