This blog is about web technologies and games with a focus performance and security
April 2016

This post provides an in-depth analysis of the lessons we learned while protecting Gmail users and their inboxes. We felt it was about time to share the key lessons we learned the hard way while protecting Gmail for over a decade, so everyone involved in building an online product can benefit from them. To that effect, with the help of various Gmail safety leaders and long-time engineers, I distilled these lessons into a 25-minute talk for Enigma called “Lessons learned while protecting Gmail”. While such a short talk is great at providing an overview, it forces you to leave out details that provide deeper insights. This blog is, therefore, meant to fill this gap by sharing a more complete explanation for the lessons that need one and it complements my talk on the subject.

March 2016

This blog post recounts how moving this site to a fast joyful responsive design with a lot of images improved session duration by 104% and decreased bounce rate by 53%

February 2016

Big data weaponization and malware-based espionage are usually associated with governments; however, they don’t own a monopoly on such activities. Also, online poker uses big data to profile user behavior. Players search for fish (bad players) and they use malware to spy on and rip off infected players at the (online) poker table. This blog post is a brief tour of some of the darkest aspects of online poker.

January 2016

This post summarizes which equipement the FBI use to seize the content of servers and laptops despite many of them use full disk encryption and which defenses exist.

January 2016

This post looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack. While our research on the state of email delivery security indicates that this attack is less pervasive than the TLS downgrade attack discussed in a previous post, it is equally effective at defeating email in-transit encryption. This post explains how this attack works, how it can be mitigated and to what extent it also affects the security of a website.

January 2016

Follow these ten easy steps to improve your online security and privacy quickly.

December 2015

Over the last two years, the number of encrypted emails received by Gmail has almost doubled, as I reported earlier on the Google security blog. This very encouraging trend is sadly accompanied with an increase of SMTP TLS downgrade attacks, which prevent encryption of emails in transit as discussed in our research paper on the state of email transport security. This blog post explains how such an attack is performed and why there is no simple “patch” for it.

Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.

May 2015

To help Hearthstone players keep track of complex effect outcomes and improve their game play, I created a set cheat sheets. Each sheet cheat provided detailed statistics for a given card that trigger a complex effect such as the piloted shredder “summon a 2-mana cost minion.”

April 2015

To celebrate the new Hearthstone extension, Blackrock Mountain, I’m releasing a Hearthstone 3D card viewer written in pure Javascript. I feel Blackrock Mountain’s release is the perfect opportunity to showcase HTML5’s top notch performance and inspire more people to do cool visualizations on the web. With well over 500 cards, it’s high time to create a tool with powerful filtering and attractive visualization to explore the cards in an interesting fashion that works both on desktops and tablets. Hope you like it  :)

Join the 3542 security minded readers that get the latest posts in their inbox!

Learn About:
  • Cutting edge attacks and how to defend against it.
  • Actionable web security and performance tips.
  • Emerging cyber-security trends.
Enter your email and stay on top of things.
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2016
About Me

Recent entries