In this work we present Picasso: a lightweight device class fingerprinting protocol that allows a server to verify the software and hardware stack of a mobile or desktop client.
This post discusses practical attacks against poker cheating devices designed to detect and jam these devices.
Research on how the the ecosystem of commercial pay-per-install (PPI) is structured and the role it plays in the proliferation of unwanted software
Here are the 5 ways I bulletproof my credit cards against identity theft, and you can use them yourself very easily. As a bonus, at the end of the post I have added an experimental step to defend against the recent chip downgrading attack.
Every year, close to 600,000 sites are hacked. Given the scale of the problem, notifying users to prevent harm and webmasters so they can clean up their sites is critical to combat hacking. This post looks at the effectiveness of the current warning strategies used by Google and their long-term impact.
This paper study the blackhat cloaking techniques used by deceptive websites to hide bad content from search engine crawler and security scanners.
In this paper we summarize how the Internet blackmarket is structured and what anti-abuse strategies has been found effective against it.
Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.
Research about the security and memorability of secret questions based of their deployment at Google. This paper won best student paper award at WWW'15.
Research study on how malicious and unwanted actors tamper directly with browser sessions for their own profit. Based of measurement done at Google this study also illuminate the scope and negative impact of ads injection.
Study of how manual account hijacking is performed based of Google data. Research include an analysis of the hijacking workflow and the best defense strategies to defend against such adversaries.