This talk showcases how attacks against corporate inboxes differ from the attack we observe against personal inbox from a Gmail perspective.
Research on how the the ecosystem of commercial pay-per-install (PPI) is structured and the role it plays in the proliferation of unwanted software
Every year, close to 600,000 sites are hacked. Given the scale of the problem, notifying users to prevent harm and webmasters so they can clean up their sites is critical to combat hacking. This post looks at the effectiveness of the current warning strategies used by Google and their long-term impact.
Research about the security and memorability of secret questions based of their deployment at Google. This paper won best student paper award at WWW'15.
Research study on how malicious and unwanted actors tamper directly with browser sessions for their own profit. Based of measurement done at Google this study also illuminate the scope and negative impact of ads injection.
Study of how manual account hijacking is performed based of Google data. Research include an analysis of the hijacking workflow and the best defense strategies to defend against such adversaries.
Paper about a novel generic approach to solving captchas using a single step that uses machine learning to attack the segmentation and the recognition problems simultaneously. Our tests show that this approac is able solve all the real world captcha schemes evaluated including Yahoo (5.33%) and ReCaptcha (33.34%), without any adjustments to the algorithm or its parameters. Our success against the Baidu (38.68%) and CNN (51.09%) schemes that use occluding lines as well as character collapsing leads us to believe that our approach is able to defeat occluding lines in an equally general manner.
This paper we describe how we designed a new CAPTCHA schemes for Google that focus on maximizing usability. Our new scheme which is now an integral part of Google sign-up and is served to millions of users, achieved a 95.3% human accuracy, a 6.7% improvement compared to the old one.