Google Shares Its Security Secrets 106
Stony Stevenson writes "Google presents a big fat target for would-be hackers and attackers. At the RSA conference Google offered security professionals a look at its internal security systems. Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained how the company handles constant pressure and scrutiny from attackers. In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value.' The program includes mandatory security training for developers, a set of in-house security libraries, and code reviews by both Google developers and outside security researchers."
Frankly, they haven't impressed me (Score:1, Interesting)
I admit, that guy was the worst of the bunch, but but I continue to be unimpressed by their security people. It's a shame too. I know for a fact they have some really bright people, but none of them appear to be in the security space.
malware infiltrates google searches (Score:4, Interesting)
This article at the San Francisco Chronicle [sfgate.com] doesn't tell me exactly what is going on, but apparently there is the potential for 7 of 10 search results to return malware.
My mother heard about this on the TV news, but the above was all I could find. Anyone else have any more detail?
Punch "gmail xss" into your search bar... (Score:2, Interesting)
Re:The advantage of being an internet company (Score:2, Interesting)
Programmers don't care about security (Score:1, Interesting)
Re:More PHD Cowbell (Score:3, Interesting)
That's kinda scary (Score:4, Interesting)
So I tried to get in touch with their postmaster group. Only they don't have one [postini.com]. And I tried to check their feedback loop [emaillabs.com]. Only they don't have one. As a shareholder, I even wrote to Investor Relations [google.com]. No response. In the process, I found out that they have a universally awful reputation among the mail delivery community.
In the end, all they could tell me was that their system decided my mail was spam because - I kid you not - their system had, previously, decided my mail was spam. Which, of course, increases my spamminess score. And so on, and so on, until we're all using the same shampoo.
So, to recap: The guy in charge of keeping Google secure, Scott Petry, is the guy who invented a system that bit-buckets your e-mail, with absolutely no accountability, no sanity checks, no industry best practices... because of guilt by association WITH YOURSELF.
Be afraid. Be very afraid.
Re:So, explain ... (Score:3, Interesting)
If you had a reasonable time limit in which to solve the captcha, it would certainly make it harder to farm out.
Of course, Google's captcha was broken algorithmically, wasn't it?