Category Archives: security

Origin(al) Sins

Video is now up from a talk I gave in October at OWASP’s AppSec USA conference — something of a departure from my usual speil: Origin(al) Sins – Alex Russell from OWASP AppSec USA on Vimeo. I made some pretty glaring errors in the talk: you can’t combine sandboxing with seamlessness for cross-origin content. It’s […]

Perspective Is Not A Liquid Asset

ZDNet has an article out discussing a study that shows that that Chrome’s (Open Source) auto-update system makes the browser more secure than the alternatives. Disclosure: Google co-authored the study. I work for Google, on Chrome. Caveat emptor. Back when I did security for a living, I quickly noted a distinction between those who saw […]

…and if only Google can read your IMs…

Google Talk requires SSL to connect to Google’s XMPP servers, why then isn’t OTR rolled in?


I spent most of the day yesterday in Palo Alto at barcamp. The talks were great, the quality of people who have shown up is mind-blowing for a less than a week of organization. Big shout out to Chris for getting the whole thing put together. Of note from yesterday were Ping’s talk on anti-phishing […]