Joe DeBlasio (@[email protected])
@deblasiojSecuring @GoogleChrome's series of tubes. HTTPS, CT, HSTS, usable security, Chrome's VRP, and more. He/him.
Similar User
@arimirian
@zander_supafast
@danluu
@Steph3nSims
@rmhrisk
@deiandelmars
@samselikoff
@jamesm
@davidcadrian
@pbteja1998
@estark37
@clintgibler
@lcamtuf
@FlutterComm
@droidcon
Until 1 December 2023, the first report of a functional full chain exploit in Chrome Browser is eligible for the Full Chain Exploit bonus – TRIPLE the FULL reward amount. Not the first? Any following eligible full chain exploit receives DOUBLE rewards! security.googleblog.com/2023/06/announ…
This app lives to see another day! So while it is up, let me expand. I am defending and looking for industry positions! I’m planning to graduate in April 2023 and looking for jobs starting after. West coast or remote. RTs deeply appreciated while this network still exists!! 1/
I was relying on this app to publicize that I am defending in April! And looking for 2023 jobs! Guess I'll used...LinkedIn...now? TL;DR If you want to understand/improve security processes using data and research science methods, shoot me a note. I'll post more later if I can
Hire her! Your org will be better because of it!
I was relying on this app to publicize that I am defending in April! And looking for 2023 jobs! Guess I'll used...LinkedIn...now? TL;DR If you want to understand/improve security processes using data and research science methods, shoot me a note. I'll post more later if I can
Let’s work together to make the web a safer place! blog.chromium.org/2022/09/announ… #chrome #security #webpki #rootprogram #google
Updating software is essential to security. We (Chrome team) get asked at times why updates are necessary. @davidcadrian helped put together some answers for such folks - chromium.googlesource.com/chromium/src/+….
On Monday, Chrome patched an in-the-wild 0-day, CVE-2022-2294, a buffer overflow in WebRTC. Reported by Avast #itw0days Kudos to the Chrome and WebRTC teams for a 3 day turnaround over a US holiday weekend 👏🏽 chromereleases.googleblog.com/2022/07/stable…
1/ Chrome is developing its own root program to vet and manage trust in CAs, the organizations that issue HTTPS certificates to websites. 🧵
Earlier today, at the CA/Browser Forum Face-to-Face meeting, I announced an updated version of the Chrome Root Program Policy (g.co/chrome/root-po…). Let’s keep working together to make the web a safer place. 🚀🔒🔑
Earlier today, at the CA/Browser Forum Face-to-Face meeting, I announced an updated version of the Chrome Root Program Policy (g.co/chrome/root-po…). Let’s keep working together to make the web a safer place. 🚀🔒🔑
I'm hiring a SWE to work on infrastructure, automation, monitoring, tooling for deciding what organizations Chrome trusts to act as the keys to the internet: careers.google.com/jobs/results/1… D.C. location preferred but open to other locations. PKI experience preferred but not necessary
Are you a strong developer? C++ is your middle name? Interested in PKI? Want to work on the most popular browser in the world? Ping @arw!
our PETS 2022 SoK on Certificate Transparency log auditing is up! arxiv.org/abs/2203.01661 covers why SCT auditing is hard & how it looks similar (or not) to other tricky privacy-preserving reporting in browsers. w/ Sarah Meiklejohn, @deblasioj, @notyetsecure, @modyoloN, Kevin Yeo
This is a proposed EU policy that would mandate that browsers allow EU member states to admit additional CAs to their root programs, whether or not those CAs met the security and trust policies of those browsers. A nightmare for Internet security; worth reading.
"Mozilla and the EFF publish letter [signed by 38 experts] about the danger of Article 45.2" by @ekr____ @mozilla blog.mozilla.org/en/security/mo…
Are you interested in working on Chrome's security team? Do you have experience with Apple platforms? I'm looking for an engineer to join our team and spend most of their time on improving Chrome security on macOS/iOS. Opening added to Chrome-wide list g.co/chrome/hiring.
We have updated our SSL/TLS and PKI History! See the most important events that shaped the SSL/TLS and PKI ecosystem, since 1994. feistyduck.com/ssl-tls-and-pk…
We are approaching a major milestone for the CT ecosystem. The requirement that one Google Log is used is being removed in March 2022. groups.google.com/a/chromium.org…
New reward tier for the Chrome VRP: memory corruption/RCE bugs in highly privileged processes, such as GPU or network process, can now earn you up to $7,000 for a baseline report, $10,000 for a high-quality report, & $15,000 for high-quality reports with a functional exploit!
This is a huge bug. On OSX, Safari users can (temporarily) switch to another browser to avoid their data leaking across origins. iOS users have no such choice, because Apple imposes a ban on other browser engines. safarileaks.com
I turned on "Only use secure connections" in Chrome at new years eve and it has been working surprisingly well. Give it a try!
.@kevincollier is right, for the vast majority of people a VPN is not necessary and public WiFi is not a danger they should worry about. Password phishing is the #1 threat, so a password manager, MFA, and FIDO/Security Keys are the best defense.
United States Trends
- 1. Kendrick 375 B posts
- 2. #AskShadow 11,2 B posts
- 3. Luther 30,8 B posts
- 4. Daniel Jones 42 B posts
- 5. $CUTO 5.582 posts
- 6. Squabble Up 18,1 B posts
- 7. Drake 59,3 B posts
- 8. Kdot 4.406 posts
- 9. TV Off 23,8 B posts
- 10. Wayne 41,7 B posts
- 11. Giants 73,9 B posts
- 12. #TSTTPDSnowGlobe 4.783 posts
- 13. Dodger Blue 6.772 posts
- 14. Kenny 22,1 B posts
- 15. #AyoNicki 3.130 posts
- 16. Reincarnated 22,5 B posts
- 17. Gloria 42 B posts
- 18. One Mic 4.057 posts
- 19. Not Like Us 38 B posts
- 20. Wacced Out Murals 24,7 B posts
Who to follow
-
Ariana Mirian (@[email protected])
@arimirian -
Zander Whitehurst
@zander_supafast -
Dan Luu
@danluu -
Stephen Sims
@Steph3nSims -
Ryan Hurst
@rmhrisk -
Deian Stefan
@deiandelmars -
Sam Selikoff
@samselikoff -
James 🤌🏻
@jamesm -
David Adrian
@davidcadrian -
Bhanu Teja P 🪶
@pbteja1998 -
Emily Stark
@estark37 -
Clint Gibler
@clintgibler -
lcamtuf
@lcamtuf -
Flutter Community
@FlutterComm -
droidcon
@droidcon
Something went wrong.
Something went wrong.