Good news: vulnerable browser plugins like Java and Flash are on their way out, and new browsers install security updates automatically. But are we out of the woods yet? Despite advances in security, there are still many at-risk users that are targeted by exploits. Add to the mix deceptive sites that lead to unwanted software with access to client systems beyond the wildest dreams of attackers, and the continued danger on the Web leaves the security industry breathless, end users with compromised systems, and bad blood all around. Kelly Harrington discusses how attackers are still trying to find success in 2016 and what Google Safe Browsing is doing to keep users safe and sound online.
Kelly reviews modern and treacherous drive-by download attacks that silently take over a user’s browser or even their local network infrastructure and explores social engineering-style attacks that trick users into revealing sensitive information or installing malware. Kelly concludes with a discussion of the thriving pay-per-install web vertical that leads users into installing unwanted software and extensions, when they just should have said no.
But shake it off, infosec defenders—in addition to outlining these threats, Kelly focuses on Google Safe Browsing’s efforts to make the Web safe and enable defenders like you to protect users, outlining technical advances and policy changes currently under way. Be fearless. . .Safe Browsing will work on this problem forever and always.
Kelly Hope Harrington is a senior software engineer on the safe browsing team at Google, where she focuses on detection of web-based threats and outreach to webmasters. In her 20% time, she coleads Google’s presence at the San Francisco Pride Parade. Kelly holds a BS in computer science from Carnegie Mellon University, where she took a special interest in computer security and linguistics.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com