Security Blog
The latest news and insights from Google on security and safety on the Internet
CAPTCHAs that capture your heart
14 février 2014
Posted by Vinay Shet, Product Manager, reCAPTCHA
Notice something different about
reCAPTCHA
today? You guessed it; those tricky puzzles are now warm and fuzzy just in time for Valentine’s Day. Today across the U.S., we're sharing CAPTCHAs that spread the message of love.
Some examples of Valentine's Day CAPTCHAs
But wait. These look really easy. Does this mean that those pesky bots are going to crack these easy CAPTCHAs and abuse our favorite websites? Not so fast.
A few months ago,
we announced
an improved version of reCAPTCHA that uses advanced risk analysis techniques to distinguish humans from machines. This enabled us to relax the text distortions and show our users CAPTCHAs that adapt to their risk profiles. In other words, with a high likelihood, our valid human users would see CAPTCHAs that they would find easy to solve. Abusive traffic, on the other hand, would get CAPTCHAs designed to stop them in their tracks. It is this same technology that enables us to show these Valentine’s Day CAPTCHAs today without reducing their anti-abuse effectiveness.
But that’s not all. Over the last few months, we’ve been working hard to improve the audio CAPTCHA experience. Our adaptive CAPTCHA technology has, in many cases, allowed us to relax audio distortions and serve significantly easier audio CAPTCHAs. We’ve served over 10 million easy audio CAPTCHAs to users worldwide over the last few weeks and have seen great success rates. We hope to continue enhancing our accessibility option in reCAPTCHA in the months to come. Take a listen to this sample of easy audio CAPTCHA:
Your browser does not support this audio
We’re working hard to improve people’s experience with reCAPTCHA without compromising on the spam and abuse protection you’ve come to trust from us. For today, we hope you enjoy our Valentine’s Day gift to you.
Security Reward Programs Update
4 février 2014
Posted by Eduardo Vela Nava and Michal Zalewski, Google Security Team
From investing our time in doing
security research
to paying for
security bugs
and
patches
, we've really enjoyed and benefited from our involvement with the security community over the past few years. To underscore our commitment, we want to announce yet another increase in payments since we started our reward programs.
Starting today, we will broaden the scope of our
vulnerability reward program
to also include all Chrome apps and extensions developed and branded as "
by Google
." We think developing Chrome extensions securely is relatively easy (given our
security guidelines
are followed), but given that extensions like
Hangouts
and
GMail
are widely used, we want to make sure efforts to keep them secure are rewarded accordingly.
The rewards for each vulnerability will range from the usual
$500
up to
$10,000
USD and will depend on the permissions and the data each extension handles. If you find a vulnerability in any Google-developed Chrome Extensions, please contact us at
goo.gl/vulnz
.
In addition, we decided to substantially increase the reward amounts offered by our
Patch Reward Program
. The program encourages and honors proactive security improvements made to a range of open-source projects that are critical to the health of the Internet in recognition of the painstaking work that's necessary to make a project resilient to attacks.
Our new reward structure is:
$10,000
for complicated, high-impact improvements that almost certainly prevent major vulnerabilities in the affected code.
$5,000
for moderately complex patches that provide convincing security benefits.
Between
$500
and
$1,337
for submissions that are very simple or that offer only fairly speculative gains.
We look forward to ongoing collaboration with the broader security community, and we'll continue to invest in these programs to help make the Internet a safer place for everyone.
Keeping YouTube Views Authentic
4 février 2014
Posted by Philipp Pfeiffenberger, Software Engineer
YouTube isn’t just a place for videos, it’s a place for meaningful human interaction. Whether it’s views, likes, or comments, these interactions both represent and inform how creators connect with their audience. That’s why we take the accuracy of these interactions very seriously. When some bad actors try to game the system by artificially inflating view counts, they’re not just misleading fans about the popularity of a video, they’re undermining one of YouTube’s most important and unique qualities.
As part of our long-standing effort to keep YouTube authentic and full of meaningful interactions, we’ve begun periodically auditing the views a video has received. While in the past we would scan views for spam immediately after they occurred, starting today we will periodically validate the video’s view count, removing fraudulent views as new evidence comes to light. We don’t expect this approach to affect more than a minuscule fraction of videos on YouTube, but we believe it’s crucial to improving the accuracy of view counts and maintaining the trust of our fans and creators.
As YouTube creators, we ask you to be extra careful when working with third-party marketing firms; unfortunately some of them will sell you fake views. If you need help promoting your video, please review our posts about
working with third party view service providers
and
increasing YouTube views
.
Libellés
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2024
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2023
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2022
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2021
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2020
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2019
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2018
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2017
déc.
nov.
oct.
sept.
juill.
juin
mai
avr.
mars
févr.
janv.
2016
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2015
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
janv.
2014
déc.
nov.
oct.
sept.
août
juill.
juin
avr.
mars
févr.
janv.
2013
déc.
nov.
oct.
août
juin
mai
avr.
mars
févr.
janv.
2012
déc.
sept.
août
juin
mai
avr.
mars
févr.
janv.
2011
déc.
nov.
oct.
sept.
août
juill.
juin
mai
avr.
mars
févr.
2010
nov.
oct.
sept.
août
juill.
mai
avr.
mars
2009
nov.
oct.
août
juill.
juin
mars
2008
déc.
nov.
oct.
août
juill.
mai
févr.
2007
nov.
oct.
sept.
juill.
juin
mai
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.