How Google App Engine have More than 30 Vulnerabilities


Security researchers have discovered a number of critical vulnerabilities in the Java environment of the Google App Engine (GAE) that enables attackers to bypass critical security sandbox defenses. Google App Engine is Google’s PaaS (Platform as a Service) Cloud computing Platform for developing and hosting web applications in Googlemanaged data centers. GAE offers to run custom-built programs using a wide variety of popular languages and frameworks, out of which many are built on the Java environment.
The vulnerabilities was reported by Security Explorations, the same security research company that carried out multiple researches related to Java in past. The discovery was announced on the Full Disclosure security mailing list by Adam Gowdiak, founder and CEO of Security Explorations.

Continue reading

Advertisements

2-Step Verification USB-Based Security Key Launches by Google


Google has announced new supporting system for two-factor authentication for its websites,Chrome desktop browser.The existing 2 step verification system is based on you enter password key that based on six-digit code that you receive vis SMS or Call on your mobile app.Google announced its enhanced two-step verification service that is based on a physical USB key, adding an another layer of security to protect its users from hackers and other forms of online theft.Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. Continue reading