“Happy Holidays” David said as he poked his head into my office, handing me an unwrapped holiday card featuring a kitten in a Santa hat. As I took it, I nearly dropped a small white envelope that slipped out from inside. The inscription in the card read simply “Best wishes, David – 2010.” “Uh, thanks,Continue reading “For a Lark”
Author Archives: ericlaw
Google Internet Authority G3
For some time now, operating behind the scenes and going mostly unnoticed, Google has been changing the infrastructure used to provide HTTPS certificates for its sites and services. You’ll note that I said mostly. Over the last few months, I’ve periodically encountered complaints from users who try to load a Google site and get an unexpectedContinue reading “Google Internet Authority G3”
Chrome Field Trials
Back in April, we announced: Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode. This is true, but it’s perhaps a little misleading, based on some of the tweets we’ve seen: What isn’t mentioned inContinue reading “Chrome Field Trials”
Stealing your own password is not a vulnerability
By far, the most commonly-reported “vulnerability” reported to the Chrome Vulnerability Rewards program boils down to “I can steal my own password.” Despite having its very own FAQ entry, this gets reported to the VRP at varying levels of breathlessness, sometimes multiple times per day. You can see this “attack” in action: Yes, it’s true,Continue reading “Stealing your own password is not a vulnerability”
Speaking at DevReach 2017
I’ll be delivering two talks (about HTTPS and Fiddler) at the DevReach 2017 conference in Sofia, Bulgaria. It’ll be fun to get back to Europe, and I’m looking forward to seeing old friends and colleagues. Hope to see some of y’all there! -Eric