Posts

• April 14, 2025 Teels: TEE + TLS, for the web
• April 13, 2025 Trusted Execution Environments: A Paranoid Assessment
• March 29, 2025 Security Metrics: Abuse Metrics vs. Security Metrics
• March 9, 2025 Security Metrics: Getting Aggregation Right
• December 4, 2024 Google Blog: Leaving Traditions
• September 9, 2024 XS-Leaks Summit: Stopping XS-Leaks at Scale (v2)
• July 18, 2024 LocoMocoSec: How blocking third-party cookies can fix the web
• July 1, 2024 Security Signals: Measuring Web Security Posture at Scale
• January 22, 2024 Google Blog: A Recipe for Scaling Security
• October 27, 2023 Truly Paranoid Software Updates
• April 18, 2023 Google Blog: Securely Hosting User Data in Modern Web Applications
• November 3, 2022 hiSHtory: Launching on HN and Reddit
• October 15, 2022 hiSHtory: Cross-device Encrypted Syncing Design
• September 26, 2022 hiSHtory: Your shell history in context, synced, and queryable
• March 9, 2022 The limits of the same-origin policy: cross-origin (but same-site) attacks
• January 3, 2022 Log4j Scanning
• October 10, 2021 Stopping XS-Leaks at Scale
• July 6, 2021 DEF CON 29 Presentation: Worming through IDEs
• August 18, 2020 Three More Google Cloud Shell Bugs Explained
• July 21, 2020 Compiler Fun

• 1
• 2
• ›
• »