Google phishing campaign hosted on Google's Firebase platform

Earlier this week I discovered an interesting phishing mail that had been caught by the anti-spam measures we deploy for our e-mail customers. Well, to be fair, the phishing attack itself was not anything new or sophisticated, but the choice of hosting provider was rather interesting.

Oh my God, they killed HPKP!

This week Google went ahead and removed support for HTTP Public Key Pinning (HPKP) from Chromium after some initial stumbles. The change was committed and tagged for Chromium 72.0.x and can now be observed by users of Chrome Canary.

How long does it take before Google starts de-indexing your pages on server failure

I recently got the opportunity to discover how long Google would keep showing my content on the search engine result pages when my web server was unavailable. Predictably, I only had a short window of time before my content got removed. And the first content to go was my top ranking pages. Last month I was managing some DNS records and accidentally wiped the A-record for, making this blog effectively unavailable.

How to keep duplicate WordPress content out of search engines

Last year I discovered that some of my content had been deleted from Google’s index. After confirming that Googlebot could still access the post in question and excluding every possibility of accidentally blocking Googlebot (robots.txt, firewall rules etc.), I opted to resubmit the post for indexing using Google search console.

Chrome Web Store – Your new one stop shop for malware and spam

While installing some apps and extensions from the Chrome web store I noticed that there were a few well known products delivered by developers totally unknown to me (and Google search). LastPass, AVG AntiVirus, Snapchat, Viber and others were available sporting their trademark name and logo, but from publishers without any affiliation with the actual brand.