Confirming the validity/ownership of a Android Signing Certificate

I have a certificate that says the application was signed by Google, but on multiple searches I have reason to believe that it’s not actually a google signing certificate.

Is there a way to query google for their approved signing certificates to check the validity?

- Issuer: CN=Android, OU=Android, O=Google Inc., L=Mountain View, ST=California, C=US - Serial number: c2e08746644a308d - Valid from: Thu Aug 21 17:13:34 MDT 2008 until: Mon Jan 07 16:13:34 MST 2036 - Certificate fingerprints: - SHA1: 38:91:8A:45:3D:07:19:93:54:F8:B1:9A:F0:5E:C6:56:2C:ED:57:88 - SHA256: F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83 - Signature algorithm name: MD5withRSA (weak) - Subject Public Key Algorithm: 2048-bit RSA key - Version: 3 

Security risks in confirming the username instead of confirming the username and password combination [duplicate]

This question already has an answer here:

  • Is it unsafe to show message that username/account does not exist at login? [duplicate] 7 answers

Most of the login pages like Google, Outlook and Yahoo! confirm the username first and then ask for a password instead of confirming the username and password combination altogether. Isn’t it less safe to go with the former practice as the intruder can guess the username first and then guess the password? whereas in the later case the intruder has to go with guessing both the options?

Also is there a website where I can find the industrial standards for the login flow?

Is confirming an action using a second click on the same button a good idea?

I’m working on my first (mildly) significant web app, which comprises multiple pages and a modal dialog for entering/editing/deleting information. One view displays a tabular list of objects and offers the user the chance to edit (in a modal dialog) or delete objects individually.

I want to ask the user for confirmation before performing a destructive action, but I’d rather not use:

  • window.confirm("...") – too clunky
  • Angular/Boostrap/jQuery/other modal – visually better, more customisable, but lots of mouse movement back and forth if deleting multiple objects.

I’ve seen (but cannot currently find again) a solution which I think was described as a “modal button”. Its initial label signifies the action (‘Delete’). On first click, the label changes to ask for confirmation (“Are you sure?”). A second click invokes the action. Alternatively, mousing away cancels the action. The two clicks must be greater than some minimum time interval apart so that a quick double-click doesn’t invoke the action.

To me, this feels like quite a nice way of asking for confirmation, but is it an established pattern? Or too unconventional? Are there existing implementations out there?

Edited to add:

The modal button implementation I was thinking of : http://bl.ocks.org/mbostock/584742

Confirming Chromebooks in Possible Botnet Attack

I’ve been seeing Chromebooks at 5 different schools exhibiting the same behavior, spoofing their own IP address as 100.115.92.1 and sending packets to OpenDNS or AWS addresses. I’m guessing this is part of a DNS reflection attack.

This is even occurring when schools have locked down the Chromebooks well, disallowing extensions, developer mode, and personal (non-organization) logins.

The Chromebooks are on their own SSIDs and VLANs where the packets are originating, so I don’t think the MAC addresses are being spoofed. The 5 schools are mostly unrelated as organizations, but their networks and technology are entirely separate.

So far, the firewall seems to be catching the spoofed packets and dropping them, but I’m hoping to find a way to find the cause and eliminate it.

Google support has run out of ideas, so if anyone has any insight into how I might locate what seems to be some Chrome OS malware, or is seeing this issue as well, I’d love to hear from you.