Vulnerabilities / Threats
4/25/2012
02:04 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Facebook's Newest Move To Tighten Security

Facebook enlists the help of Microsoft and four other security vendors as it improves defenses against malware, phishing, and spam. One tactic: Block malicious URLs.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)

Facebook on Wednesday said it is working with Microsoft, McAfee, Trend Micro, Sophos, and Symantec to help improve security for its users.

The social networking giant, which plans to go public next month, has become a target for spammers and scammers due to its size. A similar trend happened to Microsoft's Windows in the 90s and has started to happen to Apple's OS X. Any massively popular platform attracts attackers.

To protect its 845 million users, Facebook is integrating malicious URL data provided by its security partners into its URL blacklist system.

[ Is HTC's rumored Facebook phone folly? Read more at Facebook Phone: 4 Reasons Why It's Crazy. ]

"So whenever you click a link on our site, you benefit not just from Facebook's existing protections, but the ongoing vigilance of the world’s leading corporations involved in computer security," the company explains on its security blog.

Keeping its users secure also happens to serve Facebook's best interests, as the site's reason for being involves sharing as a vehicle for advertising. Sharing becomes a lot less appealing when there's a risk of contagion.

Facebook's security partnership isn't just a one-way arrangement. In exchange for access to its partners' valuable security data, Facebook is offering its partners greater visibility through the Facebook AV Marketplace. As its name suggests, AV Marketplace is an online store for downloadable security software from Microsoft, McAfee, Trend Micro, Sophos, and Symantec. And it's not just for Windows users; AV Marketplace also offers security applications for Mac users.

Many Mac users remain skeptical about the need for malware protection, despite the recent Flashback trojan outbreak. Sophos' statistics indicate that one in 36 Macs is infected with OS X malware. The company's data also shows that one in five Macs harbors Windows malware, which could pose a threat to connected Windows machines.

Sophos blogger Carole Theriault celebrates the Facebook partnership while also pointing out that users need to take an active interest in their security. In a blog post, she likened security software to automotive safety features like brakes and seatbelts, noting that if people fail to use them, they're worthless.

"To better safeguard your account, make sure you choose a strong unique password for your Facebook account, and don't tell it to anyone," she wrote. "Look over your privacy settings regularly and carefully choose your configuration. Take care when downloading applications. Only befriend people you know. Report suspicious activity to Facebook."

Sophos's presence among the other security companies is noteworthy because the company has been more than a little bit critical of Facebook security in the past. In a blog post comment, Graham Cluley, senior technology consultant at Sophos, insisted that the beatings will continue.

"We don't have any plans to stop reporting about Facebook security and privacy issues," he wrote.

Perhaps it's too much to hope that Facebook's partnership with five security vendors might mean fewer noteworthy security incidents.

At a time when cybercrime has never been more prolific and sophisticated, budgets are being cut. In response, IT is taking a hard look using third-party services--outsourcing--to meet security challenges. Our Making The Security Outsourcing Decision report outlines the various security outsourcing options available. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.