Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/25/2012
02:04 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Facebook's Newest Move To Tighten Security

Facebook enlists the help of Microsoft and four other security vendors as it improves defenses against malware, phishing, and spam. One tactic: Block malicious URLs.

6 Social Sites Sitting On The Cutting Edge
6 Social Sites Sitting On The Cutting Edge
(click image for larger view and for slideshow)

Facebook on Wednesday said it is working with Microsoft, McAfee, Trend Micro, Sophos, and Symantec to help improve security for its users.

The social networking giant, which plans to go public next month, has become a target for spammers and scammers due to its size. A similar trend happened to Microsoft's Windows in the 90s and has started to happen to Apple's OS X. Any massively popular platform attracts attackers.

To protect its 845 million users, Facebook is integrating malicious URL data provided by its security partners into its URL blacklist system.

[ Is HTC's rumored Facebook phone folly? Read more at Facebook Phone: 4 Reasons Why It's Crazy. ]

"So whenever you click a link on our site, you benefit not just from Facebook's existing protections, but the ongoing vigilance of the world’s leading corporations involved in computer security," the company explains on its security blog.

Keeping its users secure also happens to serve Facebook's best interests, as the site's reason for being involves sharing as a vehicle for advertising. Sharing becomes a lot less appealing when there's a risk of contagion.

Facebook's security partnership isn't just a one-way arrangement. In exchange for access to its partners' valuable security data, Facebook is offering its partners greater visibility through the Facebook AV Marketplace. As its name suggests, AV Marketplace is an online store for downloadable security software from Microsoft, McAfee, Trend Micro, Sophos, and Symantec. And it's not just for Windows users; AV Marketplace also offers security applications for Mac users.

Many Mac users remain skeptical about the need for malware protection, despite the recent Flashback trojan outbreak. Sophos' statistics indicate that one in 36 Macs is infected with OS X malware. The company's data also shows that one in five Macs harbors Windows malware, which could pose a threat to connected Windows machines.

Sophos blogger Carole Theriault celebrates the Facebook partnership while also pointing out that users need to take an active interest in their security. In a blog post, she likened security software to automotive safety features like brakes and seatbelts, noting that if people fail to use them, they're worthless.

"To better safeguard your account, make sure you choose a strong unique password for your Facebook account, and don't tell it to anyone," she wrote. "Look over your privacy settings regularly and carefully choose your configuration. Take care when downloading applications. Only befriend people you know. Report suspicious activity to Facebook."

Sophos's presence among the other security companies is noteworthy because the company has been more than a little bit critical of Facebook security in the past. In a blog post comment, Graham Cluley, senior technology consultant at Sophos, insisted that the beatings will continue.

"We don't have any plans to stop reporting about Facebook security and privacy issues," he wrote.

Perhaps it's too much to hope that Facebook's partnership with five security vendors might mean fewer noteworthy security incidents.

At a time when cybercrime has never been more prolific and sophisticated, budgets are being cut. In response, IT is taking a hard look using third-party services--outsourcing--to meet security challenges. Our Making The Security Outsourcing Decision report outlines the various security outsourcing options available. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23534
PUBLISHED: 2021-02-25
A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
CVE-2021-27330
PUBLISHED: 2021-02-25
Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
CVE-2021-3124
PUBLISHED: 2021-02-25
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
CVE-2021-21064
PUBLISHED: 2021-02-25
Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path traversal vulnerability in Magento UPWARD Connector version 1.1.2 (and earlier) due to the upload feature. An attacker could potentially exploit this vulnerability to upload a malicious YAML file that can contain instructions which...
CVE-2021-21065
PUBLISHED: 2021-02-25
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.