Category: Facebook

Facebook-Capture-the-flag-ctfHacking into computer, networks and websites could easily land you in jail. But what if you could freely test and practice your hacking skills in a legally safe environment? Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks. The CTF program is an effective way of identifying young people with exceptional computer skills, as well as teaching beginners about common and advanced exploitation techniques to ensure they develop secure programs that cannot be easily compromised.

 

Anonymous-Web-Surfing-Surf-AnonymouslyFacebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that’s accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten months.

Facebook-Certificate-Transparency-Log-Monitoring-ServiceEarlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive information and communication, as well as authenticate systems and Internet users. The Online Privacy relies heavily on SSL/TLS Certificates and encryption keys to protect millions of websites and applications. As explained in our previous article on The Hacker News, the current Digital Certificate Management system and trusted Certificate Authorities (CAs) are not enough to prevent misuse of SSL certificates on the internet.

Read more at
http://thehackernews.com/2016/04/certificate-transparency-monitoring.html

 

SecurityFacebook is making it easier for developers to build post-password apps.

The social network introduced Account Kit this week at its F8 developer conference. Using the Account Kit SDK, app developers and site owners can let users log in without passwords—instead, they can use their phone number or email address—or Facebook login (an existing feature). It does not require people to have a Facebook account.

Chris Webber, security strategist for Centrify, said that the move will help users learn how to use mobile authenticators.

“With more and more consumer companies leveraging mobile devices for SMS-based authentication, users are going to grow familiar with this new authentication paradigm more quickly—which is great for both consumer and business-related security,” he said via email. “I’m sure that we’ll see cranky nay–sayers commenting across the internet. They’ll try to sound smart and assert that mobile devices can be lost or stolen, or that people can be out of coverage range and not receive an SMS notification, and so mobile authenticators have drawbacks. These people are missing the point entirely, and don’t understand that passwords alone provide next to no protection in today’s world. Mobile authentication raises the bar for security, and makes it much harder for attackers.”

Read more at
http://www.infosecurity-magazine.com/news/facebook-moves-to-kill-app/