An article came out yesterday from Clement Genzmer who is a security engineer at Facebook. His tagline is "searching and destroying malicious links". Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to have them brought to justice. Truthfully, what I'm really in it for is the constructive aspect — an innate feeling and desire to build something new and offer positive "things" to society. And that is what brought my attention to the article about Facebook's evolution in security and safety in the hopes of protecting consumers.
Facebook announced the following security measures in a bid to keep their ecosystem free and clear to enable its users to visit and share their lives without fear of infection. I like having security "just doing its thing" and doing it well. That involves security engineers and researchers to be vigilant and ever testing new products and services. Testing to see that we are ahead of cybercriminals and that our proactive and reactive measures are constantly working.
Might there be a way for miscreants to circumvent these? Sure, and that is why security requires vigilance and a certain amount of passion by its practitioners. Make no doubt about it, as we must pay taxes, so do online thieves (as the physical plane ones) will attempt to steal our information.
I applaud Facebook for working diligently to help bolster its safety and security architecture for what technically can be defined as a world's third largest country. When first responders or Emergency Medical Technicians (EMTs) arrive on a medical scene, the first thing taught in training is to make sure the environement is safe and secure and to ultimately ensure that no further damage is done. Facebook is attempting just that, to ensure that consumers are not damaged by malicious links or account hijackings. Keep up the good efforts and destroy those malicious links!
On Tuesday, Facebook had blogged they are moving to a more secure API platform. A roadmap is provided, and it is a good thing because this is yet another tool from their toolbox to assist in making consumer experience more secure:
This means that the applications folks like to use on Facebook must support secure URL migrating from HTTP to HTTPS. Hopefully this will permit for users to have a fully secure browsing session with Facebook limiting session sniffing (for example strangers in your immediate vicinity on a public WiFi using Firesheep). Watch out for the tell tale sign that you are in HTTPS mode:
Involving industry and security experts to assist in safety and security is key. Together, we win.
Author ESET Research, We Live Security