Facebook Launches ThreatExchange – Security Clearinghouse API

Outsmart Malicious Hackers


So Facebook has launched ThreatExchange, a social network for information security intelligence and cyberthreat sharing, how apt. They have signed up some fairly heavyweight partners from the get go with Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo! being involved initially.

With those kind of names, it’s a sure bet more people will jump on the bandwagon fairly shortly.

Facebook Launches ThreatExchange - Security Clearinghouse API

So yah, it’s gonna be successful – but is it going to be useful? ThreatExchange is an application programming interface that builds on Facebook’s internal threat system called ThreatData – which is basically a social system to share bad URLs and dangerous domains.

Facebook is teaming up with other big names on the interwebs to create a security information sharing portal, dubbed ThreatExchange*, which went live on Wednesday.

ThreatExchange is billed as a platform that enables security professionals to “share threat information more easily, learn from each other’s discoveries, and make their own systems safer”.

Facebook said that it’s built in a set of privacy controls so that “participants can help protect any sensitive data by specifying who can see the threat information they contribute.”

Threats like malware, spam and phishing typically go after multiple targets. Sharing threat intelligence improves collective defence against the bad guys, who are already collaborating, the argument goes.

The US Cyber Intelligence Sharing and Protection Act (CISPA), which allows private companies to share customer information with the NSA and others in the name of cybersecurity, has repeatedly failed to clear legislative hurdles.

Under that latest attempt to revive the proposed law, announced by President Obama last month, corporations and government would be obliged to share information about possible computer security vulnerabilities in order to make everyone more secure. The idea sounds like a winner but the problem is that organisations taking part will also pass on customer information to law enforcement, after taking “reasonable” steps to anonymise it. In return, they get threat intelligence from the Feds about the attack landscape.


Collaboration does work tho and with one of the biggest online entities leading it, the amount of data that this exercise should yield will be fairly impressive. What they’ve build is an API on top of ThreatData basically which allows access to the data in the system, and probably allows you to feed in bad URLs as well.

Business wise, should they giving this data away for free? Why not I say.

Privacy activists are dead against the idea, partly because experience has shown it’s very difficult to anonymise data in practice, as well as because of more general fears that information sharing represents another way for the NSA to hoover up yet more data into its vast data centre.

Groups like the Electronic Frontiers Foundation advocate use of information sharing hubs as an alternative. Facebook’s social network for threat sharing fits into that mould, when viewed from a charitable perspective. On the other hand, Facebook has a long history of shifting its privacy goalposts, at least with information supplied by consumers – and this makes the social network a mite difficult to trust.

Head honcho Mark Zuckerberg famously labelled early Facebookers “dumb fucks” for sharing their personal info on his network – which, let’s not forget, exists to allow its customers (i.e. advertisers) to sling better-targeted adverts at consumers.

Maybe Facebook is coming at ThreatExchange from a different angle. In fairness, other web 2.0 firms have already been convinced to collaborate with Facebook on ThreatExchange.

Early partners for ThreatExchange include Bit.ly, Dropbox, Pinterest, Tumblr, Twitter, and Yahoo. Facebook said that it expect new partners to jump on board as the platform grows. Information sharing has been going on in an ad-hoc basis in certain industries, particularly banking, for many years. Yet sharing e-mail and spreadsheets is too ad-hoc and inconsistent. It’s difficult to verify threats, to standardise formats, and for each company to protect its sensitive data. Commercial options can be expensive and many open standards require additional infrastructure, according to Facebook.

Facebook aims to plug the gap in existing approaches with builds on its internal ThreatData system to create a social platform designed for sharing indicators such as bad URLs and domains. Facebook is at pains to emphasise that it’s really serious about privacy, at least when it comes to the operation of ThreatExchange.

For the majority of netizens, this is good stuff – who doesn’t want to see less spam on Facebook and have malware threats auto-squashed? It’s a pretty healthy move for the Internet in general. I’m just interesting to see if anything else is going to spin off from this.

From the sign-up page, it seems like there’s an option to publish/push your own threat feed into ThreatExchange as well (hence the Exchange name I guess) so it’ll be interesting to see what happens from here on in.

Source: The Register

Posted in: Countermeasures, Security Software

,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


Comments are closed.