Connect with us

FACEBOOK

Facebook to warn third-party developers of vulnerable code

Published

on

Facebook has announced a policy change that will see the company notify third-party developers if it finds a security vulnerability in their code.

In a blog post announcing the change,Facebook said it “may occasionally find” critical bugs and vulnerabilities in third-party code and systems. “When that happens, our priority is to see these issues promptly fixed, while making sure that people impacted are informed so that they can protect themselves by deploying a patch or updating their systems.”

Facebook has previously notified third-party developers of vulnerabilities, but the policy shift formally codifies the company’s policy toward disclosing and revealing security vulnerabilities.

Vulnerability disclosure programs, or VDPs, allow companies to set the rules of engagement for finding and disclosing security bugs. VDPs also help guide the disclosure and publication of vulnerabilities once a bug is fixed. Companies often use a bug bounty to pay hackers who follow the company’s reporting and disclosure rules.

The policy change is not entirely altruistic. Facebook, like many other tech companies, relies on a ton of third-party code and open-source libraries. But by putting the change in writing, it also puts third-party developers on notice if they don’t fix vulnerabilities in a timely fashion.

Casey Ellis, founder and chief technology officer at vulnerability disclosure platform Bugcrowd, said the policy shift was becoming increasingly popular for companies with a “large, user-centric, third-party attack surface,” and echoes similar efforts by Atlassian, Google and Microsoft.

Facebook said when it finds a vulnerability, it will give third-party developers 21 days to respond and 90 days to fix the issues, a widely accepted time frame to report and remediate security issues. The company says it will make a reasonable effort to find the right contact for reporting a vulnerability, including, but not limited to, emailing security reporting emails, filing bugs without confidential details in bug trackers or filing support tickets. But the company said it reserves the right to disclose sooner if the vulnerability is actively being exploited by hackers, or delay its disclosure if it’s agreed that more time is needed to fix an issue.

Facebook said it will generally not sign a non-disclosure agreement (NDA) specific to the security issues it reports.

Katie Moussouris, founder of Luta Security, told TechCrunch that the “devil will be in the details.”

“The test will be the first time they have to pull the trigger and drop a zero-day — with mitigation guidance — on a competitor,” she said, referring to unpatched vulnerabilities where companies have zero days to patch them.

The new policy is focused specifically on how Facebook handles disclosure of issues in third-party code. If researchers find a security vulnerability on Facebook, or within its family of apps, they will continue to report it through the existing Bug Bounty Program.

As part of the policy change, Facebook said it would also disclose vulnerabilities once they are fixed. In a separate blog post, Facebook, which owns WhatsApp, disclosed six vulnerabilities in the messaging app — since fixed.

TechCrunch

FACEBOOK

Dundee businessman’s fury after Facebook account hacked

Published

on

Dundee businessman's fury after Facebook account hacked





Dundee businessman’s fury after Facebook account hacked



































Calendar An icon of a desk calendar.

Cancel An icon of a circle with a diagonal line across.

Caret An icon of a block arrow pointing to the right.

Email An icon of a paper envelope.

Facebook An icon of the Facebook “f” mark.

Google An icon of the Google “G” mark.

Linked In An icon of the Linked In “in” mark.

Logout An icon representing logout.

Profile An icon that resembles human head and shoulders.

Telephone An icon of a traditional telephone receiver.

Tick An icon of a tick mark.

Is Public An icon of a human eye and eyelashes.

Is Not Public An icon of a human eye and eyelashes with a diagonal line through it.

Pause Icon A two-lined pause icon for stopping interactions.

Quote Mark A opening quote mark.

Quote Mark A closing quote mark.

Arrow An icon of an arrow.

Folder An icon of a paper folder.

Breaking An icon of an exclamation mark on a circular background.

Camera An icon of a digital camera.

Caret An icon of a caret arrow.

Clock An icon of a clock face.

Close An icon of the an X shape.

Close Icon An icon used to represent where to interact to collapse or dismiss a component

Ellipsis An icon of 3 horizontal dots.

Envelope An icon of a paper envelope.

Facebook An icon of a facebook f logo.

Camera An icon of a digital camera.

Home An icon of a house.

Instagram An icon of the Instagram logo.

LinkedIn An icon of the LinkedIn logo.

Magnifying Glass An icon of a magnifying glass.

Search Icon A magnifying glass icon that is used to represent the function of searching.

Next An icon of an arrow pointing to the right.

Notice An explanation mark centred inside a circle.

Previous An icon of an arrow pointing to the left.

Rating An icon of a star.

Tag An icon of a tag.

Twitter An icon of the Twitter logo.

Video Camera An icon of a video camera shape.

Speech Bubble Icon A icon displaying a speech bubble

WhatsApp An icon of the WhatsApp logo.

Information An icon of an information logo.

Plus A mathematical ‘plus’ symbol.

Duration An icon indicating Time.

Success Tick An icon of a green tick.

Success Tick Timeout An icon of a greyed out success tick.

Loading Spinner An icon of a loading spinner.






Source link

Continue Reading

FACEBOOK

Man Recalls A Dating Catastrophe When He Invited A Felon He Met Online Over To Hangout

Published

on

YourTango

There exists a subreddit where people explain stories by setting the precedent of, “Today I F–ked Up,” called “r/TIFU.”

One man shared how he messed up by inviting a girl over to his place, not expecting the night to take a turn for the worst before he had to go to work the next day.

His second date turned into a night of horror after his date started drinking during dinner.

In order to provide some context, he explained how he met the girl on Facebook Dating and had gone on his first date with her over the weekend.

“I did notice that she only smiled with her top row of teeth in the pictures and figured that her bottom teeth might be effed up, but didn’t think much of it,” he explained, already pointing out potential red flags. “She had trad wife energy and I was into it.”

RELATED: Kindergarten Teacher Says A Mom Gave Her A Vacuum To ‘Turn On’ When Her Daughter Misbehaves

He explained that during their first date, he had learned a lot about her, including her history of battling eating disorders which explained the messed up teeth.

He learned that she doesn’t drink often and that she lives with her parents because she’s preparing for surgery that will require a lot of physical therapy.

“This is all a red herring — nothing about this TIFU has to do with the teeth,” he explains. “I wanted to mention it because I was so focused on this that I didn’t pick up the other red flags.”



Source link

Continue Reading

FACEBOOK

Zuckerberg says Meta Quest 3 will get Quest Pro’s key tech feature

Published

on

Renderings of the Meta Quest 3 based on leaked CAD images

Meta Quest 3 is not a reality yet but it is expected to launch this year, probably in the fall at a Meta Connect event. This will be Meta’s consumer focussed headset that will succeed the Meta Quest 2. We recently heard rumors about the headset being much slimmer with more compact display lenses than the Quest 2 and that it could run on a more powerful Qualcomm Snapdragon XR2 Gen 2 chipset. 

Now, Meta’s recent earnings release has shed some light on new information around the Quest 3. Mark Zuckerberg, the CEO of Meta, has confirmed that the Quest 3 will have support for Meta Reality — the technology that allows the headset to be used for both augmented reality as well as virtual reality. This means that the Quest 3 will be a mixed reality headset and not just have virtual reality — much like the premium, enterprise-focussed Meta Quest Pro. This is something we had heard of before, but Zuckerberg seems to have confirmed it.

Source link

Continue Reading

Trending

en_USEnglish