How does Facebook protect its users against BREACH attacks on HTTPS traffic, as well as cross-site request forgery attacks? Chad Parry, a London-based member of the social network’s security infrastructure team, and Christophe Van Gysel, who contributed to the mitigation of BREACH at Facebook as an intern, answered those questions in detail in a note on the Protect the Graph page.
Protect the Graph
In a study of one day’s worth of Facebook’s notification email logs, the social network found that 76 percent of unique MX host names that receive its emails support the STARTTLS encryption standard, meaning that 58 percent of its emails were successfully encrypted.
Facebook offered some statistics about its bug bounty program in a note on its Protect the Graph page, saying that it received 14,763 submissions in 2013, up 246 percent from the previous year, and 687 of those submissions qualified for awards.
Part of being able to combat malware, phishing, and other online threats is gathering and consolidating as much data on those threats as possible, and Facebook took a major step forward on that front with its development of ThreatData.