[Infowarrior] - Facebook opens security industry social network for threat sharing

Richard Forno rforno at infowarrior.org
Wed Feb 11 16:59:27 CST 2015 

Facebook opens security industry social network for threat sharing

What the net needs is a great big sharing pot
By Dave Neal
Wed Feb 11 2015, 16:50   

http://www.theinquirer.net/inquirer/news/2394882/facebook-opens-security-industry-social-network-for-threat-sharing              

FACEBOOK HAS LAUNCHED A THING called ThreatExchange which is the firm's gift to the wider online security industry and a kind of sharing place for advice, updates and information.

News of ThreatExchange comes to us through an official post on the Facebook blog, and is soundtracked with some trumpeting.

It is pitched as a social network for the security community, so let's assume it is not baggy like a first year schoolkid's PE kit.

"A little over a year ago, a group of technology companies came together to discuss a botnet that was spreading a malware-based spam attack on all of our services," said Mark Hammel, Facebook's manager of threat infrastructure.

"We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture.

"During our discussions, it became clear that what we needed was a better model for threat sharing."

Hammel said that Pinterest, Tumblr, Twitter and Yahoo all played a role in the early development of ThreatExchange, and that the quintet has been joined by Bitly and Dropbox.

Access to the network is governed by a number of privacy controls that were requested at the start of the project. These allow companies to choose what information they share and with which other parties, for example.

"Feedback from our early partners centred on the need for a consistent, reliable platform that could provide flexibility for organisations to be more open or selective about the information they share," said Hammel.

"Threat data is typically freely available information like domain names and malware samples, but for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields."

Hammel said that all firms can become stronger by combining their efforts: "That's the beauty of working together on security. When one company gets stronger, so do the rest of us."

Facebook announced recently that the firm has updated its privacy policy to say that it can now track your every move on the internet, even when you're logged out of the app. µ


--
It's better to burn out than fade away.

More information about the Infowarrior mailing list