Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

Facebook Launches Certificate Transparency Monitoring Tool

Facebook has launched a free online tool, named Certificate Transparency Monitoring, that allows users to obtain information on the digital certificates issued for a specified domain.

Facebook has launched a free online tool, named Certificate Transparency Monitoring, that allows users to obtain information on the digital certificates issued for a specified domain.

Google’s Certificate Transparency (CT) project provides an open framework for monitoring and auditing TLS certificates in near real time in an effort to help organizations detect malicious or mistakenly-issued certificates.

Facebook has been running a CT monitoring service of its own since last year and it has now decided to make it available to the public.

The social media giant continuously checks the major public CT logs for certificates issued on behalf of its domains, and in the process it collects certificate information from various certificate authorities (CAs).

Through its Certificate Transparency Monitoring tool, the company wants to provide users access to the data it has collected and allow them to monitor domains that are of interest. In addition to searching for certificates associated with a specified domain, users can subscribe to a domain and Facebook will notify them via email if new certificates are identified.

“Certificate Authorities issue hundreds of certificates every minute, but by using Facebook infrastructure, we can quickly process large amounts of data and provide a reliable and efficient search function for certificates listed for a domain,” explained Bartosz Niemczura, a software engineer on Facebook’s product security team.

Niemczura pointed out that since CT logs are public information, the tool can be used by anyone, not just webmasters. However, he cautioned that not all certificates are submitted to CT logs.

“Facebook’s support for Certificate Transparency is a great step forward,” Kevin Bocek, VP of Security Strategy and Threat Intelligence for Venafi, told SecurityWeek. “Cryptographic keys and digital certificates provide the foundations of trust and privacy for the global economy yet we blindly trust them. Facebook’s new certificate transparency monitoring is one more sign the world is finally waking up to the problem of certificate abuse.”

“The ultimate goal of certificate transparency is to stop abuse of issuance – a key concern with the rise of free certificate offerings like Let’s Encrypt. As enterprises finally acknowledge the impact of digital certificate abuse and theft, they’re increasingly turning to Certificate Reputation, which builds upon certificate transparency and empowers businesses to actively decide which certificates should be trusted,” Bocek added. “As we look towards 2017, I expect – and hope – to see more new innovations like this to solve the problem of malicious certificate use.”

This is not the only tool released by Facebook in recent months. In September, the company announced the availability of a Windows version for Osquery, an instrumentation framework designed for exploring operating systems via SQL-based queries.

Related: Chrome’s Certificate Transparency to Become Mandatory

Related: Google to Distrust WoSign, StartCom Certificates

Related: Google Adds Certificate Transparency Log for Untrusted CAs

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe