Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

Facebook Launches Certificate Transparency Monitoring Tool

Facebook has launched a free online tool, named Certificate Transparency Monitoring, that allows users to obtain information on the digital certificates issued for a specified domain.

Facebook has launched a free online tool, named Certificate Transparency Monitoring, that allows users to obtain information on the digital certificates issued for a specified domain.

Google’s Certificate Transparency (CT) project provides an open framework for monitoring and auditing TLS certificates in near real time in an effort to help organizations detect malicious or mistakenly-issued certificates.

Facebook has been running a CT monitoring service of its own since last year and it has now decided to make it available to the public.

The social media giant continuously checks the major public CT logs for certificates issued on behalf of its domains, and in the process it collects certificate information from various certificate authorities (CAs).

Through its Certificate Transparency Monitoring tool, the company wants to provide users access to the data it has collected and allow them to monitor domains that are of interest. In addition to searching for certificates associated with a specified domain, users can subscribe to a domain and Facebook will notify them via email if new certificates are identified.

“Certificate Authorities issue hundreds of certificates every minute, but by using Facebook infrastructure, we can quickly process large amounts of data and provide a reliable and efficient search function for certificates listed for a domain,” explained Bartosz Niemczura, a software engineer on Facebook’s product security team.

Niemczura pointed out that since CT logs are public information, the tool can be used by anyone, not just webmasters. However, he cautioned that not all certificates are submitted to CT logs.

“Facebook’s support for Certificate Transparency is a great step forward,” Kevin Bocek, VP of Security Strategy and Threat Intelligence for Venafi, told SecurityWeek. “Cryptographic keys and digital certificates provide the foundations of trust and privacy for the global economy yet we blindly trust them. Facebook’s new certificate transparency monitoring is one more sign the world is finally waking up to the problem of certificate abuse.”

Advertisement. Scroll to continue reading.

“The ultimate goal of certificate transparency is to stop abuse of issuance – a key concern with the rise of free certificate offerings like Let’s Encrypt. As enterprises finally acknowledge the impact of digital certificate abuse and theft, they’re increasingly turning to Certificate Reputation, which builds upon certificate transparency and empowers businesses to actively decide which certificates should be trusted,” Bocek added. “As we look towards 2017, I expect – and hope – to see more new innovations like this to solve the problem of malicious certificate use.”

This is not the only tool released by Facebook in recent months. In September, the company announced the availability of a Windows version for Osquery, an instrumentation framework designed for exploring operating systems via SQL-based queries.

Related: Chrome’s Certificate Transparency to Become Mandatory

Related: Google to Distrust WoSign, StartCom Certificates

Related: Google Adds Certificate Transparency Log for Untrusted CAs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

Network security policy management firm FireMon has appointed Alex Bender as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.