Saturday, January 16, 04:07
Home security Facebook helps security researchers by adding "Whitehat Settings"

Facebook helps security researchers with the addition of "Whitehat Settings"

WhitehatThe Facebook has decided to help security researchers by adding to their accounts a new special option, called "Whitehat Setitngs".

But how can this new option look to the researchers? By introducing a mechanism that allows you to bypass the Facebook security mechanism, Certificate Pinning.

Certificate Pinning is for protection. However, with the introduction of the new Whitehat Setitngs, researchers are given the opportunity to access an account if they need to check something. This is because with the new setting, Facebbok will "break" Certificate Pinning for that particular setting account.

Facebook took this action because the researchers were having trouble circumventing the security mechanism.

The new “Whitehat Settings” option will be available on Facebook, Messenger and Instagram. However, it is only supported on Facebook's Android apps and not iOS. The new feature has its own settings (disable Facebook TLS 1.3 support, use certificates, embedded proxy).

How the Facebook decided to help security researchers?

Facebook has always been on the side of the infosec community and is one of the few companies that actively supports security research. It has its own bug bounty program and offers security tools.

Lately, Facebook has been at the center of leakage. After the scandals do that it can to enhance security on the central platform as well as on mobile applications. It has extensively expanded its bug bounty program and has provided large sums of money to researchers who discover vulnerabilities on its platform and its other applications. It also offers fees (up to 40.000 dollars) to researchers who discover significant vulnerabilities that cause users to lose control of accounts and seizure by hackers.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...