Facebook Built A Tool To Detect Rogue SSL Certificates

For internal use, Facebook had initially built its own CT monitoring service as FB uses various websites for marketing. Special events are also outsourced to the third party. To keep a track, which was not possible without monitoring services, CT played an important role. CT monitoring helps in tracking various sites even if direct management is delegated to another party. With the help of CT, the Facebook security team was able to detect two certificates issued for ‘fb.com’, which the security team had no knowledge of. Although after complete investigation it was discovered that the certificate was issued on request of another Facebook team but they failed to inform the FB security team in time.

A Tool To Detect Rogue SSL Certificates

Facebook had a good understanding of the importance of adapting CT and decided to build a tool for the public. This tool would help other companies to keep track of SSL certificate issues for their domains. With the help of this tool
  • The Domain owner can detect a miss-issued certificate within an hour
  • Keep track of existing certificates being used
  • An Owner can subscribe to receive email alerts when a new certificate appears in CT logs
In case you receive an alert on CA issuing certificate that you have not requested, follow these steps:
  • Contact concerned CA, who issued the certificate
  • Make sure that your identity is not compromised
  • Consider revoking that certificate


How Facebook’s tool is helpful for domain

Facebook has come up with a tool to make it easier for domain owner (or security team) to search and keep track of certificates associated with their domain through CT logs. CT maintains logs listing TLS/SSL certificates, which are publicly accessible. CT framework outlines various rules and procedures, such as:
  • How CAs and domain owners submit records of TLS certificates to public logs
  • Audit the logs to ensure the certificates are properly added
  • Monitor the logs to look for new entries
Various threats CT addresses are
  • Mis-issued certificates
  • Stolen certificates
  • Rogue Certificate Authorities
From all the public CT logs, this tool fetches data periodically; it is then synced before performing ‘user-supplied query’. Whenever a new entry in the synced list is detected, users will receive an email notification. There are no restrictions on usage of this tool, so anyone can use it to search for logs for any domain.

For further information, feel free to contact us on +1 (888) 606-7330. We will also help you to provide Comodo SSL Certificate for domain and sub-domain to secure your online business website. Go ahead and visit us at https://www.thesslstreet.com/.

Comments

Post a Comment

Popular posts from this blog

Does SSL Help Your Local Business’s SEO Rank To Improve On Google?

Image
About SSL SSL  is a Secure Socket Layer, which helps in securing data from being misused or modified by any third party by establishing encrypted link between the browser and the server or between servers. This link ensures that the data that is being transferred/shared between the server and the browser remains private and secure. How SEO Rank can be improved for our website/local business? We should comprehend this simplerly. At whatever point we have an inquiry in our mind, we tend to seek it online with the assistance of any search engine. When we compose our question, a list of results appear on our screen and out of each one of those outcomes more often than not we pick the specific first outcome. We do so because the main site appeared because of our query tends to be more proper or important than different sites or site pages. The site positioned better will be appeared preceding the sites whose positioning isn't that great when contrasted with the site which is positi
Read more

What Studies Say About Comodo Positive SSL Wildcard and Essential SSL Wildcard Certificate?

Image
Every business has its own nature, some runs high-risk and some have a low-risk business. But the data which is there in hand is something very important for which a company’s owner works really hard enough to build a huge empire. What if?   What if the data got stolen? This is where the business suffers from an awful condition that takes a company month’s back. For that, every company needs security who keeps an eye on the thief’s who actually steals the encrypted data.  SSL Certificates  actually helps you to find out the threat and work as a shield to secure against that.      SSL Certificate SSL Certificate link ensures that all data passed between the web server and browsers remain private and integral. There are types of SSL Certificates Comodo Positive SSL Wildcard and Essential SSL Wildcard Certificate. Comodo Positive SSL Wildcard Certificate :  It’s a Certification Authority (C.A), which provides a list of SSL certificates. Positive SSL Wildcard
Read more

The Internet of Things is The Future; Protection Must Be, As Well

Image
Internet security is a major concern of all Internet users, whether you are a client or a website owner. This concern is due to increase in internet threats on daily basis. These threats include viruses, which can erase all the data on hard disk creates problem in smooth working of software and even are programmed in such a manner that it steals personal information, bank details and identity. To fight against such threats you need   internet security . But what's the web of things, or IoT, and why is it changing into a cybersecurity concern? the web of things is formed from billions of “smart” devices that hook up with the web. Examples embrace wearable technology, home devices and medical devices. additionally to driving innovation, IoT devices are getting progressively well-liked. Gartner lnc. predicts that by 2020, there'll be twenty.4 billion good devices in use worldwide. But there's risk. This increasing convergence of wearable technologies and cloud services in
Read more