If you've been logged out of your account and asked to sign back in, it’s because we've discovered a security issue and are taking immediate action to protect people on Facebook. Learn more newsroom.fb.com/news/2018/09/s…

Heads up regarding FB breach response. You may see some companies logging out users forcefully, similar to how Facebook responded. This does *not* indicate that other websites were breached. /1

ironically, FB's "View As" feature is one designed to *help* people ensure content on their profile is private/secure. (it lets you see what content on your profile someone else can see and double-check it's not more than you intended!)

matt blaze Vote for Pedro! Check out Pedro Canahuati (Pedro Canahuati): x.com/mepedroc?s=09

What annoys me most about the The New York Times #Facebook "Private Messages" story launched & everyone is copying, is that once cooler heads look into it, it will be seen as a storm in a teacup, newspapers will rage at regulators for contradicting them, & civil society will look stupid.

At first sight this sounds like a terrible idea, but in fact there's peer reviewed research on measuring the security-usability tradeoff in correcting password typos, and it turns out it makes a lot of sense to do this. cs.cornell.edu/~rahul/papers/… Screenshot HT Andrew Munchbach

Great new post about the work that we do on the security team at Facebook (yay collin): newsroom.fb.com/news/2019/01/d…

I'm very excited to announce that I will be joining Facebook as a security engineer soon. Shoutout to HackerOne for the real world security experience which no doubt helped me land the interviews. I look forward to being on the other side of screen evaluating incoming reports.

We just announced Facebook CTF! Come play :) facebook.com/notes/facebook…

Facebook's CTF starts tomorrow, bit.ly/2HPrxS9. You can sign up and play here: fbctf.com. There's monetary prizes for the top 3 teams, but if you place in the top 50 you'll receive some of the best swag I've ever created.

Startups keep asking us how to sign JSON objects and lvh got sick of re-explaining and wrote this. latacora.micro.blog/2019/07/24/how…

Zoncolan THE static analysis tool used to protect Facebook m-cacm.acm.org/magazines/2019… The main project I've been working on for the last 3 years to enable engineers to move fast with secure code Tldr * Analysing ~100M LoC in ~30 mns * Detecting ~40% of FB severe > any other system

This is cool. SDLC feedback loops at scale. "Bugs that Matter" (1) Stats on crashes and other errors that happen in production. (2) A "bug bounty" program, where people outside the company can report vulnerabilities (3) Internal tracking the most severe bugs (SEV) that occur.

Several coworkers and I put up a proposal / demo on privacy preserving reporting on third parties using blind signatures github.com/siyengar/priva…. There are a surprising number of fun sub-problems to solve along the way. We'd love feedback Erik Taubeneck Andrew Knox Sean Bedford.

I just learned about "to-do list debt" and it's blowing my mind, so I want to share it with you. To-do list debt is when you've built up a backlog of overdue tasks. Just like real debt, if you pay off your debts first and ignore today's expenses, you just stay in debt. [thread]

We are expanding the scope of our bug bounty program again, facebook.com/notes/facebook… 3rd party apps, after user approval, have limited access to facebook user data. They must be responsible stewards of that data and this further encourages that.

Writeup on how I made $40,000 breaking the new Chromium Edge using essentially two XSS flaws. leucosite.com/Edge-Chromium-…

At #realworldcrypto, Jon Millican just announced definitively that @Facebook will ship end-to-end encryption in Messenger. Bold. No timeline was provided, however.

Congratulations, Brown CS Class Of 2020! It gives us a lot of happiness to share the following celebrations of our 2020 graduates, including a special video from our faculty. We've never been prouder to be part of the Brown CS community. cs.brown.edu/people/2020gra…