Engineering Blog

Blog posts tagged 'Security'

Building Zero protocol for fast, secure mobile connections

Posted about a year ago
blog post · Mobile · Networking and Traffic · Security · Android · iOS · Performance

The protocol introduces several changes that help make mobile connections more efficient and secure. Read more...

Hervé RobertEngineering

Spam Fighting @Scale 2016

Posted about 2 years ago
blog post · @Scale · Security

Spam Fighting@Scale is an invitation-only technical conference for engineers working on large-scale management and analytics solutions for platform abuse. Read more...

Yarn: A new package manager for JavaScript

Posted about 2 years ago

With Yarn, engineers have access to the npm registry while operating faster, more securely, and more reliably. Read more...

Marlon DutraEngineering

Scalable and secure access with SSH

Posted about 2 years ago

Facebook leverages signed certificates with principals for scalable, reliable security access. Read more...

In pursuit of secure open source software

Posted about 2 years ago
blog post · Security · Open Source

We committed to a high standard of code quality when we open-sourced osquery and we believe it's important for people using it to know what we do to keep it secure. Read more...

Ted ReedSoftware engineer at Facebook

Hardware and firmware attacks: Defending, detecting, and responding

Posted about 2 years ago
blog post · Hardware · Security · Hacking · Open Source

Simple tools like osquery give defenders important insights about what's happening on their network so they can quickly detect a potential compromise. Read more...

Chris MarraProduct manager at Facebook

Favorite hacks of 2015

Posted about 2 years ago

The passion people have for ideas generated at hackathons results in everything from new products to open source tools. Read more...

Ryan MackEngineering

Security @Scale 2015: Engineering Security

Posted about 3 years ago
blog post · Infra · @Scale · Security · Data Science · Tooling · Hacking

More than 250 engineers gathered in Boston to share how they're building tools to address some of the most challenging engineering issues within security. Read more...

Ted ReedSoftware engineer at Facebook

Building open source communities for security

Posted about 3 years ago
blog post · Backend · Security · Open Source

After 12 months of monitoring and nurturing the osquery project, we wanted to share what we’ve learned about open source communities and how they differ in security. Read more...

Osquery: Introducing query packs

Posted about 3 years ago
blog post · Backend · Security

Query packs help you group queries by function or problem domain into files that are easy to download, distribute, and update. Read more...

Simon MarlowEngineering

Fighting spam with Haskell

Posted about 3 years ago
blog post · Security · Backend

We recently completed a two-year redesign of Sigma, one of our spam-fighting systems. Check out how we integrated Haskell with our existing C++ code and the improvements we made to GHC. Read more...

Mike ArpaiaEngineering

Embracing open source security

Posted about 3 years ago
blog post · Security · Open Source · Framework · Platform

Osquery: Approaching security the hacker way.

Kristie ChowEngineering

Spam Fighting @Scale Recap

Posted about 3 years ago
blog post · Data · Web · Mobile · @Scale · Security · Platform · Data Science · Graph · User Experience

Hundreds of spam-fighting professionals gathered to hear engineers at Facebook, Pinterest, Dropbox, Yelp, and LinkedIn discuss techniques for fighting spam. Read more...

How RocksDB is used in osquery

Posted about 3 years ago
blog post · Infra · Data · Backend · Security · Framework · Analytics · Storage · Open Source

Using RocksDB as osquery's embedded database allows osquery to store and access data in a fast, persistent way, enabling our team to solve some technical problems we'll detail in this blog. Read more...

Fernanda WeidenEngineering at Facebook

Security @Scale 2014 Recap

Posted about 4 years ago
blog post · Infra · Security

Making online services safe and secure for more than a billion people means that security solutions have to scale well. Recent internet-wide incidents involving SSL technology, such as POODLE and Heartbleed, only reinforce the importance of getting this stuff right, as well as the extent to which security technology impacts more than any single company. Read more...

Mike ArpaiaEngineering

Introducing osquery

Posted about 4 years ago

Maintaining real-time insight into the current state of your infrastructure is important. At Facebook, we've been working on a framework called osquery which attempts to approach the concept of low-level operating system monitoring a little differently. Read more...

Open-sourcing Haxl, a library for Haskell

Posted about 4 years ago
blog post · Infra · Data · Web · Backend · Open Source · Caching · Languages · Security · Data Science · Analyticsmore

Today we're open-sourcing Haxl, a Haskell library that simplifies access to remote data, such as databases or web-based services. Read more...

Subodh IyengarSoftware engineer at Facebook

Introducing Conceal: Efficient storage encryption for Android

Posted about 4 years ago
blog post · Web · Infra · Data · Security · Open Source · Android · Java · Development Tools · Caching · Storage · Performancemore

Caching and storage are tricky problems for mobile developers because they directly impact performance and data usage on a mobile device. Caching helps developers speed up their apps and reduce network costs for the device owner by storing information directly on the phone for later access. However, internal storage capacity on Android phones is often limited, especially with lower to mid range phone models. A common solution for Android is to store some data on an expandable SD card to mitigate the storage cost. What many people don't realize is that Android's privacy model treats the SD card storage as a publicly accessible directory. This allows data to be read by any app (with the right permissions). Thus, external storage is normally not a good place to store private information. Read more...

Scott RenfroEngineering at Facebook

Secure browsing by default

Posted about 5 years ago
blog post · Web · Infra · Mobile · Security · Android · iOS · User Experience · Networking and Traffic

We now use https by default for all Facebook users. This feature, which we first introduced as an option two years ago, means that your browser is told to communicate with Facebook using a secure connection, as indicated by the "https" rather than "http" in This uses Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), and makes the communication between your browser and Facebook servers more secure. Read more...

Celebrating a year of fighting email phishing with DMARC

Posted about 5 years ago
blog post · Infra · Security · Testing · Open Source · Messages · User Experience

A couple of years ago, Facebook joined a burgeoning alliance of major online services to support the development of DMARC, a protocol that seeks to augment new message authentication technologies with a strong policy layer focused on thwarting phishing attacks. Today, we’re celebrating the DMARC standard’s official one-year anniversary by announcing that DMARC now protects almost two-thirds of the world’s 3.3 billion consumer mailboxes, including 85% of Facebook’s user base. Read more...

Louis BrandySoftware engineer at Facebook

Fighting spam with pure functions

Posted about 5 years ago
blog post · Web · Infra · Data · Security · Language Tools

Like any popular Internet site, Facebook is a target for abuse. Our Site Integrity engineers rely on FXL, a domain-specific language forged in the fires of spam fighting at Facebook, to quash this abuse before it can affect our users. Feature eXtraction Language (FXL) evolved in response to our need for a fast, flexible, safe way to write rules for identifying spam. Read more...

Ryan McGeehanEngineering

Happy Hacktober

Posted about 6 years ago
blog post · Culture · Security · Hacking · Testing

October is national cyber security awareness month (NCSAM). While most companies plan activities and provide information via traditional means (compliance videos, dry awareness posters and messages, lectures and emails) to help their employees detect and prevent cyber attacks, Facebook honors NCSAM in true hacker style. We call it “Hacktober.” Facebook’s security team creates a series of simulated security incidents that are tested on Facebook employees throughout the month of October. The prize for spotting a Hacktober attack and reporting it to the team? Kudos and bragging rights of course. Oh, and a cool Hacktober T-shirt, poster or sticker. Read more...

Ari ChivukulaEngineering

A faster, better link shim

Posted about 6 years ago
blog post · Infra · Security

Earlier this year, the Site Integrity team wrote about a tool called "link shim" to warn people about potentially spammy or malicious links. While this tool did an excellent job of protecting people, this implementation caused a delay while your browser performed an extra round trip to Facebook's servers in order to check the link for maliciousness and hide the referrer. Read more...

Raylene YungEngineering

From News Feed to Timeline: Q&A with Raylene Yung

Posted about 6 years ago
blog post · Web · Infra · Culture · News Feed · Security · Timeline · Recruiting

Raylene Yung joined Facebook right out of school in 2009 and went to work on the News Feed team. After two years on News Feed, she worked on the Timeline, Friend Lists, and privacy teams. Read on to learn about the history of News Feed stories, how Raylene thinks about sharing on Facebook, and her recent transition into an engineering manager role. Read more...

Michael AdkinsSoftware engineer at Facebook

DMARC: Building Open-Source Email Authentication Technologies

Posted about 6 years ago
blog post · Infra · Security · Open Source · Optimization · User Experience

As one of the largest senders of email on the Internet, Facebook is also one of the largest phishing targets. After working at an ISP on email security and abuse issues for several years, I came to Facebook because I wanted to have a greater impact on the email ecosystem. Supported by Facebook’s commitment to open technologies, in 2010 I started working with a handful of other email security experts on a major anti-phishing effort called DMARC. Read more...

Clément GenzmerEngineering

My First Year Fighting Spam

Posted about 6 years ago
blog post · Infra · Security · User Experience · Performance · JavaScript

Fighting spam is really an arms race. As technology evolves, new threats emerge and keeping up is an absolute necessity. The Site Integrity team at Facebook works to protect people from spam, scams, account compromises, and other forms of abuse by building real-time classification systems that process millions of interactions per second and investigate and respond to new threats. Read more...

Meet a Facebook Fellow: Adrienne Porter Felt

Posted about 7 years ago
blog post · Culture · Research · Security · Women in Tech · Academics

The Facebook Fellowship program supports Ph.D. students doing groundbreaking computer science research for one academic year. Over the past two months, the 2011-2012 Facebook Fellows have been gearing up for the end of their year with visits to Facebook HQ to present their research and meet the team. Here's a look into one Facebook Fellow's experience in Palo Alto. Read more...

Keep Updated

Stay up-to-date via RSS with the latest open source project releases from Facebook, news from our Engineering teams, and upcoming events.

Facebook © 2018