[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Facebook insecure by design

Subject: Facebook insecure by design
From: mike at mtcc.com (Michael Thomas)
Date: Sun, 02 Oct 2011 11:01:41 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <CAAAwwbVj2Nnnk5ZE6q1684gFRz_r2Y_Dx1YcntztuCVTD3881w@mail.gmail.com> <[email protected]>

William Allen Simpson wrote:
> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com>  wrote:
>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>> The man in the middle is the other side of the connection, tls or 
>>> otherwise.
>>
>> That's where the X509 certificate comes in.   A man in the middle
>> would not have the proper private key to impersonate the Facebook
>> server that the certificate was issued to.
>>
> My understanding of his statement is that Facebook itself is the MITM,
> collecting all our personal information.  Too true.

Bingo.

Mike

Follow-Ups:
- Facebook insecure by design
  - From: patrick.sumby at sohonet.co.uk (Patrick Sumby)

References:
- Facebook insecure by design
  - From: mike at mtcc.com (Michael Thomas)
- Facebook insecure by design
  - From: mysidia at gmail.com (Jimmy Hess)
- Facebook insecure by design
  - From: william.allen.simpson at gmail.com (William Allen Simpson)

Prev by Date: Time Warner to centurylink/qwest
Next by Date: F.ROOT-SERVERS.NET moved to Beijing?
Previous by thread: Facebook insecure by design
Next by thread: Facebook insecure by design
Index(es):
- Date
- Thread