nanog mailing list archives
Re: Facebook insecure by design
From: "steve pirk [egrep]" <steve () pirk com>
Date: Sun, 23 Oct 2011 10:43:26 -0700
Just about everything on Google pages is https these days, even search if you enable it. If anybody on this thread uses gmail com a you really ought to take a look at google plus. Compare the way user privacy is the primary objective, versus the share everything by default of facebook. I cannot think of anything that could do something like this in the Gmail or Plus products. On Oct 19, 2011 11:22 PM, "Murtaza" <leothelion.murtaza () gmail com> wrote:
Going back to the initial security problem identified by Williams, I also experienced something today. I guess he is right about that. I am behind a proxy and I just disabled the proxy for "Secure Web" which means HTTPS. Now guess what I was still able to access facebook while I was not able to access google. That clearly means there is something wrong. What do you guys think? Ghulam On Wed, Oct 5, 2011 at 2:28 AM, Bill.Pilloud <bill.pilloud () gmail com> wrote:Is this not the nature of social media? If you want to make suresomethingis secure (sensitive information), Why is it on social media. If you are worried about it being monetised, I think Google has already done that. ----- Original Message ----- From: "Joel jaeggli" <joelja () bogus com> To: "Jimmy Hess" <mysidia () gmail com> Cc: <nanog () nanog org> Sent: Sunday, October 02, 2011 4:05 PM Subject: Re: Facebook insecure by design On 10/2/11 15:43 , Joel jaeggli wrote:On 10/2/11 15:25 , Jimmy Hess wrote:On Sun, Oct 2, 2011 at 4:53 PM, <Valdis.Kletnieks () vt edu> wrote:On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise.Ooh.. subtle. :)Man in the Middle (MITM) is a technical term that refers to a rather specific kind of attack. In this case, I believe the proper term would be just "The man". [Or "Man at the Other End (MATOE)"]; you either trust Facebook with info to send to them or you don't, and network security is only for securing the transportation of that information you opt to send facebook.alice sends charlie a message using bob's api, bob can observe and probably monetize the contents. Yes, if Alice sends Bob an encrypted message that Bob can read, andBob turns out to be untrustworthy, then Bob can sell/re-use the information in an abusive/unapproved way for personal or economic profit.charlie is probably untrustworthy, bob is probably moreso (mostly^ trustworthybecause bob has more to lose than charlie), alice isn't cognizant oftheimplications of running charlie's app on bob's platform despite the numerous disclaimers she blindly clicked through on the way there. ---JH
Current thread:
- Re: Facebook insecure by design, (continued)
- Re: Facebook insecure by design Joel jaeggli (Oct 02)
- Re: Facebook insecure by design Bill.Pilloud (Oct 04)
- OT: Social Networking, Privacy and Control Jay Ashworth (Oct 04)
- Re: OT: Social Networking, Privacy and Control Christian de Larrinaga (Oct 04)
- Re: OT: Social Networking, Privacy and Control Travis Biehn (Oct 05)
- Config files? Green, Timothy (Oct 05)
- Re: Config files? William Herrin (Oct 05)
- Re: Config files? David Swafford (Oct 08)
- Re: Config files? isabel dias (Oct 08)
- Re: Facebook insecure by design Murtaza (Oct 19)
- Re: Facebook insecure by design steve pirk [egrep] (Oct 23)
- Re: Facebook insecure by design Jeroen Massar (Oct 23)
- Re: Facebook insecure by design Jay Ashworth (Oct 23)
- Re: Facebook insecure by design steve pirk [egrep] (Oct 23)
- Re: Facebook insecure by design Robert Bonomi (Oct 24)
- Re: Facebook insecure by design Lou Katz (Oct 24)
- Re: Facebook insecure by design steve pirk [egrep] (Oct 26)
- Re: Facebook insecure by design steve pirk [egrep] (Oct 23)