funsec mailing list archives
Re: Facebook Image Privacy
From: Alex Eckelberry <AlexE () sunbelt-software com>
Date: Sun, 17 Jan 2010 19:30:39 -0500
I agree. I think this issue is overblown. ________________________________ From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Dan Kaminsky Sent: Sunday, January 17, 2010 3:13 PM To: Larry Seltzer Cc: funsec () linuxbox org Subject: Re: [funsec] Facebook Image Privacy On Sun, Jan 17, 2010 at 8:47 PM, Larry Seltzer <larry () larryseltzer com<mailto:larry () larryseltzer com>> wrote:
It's a password to a single asset, which is retrieved in its entirety. If you allow "omg, somebody could share the link" to be considered a security hole, then I can see the stories now...
I've often thought that security through obscurity gets a bad rap. Perhaps this is one of those cases. Obscurity is not secrecy. A password is secret. So are prime numbers at the heart of RSA private keys. The difference is that analysis by an attacker will yield progress against an obscure system, but not a well chosen secret. Or, put another way, *systems* have to do things, so they're behavior can't be as random as a password or a private key. My real problem with it is that I've marked it for "Only Me." Why do they need to provide this link? And they only do it for images, not for plain text posts or videos where you mark it as "Only Me." Clearly users wanted to know how to take a photo that was for "only me" and share it with a few others, out of band. As long as the photo isn't showing up in open galleries, I think it's pretty clear that user intent is actually being scrupulously respected. Larry Seltzer Contributing Editor, PC Magazine larry_seltzer () ziffdavis com<mailto:larry_seltzer () ziffdavis com> http://blogs.pcmag.com/securitywatch/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Facebook Image Privacy Larry Seltzer (Jan 17)
- Re: Facebook Image Privacy Vincent Hoffman (Jan 17)
- Re: Facebook Image Privacy Imri Goldberg (Jan 17)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Imri Goldberg (Jan 17)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Larry Seltzer (Jan 17)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Vaughn, Randal L. (Jan 17)
- Re: Facebook Image Privacy Alex Eckelberry (Jan 17)
- Re: Facebook Image Privacy Blue Boar (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 18)
- Re: Facebook Image Privacy Blue Boar (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 18)
- Re: Facebook Image Privacy Blue Boar (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 18)
- Re: Facebook Image Privacy Blue Boar (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 18)
- Re: Facebook Image Privacy Blue Boar (Jan 18)
- Re: Facebook Image Privacy Dan Kaminsky (Jan 17)
- Re: Facebook Image Privacy Larry Seltzer (Jan 18)