Following Data Leak, Facebook Proposes Encryption for UIDs

[Robert Slade <rmslade () shaw ca>]

"In response to a discovery earlier this week that some Facebook applications were inadvertently sharing user 
information to third parties, Facebook engineers are proposing that Facebook UIDs become encrypted."

Oh, gee, some real genius must have thought of that!

"Under the new proposal, the parameters that are passed back to iFrame-based applications will be encrypted using an 
application’s secret key, meaning that only the actual application will be able to read the information and accidental 
disclosures over HTTP headers will no longer be possible."

http://mashable.com/2010/10/21/facebook-uid-encryption/

Following Data Leak, Facebook Proposes Encryption for UIDs - http://on.mash.to/bh3sIM

OK, probably symmetric.  So it's safe until it hits the game saerver.  At which point ...

(Game developers are just so inherently security concious ...)

====================== 
rslade () computercrime org  slade () victoria tc ca  rslade () vcn bc ca
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Book reviews:   [Base URL]mnbk.htm
                [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Review mailing list: send mail to techbooks-subscribe () egroups com
http://blogs.securiteam.com/index.php/archives/author/p1/
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.