nanog mailing list archives

Re: Facebook insecure by design

From: William Allen Simpson <william.allen.simpson () gmail com>
Date: Sun, 02 Oct 2011 13:27:00 -0400

On 10/2/11 12:36 PM, Jimmy Hess wrote:

On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike () mtcc com>  wrote:

I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connection, tls or otherwise.


That's where the X509 certificate comes in.   A man in the middle
would not have the proper private key to impersonate the Facebook
server that the certificate was issued to.

My understanding of his statement is that Facebook itself is the MITM,
collecting all our personal information.  Too true.

Current thread:

Re: Facebook insecure by design Michael Thomas (Oct 02)
- Re: Facebook insecure by design Jimmy Hess (Oct 02)
  - Re: Facebook insecure by design William Allen Simpson (Oct 02)
    - Re: Facebook insecure by design Michael Thomas (Oct 02)
    - Re: Facebook insecure by design Patrick Sumby (Oct 03)
    - Re: Facebook insecure by design Jason Leschnik (Oct 03)
    - Re: Facebook insecure by design Michael Thomas (Oct 03)
- Re: Facebook insecure by design Valdis . Kletnieks (Oct 02)
  - Re: Facebook insecure by design Jimmy Hess (Oct 02)
    - Re: Facebook insecure by design Joel jaeggli (Oct 02)
    - Re: Facebook insecure by design Joel jaeggli (Oct 02)
    - Re: Facebook insecure by design Bill.Pilloud (Oct 04)
    - OT: Social Networking, Privacy and Control Jay Ashworth (Oct 04)

(Thread continues...)