Re: Facebook insecure by design

["steve pirk [egrep]" <steve () pirk com>]

Just about everything on Google pages is https these days, even search if
you enable it.

If anybody on this thread uses gmail com a you really ought to take a look
at google plus. Compare the way user privacy is the primary objective,
versus the share everything by default of facebook.

I cannot think of anything that could do something like this in the Gmail or
Plus products.
 On Oct 19, 2011 11:22 PM, "Murtaza" <leothelion.murtaza () gmail com> wrote:

> Going back to the initial security problem identified by Williams, I also
> experienced something today. I guess he is right about that. I am behind a
> proxy and I just disabled the proxy for "Secure Web" which means HTTPS.
> Now guess what I was still able to access facebook while I was not able to
> access google. That clearly means there is something wrong. What do you
> guys
> think?
> Ghulam
>
> On Wed, Oct 5, 2011 at 2:28 AM, Bill.Pilloud <bill.pilloud () gmail com>
> wrote:
>
> > Is this not the nature of social media? If you want to make sure
> something
> > is secure (sensitive information), Why is it on social media. If you are
> > worried about it being monetised, I think Google has already done that.
> > ----- Original Message ----- From: "Joel jaeggli" <joelja () bogus com>
> > To: "Jimmy Hess" <mysidia () gmail com>
> > Cc: <nanog () nanog org>
> > Sent: Sunday, October 02, 2011 4:05 PM
> > Subject: Re: Facebook insecure by design
> >
> >
> >
> >  On 10/2/11 15:43 , Joel jaeggli wrote:
> > > > On 10/2/11 15:25 , Jimmy Hess wrote:
> > > >
> > > > > On Sun, Oct 2, 2011 at 4:53 PM,  <Valdis.Kletnieks () vt edu> wrote:
> > > > >
> > > > > > On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
> > > > > >
> > > > > > > I'm not sure why lack of TLS is considered to be problem with
> > > > > > > Facebook.
> > > > > > > The man in the middle is the other side of the connection, tls or
> > > > > > > otherwise.
> > > > > > Ooh.. subtle. :)
> > > > >
> > > > > Man in the Middle (MITM) is a technical term that refers to a rather
> > > > > specific kind of attack.
> > > > >
> > > > > In this case, I believe the proper term would be just "The man".
> > > > > [Or  "Man at the Other End  (MATOE)"];  you either trust Facebook with
> > > > > info to send to
> > > > > them or you don't, and network security is only for securing the
> > > > > transportation of that information
> > > > > you opt to send facebook.
> > > >
> > > > alice sends charlie a message using bob's api, bob can observe and
> > > > probably monetize the contents.
> > > >
> > > >  Yes, if Alice sends Bob an encrypted message that Bob can read, and
> > > > > Bob turns out to
> > > > > be untrustworthy,  then  Bob can sell/re-use the information in an
> > > > > abusive/unapproved way for
> > > > > personal or economic profit.
> > > >
> > > > charlie is probably untrustworthy, bob is probably moreso (mostly
> > >                                                          ^
> > > trustworthy
> > >
> > > > because bob has more to lose than charlie), alice isn't cognizant of
> the
> > > > implications of running charlie's app on bob's platform despite the
> > > > numerous disclaimers she blindly clicked through on the way there.
> > > >
> > > >
> > > >
> > > >  --
> > > > > -JH