Going back to the initial security problem identified by Williams, I also experienced something today. I guess he is right about that. I am behind a proxy and I just disabled the proxy for "Secure Web" which means HTTPS. Now guess what I was still able to access facebook while I was not able to access google. That clearly means there is something wrong. What do you guys think? Ghulam
On Wed, Oct 5, 2011 at 2:28 AM, Bill.Pilloud <bill.pill...@gmail.com> wrote: > Is this not the nature of social media? If you want to make sure something > is secure (sensitive information), Why is it on social media. If you are > worried about it being monetised, I think Google has already done that. > ----- Original Message ----- From: "Joel jaeggli" <joe...@bogus.com> > To: "Jimmy Hess" <mysi...@gmail.com> > Cc: <nanog@nanog.org> > Sent: Sunday, October 02, 2011 4:05 PM > Subject: Re: Facebook insecure by design > > > > On 10/2/11 15:43 , Joel jaeggli wrote: >> >>> On 10/2/11 15:25 , Jimmy Hess wrote: >>> >>>> On Sun, Oct 2, 2011 at 4:53 PM, <valdis.kletni...@vt.edu> wrote: >>>> >>>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: >>>>> >>>>>> I'm not sure why lack of TLS is considered to be problem with >>>>>> Facebook. >>>>>> The man in the middle is the other side of the connection, tls or >>>>>> otherwise. >>>>>> >>>>> Ooh.. subtle. :) >>>>> >>>> >>>> Man in the Middle (MITM) is a technical term that refers to a rather >>>> specific kind of attack. >>>> >>>> In this case, I believe the proper term would be just "The man". >>>> [Or "Man at the Other End (MATOE)"]; you either trust Facebook with >>>> info to send to >>>> them or you don't, and network security is only for securing the >>>> transportation of that information >>>> you opt to send facebook. >>>> >>> >>> alice sends charlie a message using bob's api, bob can observe and >>> probably monetize the contents. >>> >>> Yes, if Alice sends Bob an encrypted message that Bob can read, and >>>> Bob turns out to >>>> be untrustworthy, then Bob can sell/re-use the information in an >>>> abusive/unapproved way for >>>> personal or economic profit. >>>> >>> >>> charlie is probably untrustworthy, bob is probably moreso (mostly >>> >> ^ >> trustworthy >> >>> because bob has more to lose than charlie), alice isn't cognizant of the >>> implications of running charlie's app on bob's platform despite the >>> numerous disclaimers she blindly clicked through on the way there. >>> >>> >>> >>> -- >>>> -JH >>>> >>>> >>> >>> >> >> > >
