Just about everything on Google pages is https these days, even search if you enable it.
If anybody on this thread uses gmail com a you really ought to take a look at google plus. Compare the way user privacy is the primary objective, versus the share everything by default of facebook. I cannot think of anything that could do something like this in the Gmail or Plus products. On Oct 19, 2011 11:22 PM, "Murtaza" <leothelion.murt...@gmail.com> wrote: > Going back to the initial security problem identified by Williams, I also > experienced something today. I guess he is right about that. I am behind a > proxy and I just disabled the proxy for "Secure Web" which means HTTPS. > Now guess what I was still able to access facebook while I was not able to > access google. That clearly means there is something wrong. What do you > guys > think? > Ghulam > > On Wed, Oct 5, 2011 at 2:28 AM, Bill.Pilloud <bill.pill...@gmail.com> > wrote: > > > Is this not the nature of social media? If you want to make sure > something > > is secure (sensitive information), Why is it on social media. If you are > > worried about it being monetised, I think Google has already done that. > > ----- Original Message ----- From: "Joel jaeggli" <joe...@bogus.com> > > To: "Jimmy Hess" <mysi...@gmail.com> > > Cc: <nanog@nanog.org> > > Sent: Sunday, October 02, 2011 4:05 PM > > Subject: Re: Facebook insecure by design > > > > > > > > On 10/2/11 15:43 , Joel jaeggli wrote: > >> > >>> On 10/2/11 15:25 , Jimmy Hess wrote: > >>> > >>>> On Sun, Oct 2, 2011 at 4:53 PM, <valdis.kletni...@vt.edu> wrote: > >>>> > >>>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: > >>>>> > >>>>>> I'm not sure why lack of TLS is considered to be problem with > >>>>>> Facebook. > >>>>>> The man in the middle is the other side of the connection, tls or > >>>>>> otherwise. > >>>>>> > >>>>> Ooh.. subtle. :) > >>>>> > >>>> > >>>> Man in the Middle (MITM) is a technical term that refers to a rather > >>>> specific kind of attack. > >>>> > >>>> In this case, I believe the proper term would be just "The man". > >>>> [Or "Man at the Other End (MATOE)"]; you either trust Facebook with > >>>> info to send to > >>>> them or you don't, and network security is only for securing the > >>>> transportation of that information > >>>> you opt to send facebook. > >>>> > >>> > >>> alice sends charlie a message using bob's api, bob can observe and > >>> probably monetize the contents. > >>> > >>> Yes, if Alice sends Bob an encrypted message that Bob can read, and > >>>> Bob turns out to > >>>> be untrustworthy, then Bob can sell/re-use the information in an > >>>> abusive/unapproved way for > >>>> personal or economic profit. > >>>> > >>> > >>> charlie is probably untrustworthy, bob is probably moreso (mostly > >>> > >> ^ > >> trustworthy > >> > >>> because bob has more to lose than charlie), alice isn't cognizant of > the > >>> implications of running charlie's app on bob's platform despite the > >>> numerous disclaimers she blindly clicked through on the way there. > >>> > >>> > >>> > >>> -- > >>>> -JH > >>>> > >>>> > >>> > >>> > >> > >> > > > > >
