Facebook insecure by design

• Previous message (by thread): Facebook insecure by design
• Next message (by thread): Facebook insecure by design
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/2/11 12:36 PM, Jimmy Hess wrote:
> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com>  wrote:
>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>> The man in the middle is the other side of the connection, tls or otherwise.
>
> That's where the X509 certificate comes in.   A man in the middle
> would not have the proper private key to impersonate the Facebook
> server that the certificate was issued to.
>
My understanding of his statement is that Facebook itself is the MITM,
collecting all our personal information.  Too true.

• Previous message (by thread): Facebook insecure by design
• Next message (by thread): Facebook insecure by design
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]