Facebook insecure by design

Michael Thomas mike at mtcc.com
Sun Oct 2 18:01:41 UTC 2011


William Allen Simpson wrote:
> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com>  wrote:
>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>> The man in the middle is the other side of the connection, tls or 
>>> otherwise.
>>
>> That's where the X509 certificate comes in.   A man in the middle
>> would not have the proper private key to impersonate the Facebook
>> server that the certificate was issued to.
>>
> My understanding of his statement is that Facebook itself is the MITM,
> collecting all our personal information.  Too true.

Bingo.

Mike




More information about the NANOG mailing list