Facebook insecure by design
Jason Leschnik
leschnik at gmail.com
Mon Oct 3 16:08:41 UTC 2011
On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson <
william.allen.simpson at gmail.com> wrote:
> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>
>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com> wrote:
>>
>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>> The man in the middle is the other side of the connection, tls or
>>> otherwise.
>>>
>>
>> That's where the X509 certificate comes in. A man in the middle
>> would not have the proper private key to impersonate the Facebook
>> server that the certificate was issued to.
>>
>> My understanding of his statement is that Facebook itself is the MITM,
> collecting all our personal information. Too true.
>
>
I assume that any MITM is actually going to try and prevent our data from
making it to the end point i.e the real attacker.
--
Regards,
Jason Leschnik.
[m] 0432 35 4224
[w@] jason dot leschnik <at> ansto dot gov dot au<jason.leschnik at ansto.gov.au>
[U@] jml974 at uow.edu.au
More information about the NANOG
mailing list