Facebook insecure by design
William Allen Simpson
william.allen.simpson at gmail.com
Sun Oct 2 17:27:00 UTC 2011
On 10/2/11 12:36 PM, Jimmy Hess wrote:
> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com> wrote:
>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>> The man in the middle is the other side of the connection, tls or otherwise.
> That's where the X509 certificate comes in. A man in the middle
> would not have the proper private key to impersonate the Facebook
> server that the certificate was issued to.
My understanding of his statement is that Facebook itself is the MITM,
collecting all our personal information. Too true.
More information about the NANOG