Facebook insecure by design

Joel jaeggli joelja at bogus.com
Sun Oct 2 18:05:38 CDT 2011


On 10/2/11 15:43 , Joel jaeggli wrote:
> On 10/2/11 15:25 , Jimmy Hess wrote:
>> On Sun, Oct 2, 2011 at 4:53 PM,  <Valdis.Kletnieks at vt.edu> wrote:
>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
>>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>>> The man in the middle is the other side of the connection, tls or otherwise.
>>> Ooh.. subtle. :)
>>
>> Man in the Middle (MITM) is a technical term that refers to a rather
>> specific kind of attack.
>>
>> In this case, I believe the proper term would be just "The man".
>> [Or  "Man at the Other End  (MATOE)"];  you either trust Facebook with
>> info to send to
>> them or you don't, and network security is only for securing the
>> transportation of that information
>> you opt to send facebook.
> 
> alice sends charlie a message using bob's api, bob can observe and
> probably monetize the contents.
> 
>> Yes, if Alice sends Bob an encrypted message that Bob can read, and
>> Bob turns out to
>> be untrustworthy,  then  Bob can sell/re-use the information in an
>> abusive/unapproved way for
>> personal or economic profit.
> 
> charlie is probably untrustworthy, bob is probably moreso (mostly
                                                           ^
							trustworthy
> because bob has more to lose than charlie), alice isn't cognizant of the
> implications of running charlie's app on bob's platform despite the
> numerous disclaimers she blindly clicked through on the way there.
> 
> 
> 
>> --
>> -JH
>>
> 
> 




More information about the NANOG mailing list