Facebook insecure by design

Patrick Sumby patrick.sumby at sohonet.co.uk
Mon Oct 3 09:53:28 CDT 2011


On 02/10/2011 19:01, Michael Thomas wrote:
> William Allen Simpson wrote:
>> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com> wrote:
>>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>>> The man in the middle is the other side of the connection, tls or
>>>> otherwise.
>>>
>>> That's where the X509 certificate comes in. A man in the middle
>>> would not have the proper private key to impersonate the Facebook
>>> server that the certificate was issued to.
>>>
>> My understanding of his statement is that Facebook itself is the MITM,
>> collecting all our personal information. Too true.
>
> Bingo.
>
> Mike
>

+1




More information about the NANOG mailing list