Facebook insecure by design

Michael Thomas mike at mtcc.com
Mon Oct 3 12:21:36 CDT 2011


Jason Leschnik wrote:
> On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson <
> william.allen.simpson at gmail.com> wrote:
> 
>> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>>
>>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike at mtcc.com>  wrote:
>>>
>>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>>> The man in the middle is the other side of the connection, tls or
>>>> otherwise.
>>>>
>>> That's where the X509 certificate comes in.   A man in the middle
>>> would not have the proper private key to impersonate the Facebook
>>> server that the certificate was issued to.
>>>
>>>  My understanding of his statement is that Facebook itself is the MITM,
>> collecting all our personal information.  Too true.
>>
>>
> I assume that any MITM is actually going to try and prevent our data from
> making it to the end point i.e the real attacker.

What fun would that be? Seriously though, a MITM doesn't have to be disruptive;
there are a zillion and three other reasons. Like getting a big budg hollywood
movie made about you.

Mike




More information about the NANOG mailing list