Facebook insecure by design
ben at bencarleton.com
Fri Sep 30 12:32:31 UTC 2011
Actually, the reason for what happened in your example is that Cee Lo's
page has what is **technically** an app (called I Want You, as seen in
the sidebar under his profile photo) set as the default screen for when
you view his page. The app (that does admittedly looks like it could be
an official feature from facebook) uses externally-hosted HTTP-only
content, which Facebook will detect and warn you about.
On 9/30/2011 5:05 AM, William Allen Simpson wrote:
> In accord with the recent thread, "facebook spying on us?"
> We should also worry about other spying on us. Without
> some sort of rudimentary security, all that personally
> identifiable information is exposed on our ISP networks,
> over WiFi, etc.
> Facebook claims to be able to run over TLS connections.
> Not so much (see attached picture).
> This wasn't an "app", this is the simple default content of a
> page accessed after a Google search.
More information about the NANOG