[outages] facebook slow

• Previous message (by thread): [outages] facebook slow
• Next message (by thread): [outages] facebook slow
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 30, 2018 at 04:12:27PM -0500, valdis.kletnieks at vt.edu wrote:
> I'm going to go out on a limb and say that with all the problems inherent in
> using a social media account as an authenticator, for 95% of sites it's still
> more secure than if they attempted to create their own authentication system.

[snip good analysis]

However, there can be little doubt at this point that all major social
media sites have long since been thorougly compromised.  Of course
they have: the attacker budget for doing so is enormous, easily
enough to bring to bear advanced cryptanalysis techniques, judicious
deployment of exploits including home-grown 0-days, and the assistance of
willingly/unwillingly co-opted insiders.  Meanwhile, the defenders have
shown themselves to be stunningly inept and have accrued a long-term
track record of massive data breaches almost too numerous to catalog.
(And those are just the ones we know about to date.  Surely there are
more waiting in the wings.)  This isn't really surprising: after all, it's
not *their* data, so why should they invest time and money in securing it?

Sadly, your point about the difficulty of creating homegrown authentication
systems is also accurate.  Therefore: we're just screwed.

---rsk

---rsk

• Previous message (by thread): [outages] facebook slow
• Next message (by thread): [outages] facebook slow
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]