[145246] in North American Network Operators' Group
Re: Facebook insecure by design
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Sun Oct 2 13:28:38 2011
Date: Sun, 02 Oct 2011 13:27:00 -0400
From: William Allen Simpson <william.allen.simpson@gmail.com>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbVj2Nnnk5ZE6q1684gFRz_r2Y_Dx1YcntztuCVTD3881w@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10/2/11 12:36 PM, Jimmy Hess wrote:
> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike@mtcc.com> wrote:
>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>> The man in the middle is the other side of the connection, tls or otherwise.
>
> That's where the X509 certificate comes in. A man in the middle
> would not have the proper private key to impersonate the Facebook
> server that the certificate was issued to.
>
My understanding of his statement is that Facebook itself is the MITM,
collecting all our personal information. Too true.
