[145281] in North American Network Operators' Group
Re: Facebook insecure by design
daemon@ATHENA.MIT.EDU (Patrick Sumby)
Mon Oct 3 10:54:21 2011
Date: Mon, 03 Oct 2011 15:53:28 +0100
From: Patrick Sumby <patrick.sumby@sohonet.co.uk>
To: nanog@nanog.org
In-Reply-To: <4E88A705.7030803@mtcc.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 02/10/2011 19:01, Michael Thomas wrote:
> William Allen Simpson wrote:
>> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike@mtcc.com> wrote:
>>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>>> The man in the middle is the other side of the connection, tls or
>>>> otherwise.
>>>
>>> That's where the X509 certificate comes in. A man in the middle
>>> would not have the proper private key to impersonate the Facebook
>>> server that the certificate was issued to.
>>>
>> My understanding of his statement is that Facebook itself is the MITM,
>> collecting all our personal information. Too true.
>
> Bingo.
>
> Mike
>
+1
