[145321] in North American Network Operators' Group
Re: Facebook insecure by design
daemon@ATHENA.MIT.EDU (Bill.Pilloud)
Tue Oct 4 11:30:47 2011
From: "Bill.Pilloud" <bill.pilloud@gmail.com>
To: "Joel jaeggli" <joelja@bogus.com>,
"Jimmy Hess" <mysidia@gmail.com>
Date: Tue, 4 Oct 2011 08:28:53 -0700
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Is this not the nature of social media? If you want to make sure something
is secure (sensitive information), Why is it on social media. If you are
worried about it being monetised, I think Google has already done that.
----- Original Message -----
From: "Joel jaeggli" <joelja@bogus.com>
To: "Jimmy Hess" <mysidia@gmail.com>
Cc: <nanog@nanog.org>
Sent: Sunday, October 02, 2011 4:05 PM
Subject: Re: Facebook insecure by design
> On 10/2/11 15:43 , Joel jaeggli wrote:
>> On 10/2/11 15:25 , Jimmy Hess wrote:
>>> On Sun, Oct 2, 2011 at 4:53 PM, <Valdis.Kletnieks@vt.edu> wrote:
>>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
>>>>> I'm not sure why lack of TLS is considered to be problem with
>>>>> Facebook.
>>>>> The man in the middle is the other side of the connection, tls or
>>>>> otherwise.
>>>> Ooh.. subtle. :)
>>>
>>> Man in the Middle (MITM) is a technical term that refers to a rather
>>> specific kind of attack.
>>>
>>> In this case, I believe the proper term would be just "The man".
>>> [Or "Man at the Other End (MATOE)"]; you either trust Facebook with
>>> info to send to
>>> them or you don't, and network security is only for securing the
>>> transportation of that information
>>> you opt to send facebook.
>>
>> alice sends charlie a message using bob's api, bob can observe and
>> probably monetize the contents.
>>
>>> Yes, if Alice sends Bob an encrypted message that Bob can read, and
>>> Bob turns out to
>>> be untrustworthy, then Bob can sell/re-use the information in an
>>> abusive/unapproved way for
>>> personal or economic profit.
>>
>> charlie is probably untrustworthy, bob is probably moreso (mostly
> ^
> trustworthy
>> because bob has more to lose than charlie), alice isn't cognizant of the
>> implications of running charlie's app on bob's platform despite the
>> numerous disclaimers she blindly clicked through on the way there.
>>
>>
>>
>>> --
>>> -JH
>>>
>>
>>
>
>
