nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Facebook insecure by design

From: Michael Thomas <mike () mtcc com>
Date: Mon, 03 Oct 2011 10:21:36 -0700
Jason Leschnik wrote:

On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson <
william.allen.simpson () gmail com> wrote:


On 10/2/11 12:36 PM, Jimmy Hess wrote:


On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas<mike () mtcc com>  wrote:


I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connection, tls or
otherwise.


That's where the X509 certificate comes in.   A man in the middle
would not have the proper private key to impersonate the Facebook
server that the certificate was issued to.

 My understanding of his statement is that Facebook itself is the MITM,

collecting all our personal information.  Too true.



I assume that any MITM is actually going to try and prevent our data from
making it to the end point i.e the real attacker.


What fun would that be? Seriously though, a MITM doesn't have to be disruptive;
there are a zillion and three other reasons. Like getting a big budg hollywood
movie made about you.

Mike
Previous By Date Next
Previous By Thread Next

Current thread: