I would like to add few things to the Facebook topic last week IMPACT hosted a conference called POLCYB for the POLCYB organization and the last theme panel was related to social networking. The POLCYB commite invited one of the security people from Facebook. From his talk he was trying to make the people to ask him (knowing most of them are government and high level people) and he was trying to potray that Facebook is doing its best to protect people privacy and other matters related to Child Online Protection.
I just couldn't accept what he is saying so I asked him two questions: 1- from coporate responsibility, from Facebook response to cases and from data protection. could you tell me why Facebook took too long to implement SSL as layer of protection especially when FireSheep came out. while other companies like google implemented in a very fast manner. 2- can you explain to me how people data is private. when I can access it easily and the privacy setting keep changing sometimes to its worst? his response was that facebook didn't take too long to apply SSL and they did it in January (side note: FYI FireSheep was out lets say Novemeber that means it took them 2 months) and maybe if we are late because of the applications we have. and SSL is not really that secure (at least its another layer of protection) in terms of privacy we are trying to balance for people preference. so I asked again you are talking about application so you are saying that google and microsoft don't have any application and they just roll out SSL? (He didn't answer this question) and we are talking about privacy especially related to Children do you really think it is safe and how does people know what is the best preference, when your default settings is share to all. his response was parents should educate them and inform them and monitor them. (how many parents now about privacy issues, some of them they only know how to go to news and emails.. they have no idea about social networking and what other people might do with information on the net) how about our friends who are working in offices and what kinda information they share.. so, basically as David said: "Protecting your Facebook password is a lot like trying to be modest when you're already naked" this facebook decryptor won't protect you from Phishing or keylogger :-) another thing is very ironic when people came face to face and ask about you and some of the questions you might make you say non of your business (indicating privacy) while people actually share everything in facebook or twitter On Fri, Mar 4, 2011 at 9:52 AM, David Fetter <[email protected]> wrote: > Protecting your Facebook password is a lot like trying to be modest > when you're already naked. > > It's *really* important to understand that Facebook is not your > friend. It's a multinational conglomerate that models you as a cheap > source of information it can sell to others. Its business model has > been this from the very beginning, and is less likely to change > significantly from it than Malaysia is to become a strictly Christian > country. > > If people don't like this reality, it's on them to build and maintain > social networking systems which are not based on this kind of > exploitation. > > Here are a few :) > > http://techcrunch.com/2010/11/25/onesocialweb-appleseed-elgg-insoshi/ > > Cheers, > David. > On Fri, Mar 04, 2011 at 09:48:37AM +0800, Hazrul Hamzah wrote: > > Hi Dave, > > > > Even though ur comment is kinda hard and might hit the nerve to most of > us here, I do agree with u 100 percent. > > We hv to look the purpose of fb and might read the toc/tos or disclaimer. > Anyway one of the main revenue for them perhaps come from adv and of course > there are ppl who take advantage/profit from it. > > > > _______________________________________________ > > Owasp-Malaysia mailing list > > [email protected] > > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > > > OWASP Malaysia Wiki > > http://www.owasp.my > > > > OWASP Malaysia Facebook > > http://www.facebook.com/OWASP.Malaysia > > > > OWASP Malaysia Twitter #owaspmy > > http://www.twitter.com/owaspmy > > -- > David Fetter <[email protected]> http://fetter.org/ > Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter > Skype: davidfetter XMPP: [email protected] > iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics > > Remember to vote! > Consider donating to Postgres: http://www.postgresql.org/about/donate > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.my > > OWASP Malaysia Facebook > http://www.facebook.com/OWASP.Malaysia > > OWASP Malaysia Twitter #owaspmy > http://www.twitter.com/owaspmy >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.my OWASP Malaysia Facebook http://www.facebook.com/OWASP.Malaysia OWASP Malaysia Twitter #owaspmy http://www.twitter.com/owaspmy
