Re: Facebook insecure by design
> From: "steve pirk [egrep]" > Date: Wed, 26 Oct 2011 09:24:04 -0700 > Subject: Re: Facebook insecure by design > > On Oct 24, 2011 7:55 AM, "Robert Bonomi" wrote: > > > > > > > You can even download it all and erase yourself if > > > you want out. > > > > Don't count on it. You may 'disappear' from public view, but that does > > not necessarily mean the data is truely 'gone'. Specific example -- if > you > > request a USENET posting to be removed, all they do is make it 'invisible' > > to the world. It is _not_ removed from the databases, or from inernal > > access/use. > > > > > > That is a very good point, and one of the things that is being tested now > that Buzz is going into archive mode. Users are given the option of backing > up their posts on Buzz, and then deleting their Buzz content. Many like > myself will just leave it there. It is a year+ of history, and what I posted > publicly can stay public. > > It is supposed to remove all your Buzz content from the service and I > believe it includes the content shared only with certain individuals. It > does not completely erase it, because I believe email copies of the posts > and comments that people had sent to their Gmail accounts will remain with > those users. > > Deleting a product like your Picasa web albums is permanent as far as I > know, but I will definitely ask some people on the Picasa team. Deleting > your search history and other Dashboard items is supposed to be permanent, > but as you pointed out, we are taking Google's word for it. > I _don't_ know, but I *strongly* suspect that things like search history _are_ kept -- although 'detached' from any identification of the original person. That kind of information is simply 'too valuable' -- for pattern recognition, say -- to entirely discard. I also suspect it remains as part of lots of aggregate demographics, etc. I wouldn't be surrised if they kept statistal data on 'who deletes what'.
Re: Facebook insecure by design
On Oct 24, 2011 7:55 AM, "Robert Bonomi" wrote: > > > > You can even download it all and erase yourself if > > you want out. > > Don't count on it. You may 'disappear' from public view, but that does > not necessarily mean the data is truely 'gone'. Specific example -- if you > request a USENET posting to be removed, all they do is make it 'invisible' > to the world. It is _not_ removed from the databases, or from inernal > access/use. > > That is a very good point, and one of the things that is being tested now that Buzz is going into archive mode. Users are given the option of backing up their posts on Buzz, and then deleting their Buzz content. Many like myself will just leave it there. It is a year+ of history, and what I posted publicly can stay public. It is supposed to remove all your Buzz content from the service and I believe it includes the content shared only with certain individuals. It does not completely erase it, because I believe email copies of the posts and comments that people had sent to their Gmail accounts will remain with those users. Deleting a product like your Picasa web albums is permanent as far as I know, but I will definitely ask some people on the Picasa team. Deleting your search history and other Dashboard items is supposed to be permanent, but as you pointed out, we are taking Google's word for it. --steve
Re: Facebook insecure by design
The real question is why the referrer field was not under user control in the first place. Having to never click on a link, but rather to cut and paste it into the address bar is not a satisfactory work-around. Still, why has it not been put under user control, now that we have a better appreciation of the hazards of that information leakage? -- -=[L]=- Reassembled from random thought waves This is not a signature line.
Re: Facebook insecure by design
> Date: Sun, 23 Oct 2011 21:45:33 -0700 > Subject: Re: Facebook insecure by design > Cc: nanog@nanog.org > > The way I look at it, unless you want to host everything yourself, you have > to choose "someone" to be your Unix like home directory in the cloud. Correct. Either it's 'local', or it's "somewhere else" -- by definition. :) > Of all the internet entities out there, Google has had the best track record > of protecting your data. As far as we know, that is. Remember the old saying about 'undiscovered bugs'. > You can even download it all and erase yourself if > you want out. Don't count on it. You may 'disappear' from public view, but that does not necessarily mean the data is truely 'gone'. Specific example -- if you request a USENET posting to be removed, all they do is make it 'invisible' to the world. It is _not_ removed from the databases, or from inernal access/use.
Re: Facebook insecure by design
That was a most excellent example Jay. I see what the issue is now. This could be related to work Google did to plus shortly after launch. Buzz and now Google+ are https only. Google cooked up a URL processer that took clicks to external content like article links, and massaged the referrer be readable as http to show where the visitor came from. Sanitized of any personal data I assume. The problem they were trying to fix was no one knew any users were coming from Buzz clicks. They fixed that in +. I am thinking something of the same might fix the search issues. It could also be that a Googler saw Lauren's post and the debate has already started. -steve On Oct 23, 2011 4:04 PM, "Jay Ashworth" wrote: > - Original Message - > > From: "Jeroen Massar" > > > On 2011-10-23 19:43 , steve pirk [egrep] wrote: > > > Just about everything on Google pages is https these days, even > > > search if you enable it. > > > > (or just use https://encrypted.google.com which is available for quite > > some time already) > > Note that Lauren Weinstein has just put out a Privacy Digest posting noting > that the referer behavior differs between https://encrypted.google.com and > https://www.google.com in a way that implies that, again, someone at > Google > may not have gotten the Don't Be Evil memo... > > http://lauren.vortex.com/archive/000906.html > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC > 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover > DII > St Petersburg FL USA http://photo.imageinc.us +1 727 647 > 1274 > >
Re: Facebook insecure by design
I follow Lauren on plus, and also on buzz, and we have discussed privacy stuff a lot. The way I look at it, unless you want to host everything yourself, you have to choose "someone" to be your Unix like home directory in the cloud. Of all the internet entities out there, Google has had the best track record of protecting your data. You can even download it all and erase yourself if you want out. Apps accounts and pseudonym accounts are coming soon. It was announced by Vic himself at web 2.0. I need to send that post by Lauren to the gmail account. He always finds good issues. It could be that I am off base. On Oct 23, 2011 4:04 PM, "Jay Ashworth" wrote: > - Original Message - > > From: "Jeroen Massar" > > > On 2011-10-23 19:43 , steve pirk [egrep] wrote: > > > Just about everything on Google pages is https these days, even > > > search if you enable it. > > > > (or just use https://encrypted.google.com which is available for quite > > some time already) > > Note that Lauren Weinstein has just put out a Privacy Digest posting noting > that the referer behavior differs between https://encrypted.google.com and > https://www.google.com in a way that implies that, again, someone at > Google > may not have gotten the Don't Be Evil memo... > > http://lauren.vortex.com/archive/000906.html > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC > 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover > DII > St Petersburg FL USA http://photo.imageinc.us +1 727 647 > 1274 > >
Re: Facebook insecure by design
- Original Message - > From: "Jeroen Massar" > On 2011-10-23 19:43 , steve pirk [egrep] wrote: > > Just about everything on Google pages is https these days, even > > search if you enable it. > > (or just use https://encrypted.google.com which is available for quite > some time already) Note that Lauren Weinstein has just put out a Privacy Digest posting noting that the referer behavior differs between https://encrypted.google.com and https://www.google.com in a way that implies that, again, someone at Google may not have gotten the Don't Be Evil memo... http://lauren.vortex.com/archive/000906.html Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: Facebook insecure by design
[hmmm this subject is not really ops now is it...] On 2011-10-23 19:43 , steve pirk [egrep] wrote: > Just about everything on Google pages is https these days, even search if > you enable it. (or just use https://encrypted.google.com which is available for quite some time already) > If anybody on this thread uses gmail com a you really ought to take a look > at google plus. Compare the way user privacy is the primary objective, > versus the share everything by default of facebook. Since when is encrypting a transport (in this case using TLS/SSL) 'user privacy' ? The only thing it is protecting is intermediate networks sniffing or even modifying the traffic and more importantly for the company who gets all your private information: their revenue stream when they sell that data. And really, giving all your private emails to a company that explicitly reads them (even if it is 'automated') to advertise to you and then mentioning 'user privacy' is just ridiculous ;) Greets, Jeroen
Re: Facebook insecure by design
Just about everything on Google pages is https these days, even search if you enable it. If anybody on this thread uses gmail com a you really ought to take a look at google plus. Compare the way user privacy is the primary objective, versus the share everything by default of facebook. I cannot think of anything that could do something like this in the Gmail or Plus products. On Oct 19, 2011 11:22 PM, "Murtaza" wrote: > Going back to the initial security problem identified by Williams, I also > experienced something today. I guess he is right about that. I am behind a > proxy and I just disabled the proxy for "Secure Web" which means HTTPS. > Now guess what I was still able to access facebook while I was not able to > access google. That clearly means there is something wrong. What do you > guys > think? > Ghulam > > On Wed, Oct 5, 2011 at 2:28 AM, Bill.Pilloud > wrote: > > > Is this not the nature of social media? If you want to make sure > something > > is secure (sensitive information), Why is it on social media. If you are > > worried about it being monetised, I think Google has already done that. > > - Original Message - From: "Joel jaeggli" > > To: "Jimmy Hess" > > Cc: > > Sent: Sunday, October 02, 2011 4:05 PM > > Subject: Re: Facebook insecure by design > > > > > > > > On 10/2/11 15:43 , Joel jaeggli wrote: > >> > >>> On 10/2/11 15:25 , Jimmy Hess wrote: > >>> > >>>> On Sun, Oct 2, 2011 at 4:53 PM, wrote: > >>>> > >>>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: > >>>>> > >>>>>> I'm not sure why lack of TLS is considered to be problem with > >>>>>> Facebook. > >>>>>> The man in the middle is the other side of the connection, tls or > >>>>>> otherwise. > >>>>>> > >>>>> Ooh.. subtle. :) > >>>>> > >>>> > >>>> Man in the Middle (MITM) is a technical term that refers to a rather > >>>> specific kind of attack. > >>>> > >>>> In this case, I believe the proper term would be just "The man". > >>>> [Or "Man at the Other End (MATOE)"]; you either trust Facebook with > >>>> info to send to > >>>> them or you don't, and network security is only for securing the > >>>> transportation of that information > >>>> you opt to send facebook. > >>>> > >>> > >>> alice sends charlie a message using bob's api, bob can observe and > >>> probably monetize the contents. > >>> > >>> Yes, if Alice sends Bob an encrypted message that Bob can read, and > >>>> Bob turns out to > >>>> be untrustworthy, then Bob can sell/re-use the information in an > >>>> abusive/unapproved way for > >>>> personal or economic profit. > >>>> > >>> > >>> charlie is probably untrustworthy, bob is probably moreso (mostly > >>> > >> ^ > >> trustworthy > >> > >>> because bob has more to lose than charlie), alice isn't cognizant of > the > >>> implications of running charlie's app on bob's platform despite the > >>> numerous disclaimers she blindly clicked through on the way there. > >>> > >>> > >>> > >>> -- > >>>> -JH > >>>> > >>>> > >>> > >>> > >> > >> > > > > >
Re: Facebook insecure by design
Going back to the initial security problem identified by Williams, I also experienced something today. I guess he is right about that. I am behind a proxy and I just disabled the proxy for "Secure Web" which means HTTPS. Now guess what I was still able to access facebook while I was not able to access google. That clearly means there is something wrong. What do you guys think? Ghulam On Wed, Oct 5, 2011 at 2:28 AM, Bill.Pilloud wrote: > Is this not the nature of social media? If you want to make sure something > is secure (sensitive information), Why is it on social media. If you are > worried about it being monetised, I think Google has already done that. > - Original Message - From: "Joel jaeggli" > To: "Jimmy Hess" > Cc: > Sent: Sunday, October 02, 2011 4:05 PM > Subject: Re: Facebook insecure by design > > > > On 10/2/11 15:43 , Joel jaeggli wrote: >> >>> On 10/2/11 15:25 , Jimmy Hess wrote: >>> >>>> On Sun, Oct 2, 2011 at 4:53 PM, wrote: >>>> >>>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: >>>>> >>>>>> I'm not sure why lack of TLS is considered to be problem with >>>>>> Facebook. >>>>>> The man in the middle is the other side of the connection, tls or >>>>>> otherwise. >>>>>> >>>>> Ooh.. subtle. :) >>>>> >>>> >>>> Man in the Middle (MITM) is a technical term that refers to a rather >>>> specific kind of attack. >>>> >>>> In this case, I believe the proper term would be just "The man". >>>> [Or "Man at the Other End (MATOE)"]; you either trust Facebook with >>>> info to send to >>>> them or you don't, and network security is only for securing the >>>> transportation of that information >>>> you opt to send facebook. >>>> >>> >>> alice sends charlie a message using bob's api, bob can observe and >>> probably monetize the contents. >>> >>> Yes, if Alice sends Bob an encrypted message that Bob can read, and >>>> Bob turns out to >>>> be untrustworthy, then Bob can sell/re-use the information in an >>>> abusive/unapproved way for >>>> personal or economic profit. >>>> >>> >>> charlie is probably untrustworthy, bob is probably moreso (mostly >>> >> ^ >> trustworthy >> >>> because bob has more to lose than charlie), alice isn't cognizant of the >>> implications of running charlie's app on bob's platform despite the >>> numerous disclaimers she blindly clicked through on the way there. >>> >>> >>> >>> -- >>>> -JH >>>> >>>> >>> >>> >> >> > >
Re: Facebook insecure by design
Is this not the nature of social media? If you want to make sure something is secure (sensitive information), Why is it on social media. If you are worried about it being monetised, I think Google has already done that. - Original Message - From: "Joel jaeggli" To: "Jimmy Hess" Cc: Sent: Sunday, October 02, 2011 4:05 PM Subject: Re: Facebook insecure by design On 10/2/11 15:43 , Joel jaeggli wrote: On 10/2/11 15:25 , Jimmy Hess wrote: On Sun, Oct 2, 2011 at 4:53 PM, wrote: On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. Ooh.. subtle. :) Man in the Middle (MITM) is a technical term that refers to a rather specific kind of attack. In this case, I believe the proper term would be just "The man". [Or "Man at the Other End (MATOE)"]; you either trust Facebook with info to send to them or you don't, and network security is only for securing the transportation of that information you opt to send facebook. alice sends charlie a message using bob's api, bob can observe and probably monetize the contents. Yes, if Alice sends Bob an encrypted message that Bob can read, and Bob turns out to be untrustworthy, then Bob can sell/re-use the information in an abusive/unapproved way for personal or economic profit. charlie is probably untrustworthy, bob is probably moreso (mostly ^ trustworthy because bob has more to lose than charlie), alice isn't cognizant of the implications of running charlie's app on bob's platform despite the numerous disclaimers she blindly clicked through on the way there. -- -JH
Re: Facebook insecure by design
Jason Leschnik wrote: On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson < william.allen.simp...@gmail.com> wrote: On 10/2/11 12:36 PM, Jimmy Hess wrote: On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. That's where the X509 certificate comes in. A man in the middle would not have the proper private key to impersonate the Facebook server that the certificate was issued to. My understanding of his statement is that Facebook itself is the MITM, collecting all our personal information. Too true. I assume that any MITM is actually going to try and prevent our data from making it to the end point i.e the real attacker. What fun would that be? Seriously though, a MITM doesn't have to be disruptive; there are a zillion and three other reasons. Like getting a big budg hollywood movie made about you. Mike
Re: Facebook insecure by design
On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson < william.allen.simp...@gmail.com> wrote: > On 10/2/11 12:36 PM, Jimmy Hess wrote: > >> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: >> >>> I'm not sure why lack of TLS is considered to be problem with Facebook. >>> The man in the middle is the other side of the connection, tls or >>> otherwise. >>> >> >> That's where the X509 certificate comes in. A man in the middle >> would not have the proper private key to impersonate the Facebook >> server that the certificate was issued to. >> >> My understanding of his statement is that Facebook itself is the MITM, > collecting all our personal information. Too true. > > I assume that any MITM is actually going to try and prevent our data from making it to the end point i.e the real attacker. -- Regards, Jason Leschnik. [m] 0432 35 4224 [w@] jason dot leschnik ansto dot gov dot au [U@] jml...@uow.edu.au
Re: Facebook insecure by design
On 02/10/2011 19:01, Michael Thomas wrote: William Allen Simpson wrote: On 10/2/11 12:36 PM, Jimmy Hess wrote: On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. That's where the X509 certificate comes in. A man in the middle would not have the proper private key to impersonate the Facebook server that the certificate was issued to. My understanding of his statement is that Facebook itself is the MITM, collecting all our personal information. Too true. Bingo. Mike +1
Re: Facebook insecure by design
On 10/2/11 15:43 , Joel jaeggli wrote: > On 10/2/11 15:25 , Jimmy Hess wrote: >> On Sun, Oct 2, 2011 at 4:53 PM, wrote: >>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. >>> Ooh.. subtle. :) >> >> Man in the Middle (MITM) is a technical term that refers to a rather >> specific kind of attack. >> >> In this case, I believe the proper term would be just "The man". >> [Or "Man at the Other End (MATOE)"]; you either trust Facebook with >> info to send to >> them or you don't, and network security is only for securing the >> transportation of that information >> you opt to send facebook. > > alice sends charlie a message using bob's api, bob can observe and > probably monetize the contents. > >> Yes, if Alice sends Bob an encrypted message that Bob can read, and >> Bob turns out to >> be untrustworthy, then Bob can sell/re-use the information in an >> abusive/unapproved way for >> personal or economic profit. > > charlie is probably untrustworthy, bob is probably moreso (mostly ^ trustworthy > because bob has more to lose than charlie), alice isn't cognizant of the > implications of running charlie's app on bob's platform despite the > numerous disclaimers she blindly clicked through on the way there. > > > >> -- >> -JH >> > >
Re: Facebook insecure by design
On 10/2/11 15:25 , Jimmy Hess wrote: > On Sun, Oct 2, 2011 at 4:53 PM, wrote: >> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: >>> I'm not sure why lack of TLS is considered to be problem with Facebook. >>> The man in the middle is the other side of the connection, tls or otherwise. >> Ooh.. subtle. :) > > Man in the Middle (MITM) is a technical term that refers to a rather > specific kind of attack. > > In this case, I believe the proper term would be just "The man". > [Or "Man at the Other End (MATOE)"]; you either trust Facebook with > info to send to > them or you don't, and network security is only for securing the > transportation of that information > you opt to send facebook. alice sends charlie a message using bob's api, bob can observe and probably monetize the contents. > Yes, if Alice sends Bob an encrypted message that Bob can read, and > Bob turns out to > be untrustworthy, then Bob can sell/re-use the information in an > abusive/unapproved way for > personal or economic profit. charlie is probably untrustworthy, bob is probably moreso (mostly because bob has more to lose than charlie), alice isn't cognizant of the implications of running charlie's app on bob's platform despite the numerous disclaimers she blindly clicked through on the way there. > -- > -JH >
Re: Facebook insecure by design
On Sun, Oct 2, 2011 at 4:53 PM, wrote: > On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: >> I'm not sure why lack of TLS is considered to be problem with Facebook. >> The man in the middle is the other side of the connection, tls or otherwise. > Ooh.. subtle. :) Man in the Middle (MITM) is a technical term that refers to a rather specific kind of attack. In this case, I believe the proper term would be just "The man". [Or "Man at the Other End (MATOE)"]; you either trust Facebook with info to send to them or you don't, and network security is only for securing the transportation of that information you opt to send facebook. Yes, if Alice sends Bob an encrypted message that Bob can read, and Bob turns out to be untrustworthy, then Bob can sell/re-use the information in an abusive/unapproved way for personal or economic profit. -- -JH
Re: Facebook insecure by design
On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said: > I'm not sure why lack of TLS is considered to be problem with Facebook. > The man in the middle is the other side of the connection, tls or otherwise. Ooh.. subtle. :) pgpOeyIJAJoCA.pgp Description: PGP signature
Re: Facebook insecure by design
William Allen Simpson wrote: On 10/2/11 12:36 PM, Jimmy Hess wrote: On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. That's where the X509 certificate comes in. A man in the middle would not have the proper private key to impersonate the Facebook server that the certificate was issued to. My understanding of his statement is that Facebook itself is the MITM, collecting all our personal information. Too true. Bingo. Mike
Re: Facebook insecure by design
On 10/2/11 12:36 PM, Jimmy Hess wrote: On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. That's where the X509 certificate comes in. A man in the middle would not have the proper private key to impersonate the Facebook server that the certificate was issued to. My understanding of his statement is that Facebook itself is the MITM, collecting all our personal information. Too true.
Re: Facebook insecure by design
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote: > I'm not sure why lack of TLS is considered to be problem with Facebook. > The man in the middle is the other side of the connection, tls or otherwise. That's where the X509 certificate comes in. A man in the middle would not have the proper private key to impersonate the Facebook server that the certificate was issued to. Supporting TLS in their case is not good enough... they would need to force all connections to be over TLS, to achieve security against MITM. As soon as an app causes the end user to switch to a non-TLS connection, they are vulnerable. > > Mike -- -JH
Re: Facebook insecure by design
William Allen Simpson wrote: In accord with the recent thread, "facebook spying on us?" We should also worry about other spying on us. Without some sort of rudimentary security, all that personally identifiable information is exposed on our ISP networks, over WiFi, etc. Facebook claims to be able to run over TLS connections. Not so much (see attached picture). This wasn't an "app", this is the simple default content of a page accessed after a Google search. I'm not sure why lack of TLS is considered to be problem with Facebook. The man in the middle is the other side of the connection, tls or otherwise. Mike
Re: Facebook insecure by design
Actually, the reason for what happened in your example is that Cee Lo's page has what is **technically** an app (called I Want You, as seen in the sidebar under his profile photo) set as the default screen for when you view his page. The app (that does admittedly looks like it could be an official feature from facebook) uses externally-hosted HTTP-only content, which Facebook will detect and warn you about. -- Ben On 9/30/2011 5:05 AM, William Allen Simpson wrote: In accord with the recent thread, "facebook spying on us?" We should also worry about other spying on us. Without some sort of rudimentary security, all that personally identifiable information is exposed on our ISP networks, over WiFi, etc. Facebook claims to be able to run over TLS connections. Not so much (see attached picture). This wasn't an "app", this is the simple default content of a page accessed after a Google search. https://www.facebook.com/ceelogreen
Facebook insecure by design
In accord with the recent thread, "facebook spying on us?" We should also worry about other spying on us. Without some sort of rudimentary security, all that personally identifiable information is exposed on our ISP networks, over WiFi, etc. Facebook claims to be able to run over TLS connections. Not so much (see attached picture). This wasn't an "app", this is the simple default content of a page accessed after a Google search. https://www.facebook.com/ceelogreen <>