In accord with the recent thread, "facebook spying on us?"
We should also worry about other spying on us. Without
some sort of rudimentary security, all that personally
identifiable information is exposed on our ISP networks,
over WiFi, etc.
Facebook claims to be able to run over TLS connection
Actually, the reason for what happened in your example is that Cee Lo's
page has what is **technically** an app (called I Want You, as seen in
the sidebar under his profile photo) set as the default screen for when
you view his page. The app (that does admittedly looks like it could be
an offic
William Allen Simpson wrote:
In accord with the recent thread, "facebook spying on us?"
We should also worry about other spying on us. Without
some sort of rudimentary security, all that personally
identifiable information is exposed on our ISP networks,
over WiFi, etc.
Facebook claims to be a
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
> I'm not sure why lack of TLS is considered to be problem with Facebook.
> The man in the middle is the other side of the connection, tls or otherwise.
That's where the X509 certificate comes in. A man in the middle
would not have the prop
On 10/2/11 12:36 PM, Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connection, tls or otherwise.
That's where the X509 certificate comes in. A ma
William Allen Simpson wrote:
On 10/2/11 12:36 PM, Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connection, tls or
otherwise.
That's where the X5
On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
> I'm not sure why lack of TLS is considered to be problem with Facebook.
> The man in the middle is the other side of the connection, tls or otherwise.
Ooh.. subtle. :)
pgpOeyIJAJoCA.pgp
Description: PGP signature
On Sun, Oct 2, 2011 at 4:53 PM, wrote:
> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>> The man in the middle is the other side of the connection, tls or otherwise.
> Ooh.. subtle. :)
Man in the Middle (MITM) i
On 10/2/11 15:25 , Jimmy Hess wrote:
> On Sun, Oct 2, 2011 at 4:53 PM, wrote:
>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>> The man in the middle is the other side of the connection, tls or otherwise.
>> O
On 10/2/11 15:43 , Joel jaeggli wrote:
> On 10/2/11 15:25 , Jimmy Hess wrote:
>> On Sun, Oct 2, 2011 at 4:53 PM, wrote:
>>> On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other s
On 02/10/2011 19:01, Michael Thomas wrote:
William Allen Simpson wrote:
On 10/2/11 12:36 PM, Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The man in the middle is the other side of the connectio
On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson <
william.allen.simp...@gmail.com> wrote:
> On 10/2/11 12:36 PM, Jimmy Hess wrote:
>
>> On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
>>
>>> I'm not sure why lack of TLS is considered to be problem with Facebook.
>>> The man in the mi
Jason Leschnik wrote:
On Mon, Oct 3, 2011 at 4:27 AM, William Allen Simpson <
william.allen.simp...@gmail.com> wrote:
On 10/2/11 12:36 PM, Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 10:38 AM, Michael Thomas wrote:
I'm not sure why lack of TLS is considered to be problem with Facebook.
The ma
Jimmy Hess"
Cc:
Sent: Sunday, October 02, 2011 4:05 PM
Subject: Re: Facebook insecure by design
On 10/2/11 15:43 , Joel jaeggli wrote:
On 10/2/11 15:25 , Jimmy Hess wrote:
On Sun, Oct 2, 2011 at 4:53 PM, wrote:
On Sun, 02 Oct 2011 08:38:36 PDT, Michael Thomas said:
I'm not sure why
edia. If you are
> worried about it being monetised, I think Google has already done that.
> - Original Message - From: "Joel jaeggli"
> To: "Jimmy Hess"
> Cc:
> Sent: Sunday, October 02, 2011 4:05 PM
> Subject: Re: Facebook insecure by design
>
>
&
e that.
> > - Original Message - From: "Joel jaeggli"
> > To: "Jimmy Hess"
> > Cc:
> > Sent: Sunday, October 02, 2011 4:05 PM
> > Subject: Re: Facebook insecure by design
> >
> >
> >
> > On 10/2/11 15:43 , Joel jaeggl
[hmmm this subject is not really ops now is it...]
On 2011-10-23 19:43 , steve pirk [egrep] wrote:
> Just about everything on Google pages is https these days, even search if
> you enable it.
(or just use https://encrypted.google.com which is available for quite
some time already)
> If anybody o
- Original Message -
> From: "Jeroen Massar"
> On 2011-10-23 19:43 , steve pirk [egrep] wrote:
> > Just about everything on Google pages is https these days, even
> > search if you enable it.
>
> (or just use https://encrypted.google.com which is available for quite
> some time already)
I follow Lauren on plus, and also on buzz, and we have discussed privacy
stuff a lot.
The way I look at it, unless you want to host everything yourself, you have
to choose "someone" to be your Unix like home directory in the cloud.
Of all the internet entities out there, Google has had the best t
That was a most excellent example Jay. I see what the issue is now.
This could be related to work Google did to plus shortly after launch. Buzz
and now Google+ are https only. Google cooked up a URL processer that took
clicks to external content like article links, and massaged the referrer be
rea
> Date: Sun, 23 Oct 2011 21:45:33 -0700
> Subject: Re: Facebook insecure by design
> Cc: nanog@nanog.org
>
> The way I look at it, unless you want to host everything yourself, you have
> to choose "someone" to be your Unix like home directory in the cloud.
Correct.
The real question is why the referrer field was not under user control
in the first place. Having to never click on a link, but rather to
cut and paste it into the address bar is not a satisfactory work-around.
Still, why has it not been put under user control, now that we have a better
appreciati
On Oct 24, 2011 7:55 AM, "Robert Bonomi" wrote:
>
>
> > You can even download it all and erase yourself
if
> > you want out.
>
> Don't count on it. You may 'disappear' from public view, but that does
> not necessarily mean the data is truely 'gone'. Specific example -- i
> From: "steve pirk [egrep]"
> Date: Wed, 26 Oct 2011 09:24:04 -0700
> Subject: Re: Facebook insecure by design
>
> On Oct 24, 2011 7:55 AM, "Robert Bonomi" wrote:
> >
> >
> > > You can even download it all and erase y
24 matches
Mail list logo
