I wrote:

>For those who don't want to read the whole thing, the solution was "duuhh, we
>turned on thuh SSL" - they were using plain HTTP for logon.  Sigh.

Looks like they now made HTTPS for login permanent:

http://digitizor.com/2011/01/26/facebook-social-login-https/

Funny how so many of these obvious, straightforward security measures only get 
turned on after an embarassingly public hack...

Peter.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to