On Thu, Oct 21, 2010 at 8:39 PM, Robert Slade <[email protected]> wrote: > "In response to a discovery earlier this week that some Facebook applications > were inadvertently sharing user information to third parties, Facebook > engineers are proposing that Facebook UIDs become encrypted." > > Oh, gee, some real genius must have thought of that! > > "Under the new proposal, the parameters that are passed back to iFrame-based > applications will be encrypted using an application’s secret key, meaning > that only the actual application will be able to read the information and > accidental disclosures over HTTP headers will no longer be possible." > Hmmm... Like the oracle padding attacks? I'd like to hear more details on the implementation.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
