Agreed.
Regards, e1 Sent from GreenBerry® Smartphone -----Original Message----- From: "[email protected]" <[email protected]> Sender: [email protected] Date: Fri, 4 Mar 2011 11:52:01 To: Open Web Application Security Project (OWASP) Malaysia Local Chapter<[email protected]> Reply-To: "Open Web Application Security Project \(OWASP\) Malaysia Local Chapter" <[email protected]> Subject: Re: [Owasp-Malaysia] Facebook Password Decryptor - Does It's Possi ble? Is Facebook part of New World Order? heh On Fri, Mar 4, 2011 at 11:44 AM, Abdulla Al-Attas <[email protected]> wrote: > I would like to add few things to the Facebook topic > > last week IMPACT hosted a conference called POLCYB for the POLCYB > organization and the last theme panel was related to social networking. The > POLCYB commite invited one of the security people from Facebook. From > his talk he was trying to make the people to ask him (knowing most of them > are government and high level people) and he was trying to potray that > Facebook is doing its best to protect people privacy and other matters > related to Child Online Protection. > > I just couldn't accept what he is saying so I asked him two questions: > 1- from coporate responsibility, from Facebook response to cases and from > data protection. could you tell me why Facebook took too long to implement > SSL as layer of protection especially when FireSheep came out. while other > companies like google implemented in a very fast manner. > 2- can you explain to me how people data is private. when I can access it > easily and the privacy setting keep changing sometimes to its worst? > > > his response was > that facebook didn't take too long to apply SSL and they did it in January > (side note: FYI FireSheep was out lets say Novemeber that means it took them > 2 months) and maybe if we are late because of the applications we have. and > SSL is not really that secure (at least its another layer of protection) > > in terms of privacy we are trying to balance for people preference. > > > so I asked again > you are talking about application so you are saying that google and > microsoft don't have any application and they just roll out SSL? (He didn't > answer this question) > > and we are talking about privacy especially related to Children do you > really think it is safe and how does people know what is the best > preference, when your default settings is share to all. > > > his response was > parents should educate them and inform them and monitor them. (how many > parents now about privacy issues, some of them they only know how to go to > news and emails.. they have no idea about social networking and what other > people might do with information on the net) > how about our friends who are working in offices and what kinda information > they share.. > > > so, basically as David said: "Protecting your Facebook password is a lot > like trying to be modest when you're already naked" > this facebook decryptor won't protect you from Phishing or keylogger :-) > > another thing is very ironic when people came face to face and ask about you > and some of the questions you might make you say non of your business > (indicating privacy) while people actually share everything in facebook or > twitter > > > > > On Fri, Mar 4, 2011 at 9:52 AM, David Fetter <[email protected]> wrote: >> >> Protecting your Facebook password is a lot like trying to be modest >> when you're already naked. >> >> It's *really* important to understand that Facebook is not your >> friend. It's a multinational conglomerate that models you as a cheap >> source of information it can sell to others. Its business model has >> been this from the very beginning, and is less likely to change >> significantly from it than Malaysia is to become a strictly Christian >> country. >> >> If people don't like this reality, it's on them to build and maintain >> social networking systems which are not based on this kind of >> exploitation. >> >> Here are a few :) >> >> http://techcrunch.com/2010/11/25/onesocialweb-appleseed-elgg-insoshi/ >> >> Cheers, >> David. >> On Fri, Mar 04, 2011 at 09:48:37AM +0800, Hazrul Hamzah wrote: >> > Hi Dave, >> > >> > Even though ur comment is kinda hard and might hit the nerve to most of >> > us here, I do agree with u 100 percent. >> > We hv to look the purpose of fb and might read the toc/tos or >> > disclaimer. Anyway one of the main revenue for them perhaps come from adv >> > and of course there are ppl who take advantage/profit from it. >> > >> >_______________________________________________ >> > Owasp-Malaysia mailing list >> > [email protected] >> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> > >> > OWASP Malaysia Wiki >> > http://www.owasp.my >> > >> > OWASP Malaysia Facebook >> > http://www.facebook.com/OWASP.Malaysia >> > >> > OWASP Malaysia Twitter #owaspmy >> > http://www.twitter.com/owaspmy >> >> -- >> David Fetter <[email protected]> http://fetter.org/ >> Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter >> Skype: davidfetter XMPP: [email protected] >> iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics >> >> Remember to vote! >> Consider donating to Postgres: http://www.postgresql.org/about/donate >>_______________________________________________ >> Owasp-Malaysia mailing list >> [email protected] >> https://lists.owasp.org/mailman/listinfo/owasp-malaysia >> >> OWASP Malaysia Wiki >> http://www.owasp.my >> >> OWASP Malaysia Facebook >> http://www.facebook.com/OWASP.Malaysia >> >> OWASP Malaysia Twitter #owaspmy >> http://www.twitter.com/owaspmy > > >_______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.my > > OWASP Malaysia Facebook > http://www.facebook.com/OWASP.Malaysia > > OWASP Malaysia Twitter #owaspmy > http://www.twitter.com/owaspmy > _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.my OWASP Malaysia Facebook http://www.facebook.com/OWASP.Malaysia OWASP Malaysia Twitter #owaspmy http://www.twitter.com/owaspmy _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.my OWASP Malaysia Facebook http://www.facebook.com/OWASP.Malaysia OWASP Malaysia Twitter #owaspmy http://www.twitter.com/owaspmy
