[Owasp-Malaysia] Facebook Password Decryptor - Does It's Possi ble?

Abdulla Al-Attas alattas.abdulla at gmail.com
Thu Mar 3 22:44:02 EST 2011


I would like to add few things to the Facebook topic

last week IMPACT hosted a conference called POLCYB for the POLCYB
organization and the last theme panel was related to social networking. The
POLCYB commite invited one of the security people from Facebook. From
his talk he was trying to make the people to ask him (knowing most of them
are government and high level people) and he was trying to potray that
Facebook is doing its best to protect people privacy and other matters
related to Child Online Protection.

I just couldn't accept what he is saying so I asked him two questions:
1- from coporate responsibility, from Facebook response to cases and from
data protection. could you tell me why Facebook took too long to implement
SSL as layer of protection especially when FireSheep came out. while other
companies like google implemented in a very fast manner.
2- can you explain to me how people data is private. when I can access it
easily and the privacy setting keep changing sometimes to its worst?


his response was
that facebook didn't take too long to apply SSL and they did it in January
(side note: FYI FireSheep was out lets say Novemeber that means it took them
2 months) and maybe if we are late because of the applications we have. and
SSL is not really that secure (at least its another layer of protection)

in terms of privacy we are trying to balance for people preference.


so I asked again
you are talking about application so you are saying that google and
microsoft don't have any application and they just roll out SSL?  (He didn't
answer this question)

and we are talking about privacy  especially related to Children do you
really think it is safe and how does people know what is the best
preference, when your default settings is share to all.


his response was
parents should educate them and inform them and monitor them.  (how many
parents now about privacy issues, some of them they only know how to go to
news and emails.. they have no idea about social networking and what other
people might  do with information on the net)
how about our friends who are working in offices and what kinda information
they share..


so, basically as David said: "Protecting your Facebook password is a lot
like trying to be modest when you're already naked"
this facebook decryptor won't protect you from Phishing or keylogger :-)

another thing is very ironic when people came face to face and ask about you
and some of the questions you might make you say non of your business
(indicating privacy) while people actually share everything in facebook or
twitter




On Fri, Mar 4, 2011 at 9:52 AM, David Fetter <david at fetter.org> wrote:

> Protecting your Facebook password is a lot like trying to be modest
> when you're already naked.
>
> It's *really* important to understand that Facebook is not your
> friend.  It's a multinational conglomerate that models you as a cheap
> source of information it can sell to others.  Its business model has
> been this from the very beginning, and is less likely to change
> significantly from it than Malaysia is to become a strictly Christian
> country.
>
> If people don't like this reality, it's on them to build and maintain
> social networking systems which are not based on this kind of
> exploitation.
>
> Here are a few :)
>
> http://techcrunch.com/2010/11/25/onesocialweb-appleseed-elgg-insoshi/
>
> Cheers,
> David.
>  On Fri, Mar 04, 2011 at 09:48:37AM +0800, Hazrul Hamzah wrote:
> > Hi Dave,
> >
> > Even though ur comment is kinda hard and might hit the nerve to most of
> us here, I do agree with u 100 percent.
> > We hv to look the purpose of fb and might read the toc/tos or disclaimer.
> Anyway one of the main revenue for them perhaps come from adv and of course
> there are ppl who take advantage/profit from it.
> >
> > _______________________________________________
> > Owasp-Malaysia mailing list
> > Owasp-Malaysia at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >
> > OWASP Malaysia Wiki
> > http://www.owasp.my
> >
> > OWASP Malaysia Facebook
> > http://www.facebook.com/OWASP.Malaysia
> >
> > OWASP Malaysia Twitter #owaspmy
> > http://www.twitter.com/owaspmy
>
> --
> David Fetter <david at fetter.org> http://fetter.org/
> Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
> Skype: davidfetter      XMPP: david.fetter at gmail.com
> iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
>
> Remember to vote!
> Consider donating to Postgres: http://www.postgresql.org/about/donate
> _______________________________________________
>  Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.my
>
> OWASP Malaysia Facebook
> http://www.facebook.com/OWASP.Malaysia
>
> OWASP Malaysia Twitter #owaspmy
> http://www.twitter.com/owaspmy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110304/7a66ebe9/attachment.html 


More information about the Owasp-Malaysia mailing list