[Owasp-Malaysia] Facebook Password Decryptor - Does It's Possible?

Mohd Hidzuan Zainul Hashim hidzuan at gmail.com
Fri Mar 4 23:22:55 EST 2011


Agreed. 


Regards,
e1

Sent from GreenBerry® Smartphone

-----Original Message-----
From: "najmi.zabidi at gmail.com" <najmi.zabidi at gmail.com>
Sender: owasp-malaysia-bounces at lists.owasp.org
Date: Fri, 4 Mar 2011 11:52:01 
To: Open Web Application Security Project (OWASP) Malaysia Local Chapter<owasp-malaysia at lists.owasp.org>
Reply-To: "Open Web Application Security Project \(OWASP\) Malaysia Local
	Chapter" <owasp-malaysia at lists.owasp.org>
Subject: Re: [Owasp-Malaysia] Facebook Password Decryptor - Does It's Possi
	ble?

Is Facebook part of New World Order?

heh



On Fri, Mar 4, 2011 at 11:44 AM, Abdulla Al-Attas
<alattas.abdulla at gmail.com> wrote:
> I would like to add few things to the Facebook topic
>
> last week IMPACT hosted a conference called POLCYB for the POLCYB
> organization and the last theme panel was related to social networking. The
> POLCYB commite invited one of the security people from Facebook. From
> his talk he was trying to make the people to ask him (knowing most of them
> are government and high level people) and he was trying to potray that
> Facebook is doing its best to protect people privacy and other matters
> related to Child Online Protection.
>
> I just couldn't accept what he is saying so I asked him two questions:
> 1- from coporate responsibility, from Facebook response to cases and from
> data protection. could you tell me why Facebook took too long to implement
> SSL as layer of protection especially when FireSheep came out. while other
> companies like google implemented in a very fast manner.
> 2- can you explain to me how people data is private. when I can access it
> easily and the privacy setting keep changing sometimes to its worst?
>
>
> his response was
> that facebook didn't take too long to apply SSL and they did it in January
> (side note: FYI FireSheep was out lets say Novemeber that means it took them
> 2 months) and maybe if we are late because of the applications we have. and
> SSL is not really that secure (at least its another layer of protection)
>
> in terms of privacy we are trying to balance for people preference.
>
>
> so I asked again
> you are talking about application so you are saying that google and
> microsoft don't have any application and they just roll out SSL?  (He didn't
> answer this question)
>
> and we are talking about privacy  especially related to Children do you
> really think it is safe and how does people know what is the best
> preference, when your default settings is share to all.
>
>
> his response was
> parents should educate them and inform them and monitor them.  (how many
> parents now about privacy issues, some of them they only know how to go to
> news and emails.. they have no idea about social networking and what other
> people might  do with information on the net)
> how about our friends who are working in offices and what kinda information
> they share..
>
>
> so, basically as David said: "Protecting your Facebook password is a lot
> like trying to be modest when you're already naked"
> this facebook decryptor won't protect you from Phishing or keylogger :-)
>
> another thing is very ironic when people came face to face and ask about you
> and some of the questions you might make you say non of your business
> (indicating privacy) while people actually share everything in facebook or
> twitter
>
>
>
>
> On Fri, Mar 4, 2011 at 9:52 AM, David Fetter <david at fetter.org> wrote:
>>
>> Protecting your Facebook password is a lot like trying to be modest
>> when you're already naked.
>>
>> It's *really* important to understand that Facebook is not your
>> friend.  It's a multinational conglomerate that models you as a cheap
>> source of information it can sell to others.  Its business model has
>> been this from the very beginning, and is less likely to change
>> significantly from it than Malaysia is to become a strictly Christian
>> country.
>>
>> If people don't like this reality, it's on them to build and maintain
>> social networking systems which are not based on this kind of
>> exploitation.
>>
>> Here are a few :)
>>
>> http://techcrunch.com/2010/11/25/onesocialweb-appleseed-elgg-insoshi/
>>
>> Cheers,
>> David.
>> On Fri, Mar 04, 2011 at 09:48:37AM +0800, Hazrul Hamzah wrote:
>> > Hi Dave,
>> >
>> > Even though ur comment is kinda hard and might hit the nerve to most of
>> > us here, I do agree with u 100 percent.
>> > We hv to look the purpose of fb and might read the toc/tos or
>> > disclaimer. Anyway one of the main revenue for them perhaps come from adv
>> > and of course there are ppl who take advantage/profit from it.
>> >
>> >_______________________________________________
>> > Owasp-Malaysia mailing list
>> > Owasp-Malaysia at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>> >
>> > OWASP Malaysia Wiki
>> > http://www.owasp.my
>> >
>> > OWASP Malaysia Facebook
>> > http://www.facebook.com/OWASP.Malaysia
>> >
>> > OWASP Malaysia Twitter #owaspmy
>> > http://www.twitter.com/owaspmy
>>
>> --
>> David Fetter <david at fetter.org> http://fetter.org/
>> Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
>> Skype: davidfetter      XMPP: david.fetter at gmail.com
>> iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
>>
>> Remember to vote!
>> Consider donating to Postgres: http://www.postgresql.org/about/donate
>>_______________________________________________
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>>
>> OWASP Malaysia Wiki
>> http://www.owasp.my
>>
>> OWASP Malaysia Facebook
>> http://www.facebook.com/OWASP.Malaysia
>>
>> OWASP Malaysia Twitter #owaspmy
>> http://www.twitter.com/owaspmy
>
>
>_______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.my
>
> OWASP Malaysia Facebook
> http://www.facebook.com/OWASP.Malaysia
>
> OWASP Malaysia Twitter #owaspmy
> http://www.twitter.com/owaspmy
>
_______________________________________________
Owasp-Malaysia mailing list
Owasp-Malaysia at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-malaysia

OWASP Malaysia Wiki
http://www.owasp.my

OWASP Malaysia Facebook
http://www.facebook.com/OWASP.Malaysia

OWASP Malaysia Twitter #owaspmy
http://www.twitter.com/owaspmy


More information about the Owasp-Malaysia mailing list