[Owasp-Malaysia] Facebook Password Decryptor - Does It's Possible?
Mohd Hidzuan Zainul Hashim
hidzuan at gmail.com
Fri Mar 4 23:22:55 EST 2011
Sent from GreenBerry® Smartphone
From: "najmi.zabidi at gmail.com" <najmi.zabidi at gmail.com>
Sender: owasp-malaysia-bounces at lists.owasp.org
Date: Fri, 4 Mar 2011 11:52:01
To: Open Web Application Security Project (OWASP) Malaysia Local Chapter<owasp-malaysia at lists.owasp.org>
Reply-To: "Open Web Application Security Project \(OWASP\) Malaysia Local
Chapter" <owasp-malaysia at lists.owasp.org>
Subject: Re: [Owasp-Malaysia] Facebook Password Decryptor - Does It's Possi
Is Facebook part of New World Order?
On Fri, Mar 4, 2011 at 11:44 AM, Abdulla Al-Attas
<alattas.abdulla at gmail.com> wrote:
> I would like to add few things to the Facebook topic
> last week IMPACT hosted a conference called POLCYB for the POLCYB
> organization and the last theme panel was related to social networking. The
> POLCYB commite invited one of the security people from Facebook. From
> his talk he was trying to make the people to ask him (knowing most of them
> are government and high level people) and he was trying to potray that
> Facebook is doing its best to protect people privacy and other matters
> related to Child Online Protection.
> I just couldn't accept what he is saying so I asked him two questions:
> 1- from coporate responsibility, from Facebook response to cases and from
> data protection. could you tell me why Facebook took too long to implement
> SSL as layer of protection especially when FireSheep came out. while other
> companies like google implemented in a very fast manner.
> 2- can you explain to me how people data is private. when I can access it
> easily and the privacy setting keep changing sometimes to its worst?
> his response was
> that facebook didn't take too long to apply SSL and they did it in January
> (side note: FYI FireSheep was out lets say Novemeber that means it took them
> 2 months) and maybe if we are late because of the applications we have. and
> SSL is not really that secure (at least its another layer of protection)
> in terms of privacy we are trying to balance for people preference.
> so I asked again
> you are talking about application so you are saying that google and
> microsoft don't have any application and they just roll out SSL? (He didn't
> answer this question)
> and we are talking about privacy especially related to Children do you
> really think it is safe and how does people know what is the best
> preference, when your default settings is share to all.
> his response was
> parents should educate them and inform them and monitor them. (how many
> parents now about privacy issues, some of them they only know how to go to
> news and emails.. they have no idea about social networking and what other
> people might do with information on the net)
> how about our friends who are working in offices and what kinda information
> they share..
> so, basically as David said: "Protecting your Facebook password is a lot
> like trying to be modest when you're already naked"
> this facebook decryptor won't protect you from Phishing or keylogger :-)
> another thing is very ironic when people came face to face and ask about you
> and some of the questions you might make you say non of your business
> (indicating privacy) while people actually share everything in facebook or
> On Fri, Mar 4, 2011 at 9:52 AM, David Fetter <david at fetter.org> wrote:
>> Protecting your Facebook password is a lot like trying to be modest
>> when you're already naked.
>> It's *really* important to understand that Facebook is not your
>> friend. It's a multinational conglomerate that models you as a cheap
>> source of information it can sell to others. Its business model has
>> been this from the very beginning, and is less likely to change
>> significantly from it than Malaysia is to become a strictly Christian
>> If people don't like this reality, it's on them to build and maintain
>> social networking systems which are not based on this kind of
>> Here are a few :)
>> On Fri, Mar 04, 2011 at 09:48:37AM +0800, Hazrul Hamzah wrote:
>> > Hi Dave,
>> > Even though ur comment is kinda hard and might hit the nerve to most of
>> > us here, I do agree with u 100 percent.
>> > We hv to look the purpose of fb and might read the toc/tos or
>> > disclaimer. Anyway one of the main revenue for them perhaps come from adv
>> > and of course there are ppl who take advantage/profit from it.
>> > Owasp-Malaysia mailing list
>> > Owasp-Malaysia at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>> > OWASP Malaysia Wiki
>> > http://www.owasp.my
>> > OWASP Malaysia Facebook
>> > http://www.facebook.com/OWASP.Malaysia
>> > OWASP Malaysia Twitter #owaspmy
>> > http://www.twitter.com/owaspmy
>> David Fetter <david at fetter.org> http://fetter.org/
>> Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
>> Skype: davidfetter XMPP: david.fetter at gmail.com
>> iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
>> Remember to vote!
>> Consider donating to Postgres: http://www.postgresql.org/about/donate
>> Owasp-Malaysia mailing list
>> Owasp-Malaysia at lists.owasp.org
>> OWASP Malaysia Wiki
>> OWASP Malaysia Facebook
>> OWASP Malaysia Twitter #owaspmy
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> OWASP Malaysia Wiki
> OWASP Malaysia Facebook
> OWASP Malaysia Twitter #owaspmy
Owasp-Malaysia mailing list
Owasp-Malaysia at lists.owasp.org
OWASP Malaysia Wiki
OWASP Malaysia Facebook
OWASP Malaysia Twitter #owaspmy
More information about the Owasp-Malaysia