Re: Following Data Leak, Facebook Proposes Encryption for UIDs

[Jeffrey Walton <noloader () gmail com>]

On Thu, Oct 21, 2010 at 8:39 PM, Robert Slade <rmslade () shaw ca> wrote:
> "In response to a discovery earlier this week that some Facebook applications were inadvertently sharing user 
> information to third parties, Facebook engineers are proposing that Facebook UIDs become encrypted."
>
> Oh, gee, some real genius must have thought of that!
>
> "Under the new proposal, the parameters that are passed back to iFrame-based applications will be encrypted using an 
> application’s secret key, meaning that only the actual application will be able to read the information and 
> accidental disclosures over HTTP headers will no longer be possible."
Hmmm... Like the oracle padding attacks? I'd like to hear more details
on the implementation.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.