Simon Willison’s Weblog

Subscribe

Monday, 24th January 2011

The Inside Story of How Facebook Responded to Tunisian Hacks (via) “By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades.”—which is why you shouldn’t serve your login form over HTTP even though it POSTs over HTTPS.

# 6:06 pm / facebook, http, https, security, recovered, tunisia

National politics of snoopiness vs corporate ethic of not being evil aren’t directly compatible, and the solution here only works because (let’s face it) Tunisia is not a rising economic force. If you’re selling ads in China, you don’t get to pretend that the Great Firewall of China is a security issue.

Nat Torkington

# 6:11 pm / china, nat-torkington, security, recovered, tunisia

The code injected to steal passwords in Tunisia. Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP.

# 6:45 pm / javascript, security, recovered, tunisia

2011 » January

MTWTFSS
     12
3456789
10111213141516
17181920212223
24252627282930
31