Go Back   Two Wheel Fix > General > News Desk

Reply
 
Thread Tools Display Modes
Old 01-18-2010, 03:21 AM   #1
Avatard
Crotch Rocket Curmudgeon
 
Avatard's Avatar
 
Join Date: Nov 2008
Location: Here to integrity
Moto: Li'l red baby Ninja
Posts: 7,482
Default Yep, Facebook blows.

But it blows really fucking hard when you add AT&T...

URL: http://www.msnbc.msn.com/id/34885006...ence-security/

Network flaw causes scary Web error
‘Misdirected cookie’ lands Ga. family on strangers' Facebook accounts
By Jordan Robertson
The Associated Press
updated 6:29 p.m. ET, Fri., Jan. 15, 2010

SAN FRANCISCO - A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information.

The glitch — the result of a routing problem at the family's wireless carrier, AT&T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.

In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn't appear the users could have done anything to stop it. The problem adds a dimension to researchers' warnings that there are many ways online information — from mundane data to dark secrets — can go awry.

Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It's not clear whether such episodes are rare or simply not reported. But experts said such flaws could occur on e-mail services, for instance, and that something similar could happen on a PC, not just a phone.

"The fact that it did happen is proof that it could potentially happen again and with something a lot more important than Facebook," said Nathan Hamiel, founder of the Hexagon Security Group, a research organization.

Candace Sawyer, 26, says she immediately suspected something was wrong when she tried to visit her Facebook page Saturday morning.

After typing Facebook.com into her Nokia smart phone, she was taken into the site without being asked for her user name or password. She was in an account that didn't look like hers. She had fewer friend requests than she remembered. Then she found a picture of the page's owner.

"He's white — I'm not," she said with a laugh.

Sawyer logged off and asked her sister, Mari, 31, her partner in a dessert catering company, and their mother, Fran, 57, to see whether they had the same problem on their phones.

Mari landed inside another woman's page.

Fran's phone — which had never been used to access Facebook before — took her inside yet another stranger's page, one belonging to a young woman from Indiana. They sent an e-mail to one of their own accounts to prove it.

They were dumbfounded.

"I thought it was the phone — `Maybe this phone is just weird and does magical, horrible things and I have to get rid of it,'" said Candace Sawyer.

The women, who live together in East Point, Ga., outside Atlanta, had recently upgraded to the same model of phone and all used the same carrier, AT&T.

Sawyer contacted The Associated Press after reporting the problem to Facebook and AT&T.

The problem wasn't in the phones. It was a flaw in the infrastructure connecting the phones to the Internet.

That illuminates a grave problem.

Generally Web sites and computers are compromised from within. A hacker can get a Web page or computers to run programming code that they shouldn't. But in this case, it was a security gap between the phone and the Web site that exposed strangers' Facebook pages to the Sawyers. Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers' phones to Facebook and back.

Fortunately, Hamiel said, the vulnerability would be of limited use to a hacker interested in pulling off widespread mayhem, because this hole would let him access only one account at a time. To do more damage the criminal would have to pull off the unlikely feat of gaining full control of the piece of equipment that routes Internet traffic to individual users.

AT&T spokesman Michael Coe said its wireless customers have landed in the wrong Facebook pages in "a limited number of instances" and that a network problem behind those episodes is being fixed.

The Sawyers experienced a different glitch. Coe said an investigation points to a "misdirected cookie." A cookie is a file some Web sites place on computers to store identifying information — including the user name that Facebook members would enter to access their pages. Coe said technicians couldn't figure out how the cookie had been routed to the wrong phone, leading it into the wrong Facebook account.

He also said AT&T could confirm only that the problem occurred on one of the Sawyers' phones, possibly because they had logged off Facebook on the other two before reporting the incident.

Facebook declined to comment and referred questions to AT&T.

Some Web sites would be immune from this kind of mix-up, particularly those that use encryption. A Web browser would have trouble deciphering the encryption on a page that a computer user didn't actually seek, said Chris Wysopal, co-founder of Veracode Inc., a security company.

Sensitive sites and those used for banking and e-commerce generally use encryption. But most other sites, including some Web-based e-mail services, don't use it. One way of checking: The Web addresses of encrypted sites begin with "https" rather than "http." Facebook uses encryption when user names and passwords are entered, to cloak the sign-on from snoops, but after the credentials are entered the encryption is dropped.

It's unclear how many people were affected by the problem the Sawyers discovered, and whether it was limited to Facebook.

The reason all three women experienced the glitch is a function of the way cellular networks are designed. In some cases, all the mobile Internet traffic for a particular area is routed through the same piece of networking equipment. If that piece of equipment is misbehaving or set up incorrectly, strange things happen when computers down the line receive the data.

Usually that means a Web site simply won't load, said Alberto Solino, director of security consulting services for Core Security Technologies. In the Sawyers' case, "somehow they got the wrong user but they could keep using that account for a long period of time. That's what's strange," he said.

The AP tried to contact two of the people whose Facebook pages were exposed to the Sawyers, but the calls and e-mails were not returned. It's unclear whether they are also AT&T customers, though security experts said that's likely the case.

Indeed, it was the case in a similar incident in November.

Stephen Simburg, 25, who works in marketing, was home for Thanksgiving in Vancouver, Wash., when he logged onto Facebook from his cell phone. He didn't recognize the people who had written him messages.

"I thought I had gotten really popular all of a sudden, or something was wrong," he said. Then he saw the picture of the account owner: A young woman.

He got her e-mail address from the site, logged off and wrote the woman a message. He asked whether he had met her at some point and she had borrowed his phone to check her Facebook account.

"No," she wrote back, "but I was just telling my family that I ended up in your profile!"

Simburg and the woman figured out they were both using AT&T to access Facebook on their phones. (AT&T had no comment because the incident wasn't reported to the company.)

"I felt like I had been let down by the phone company and by Facebook," he said.

He says he has put the incident behind him. But one piece of it remains: He and the young woman are now Facebook friends.
__________________
Insert free thought here.
Avatard is offline   Reply With Quote
Old 01-18-2010, 11:36 AM   #2
fatbuckRTO
This is not the sig line.
 
fatbuckRTO's Avatar
 
Join Date: Dec 2008
Moto: Be prepared. What? Oh, *moto*...
Posts: 1,279
Default

Meh. It's free, of course it blows.
__________________
This was no time for half measures. He was a captain, godsdammit. An officer.
Things like this didn't present a problem for an officer. Officers had a tried and
tested way of solving problems like this. It was called a sergeant.

-Terry Pratchett, Guards! Guards!
fatbuckRTO is offline   Reply With Quote
Old 01-18-2010, 01:52 PM   #3
Homeslice
Elitist
 
Homeslice's Avatar
 
Join Date: Nov 2008
Location: SF Bay Area
Moto: Gix 750
Posts: 11,351
Default

Maybe don't use a phone to check your FB? It's not like the world is going to end if you don't check it till you get home.
Homeslice is offline   Reply With Quote
Old 01-18-2010, 09:15 PM   #4
Rangerscott
Viff6N Mutated Warrior
 
Rangerscott's Avatar
 
Join Date: Mar 2009
Location: Texas
Moto: '01 Honda VFR 800 & '09 ER-6N
Posts: 8,704
Default

Quote:
Originally Posted by Homeslice View Post
Maybe don't use a phone to check your FB? It's not like the world is going to end if you don't check it till you get home.
Yes it will. YES IT WILL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Rangerscott is offline   Reply With Quote
Old 01-18-2010, 10:15 PM   #5
Avatard
Crotch Rocket Curmudgeon
 
Avatard's Avatar
 
Join Date: Nov 2008
Location: Here to integrity
Moto: Li'l red baby Ninja
Posts: 7,482
Default

I see nothing interesting or redeeming about Facebook (since I have no interest in having a fucking farm, real or fake), and its security appears to only completely and utterly fucking suck ass.

Add to that the stupidity of doing that shit by phone, to doing it by phone on motherfucking AT&T, and then the true and total picture of suck really emerges.

I still don't understand the herd-like migration away from MySpace to Facebook, but then again, I don't typically understand herd-like behavior.

...And Twitter just sounds too fucking gay. I really don't care what it is.
__________________
Insert free thought here.

Last edited by Avatard; 01-18-2010 at 10:18 PM..
Avatard is offline   Reply With Quote
Old 01-19-2010, 01:53 AM   #6
Homeslice
Elitist
 
Homeslice's Avatar
 
Join Date: Nov 2008
Location: SF Bay Area
Moto: Gix 750
Posts: 11,351
Default

Quote:
Originally Posted by Avatard View Post

I still don't understand the herd-like migration away from MySpace to Facebook, but then again, I don't typically understand herd-like behavior.
.
Myspace became the ghetto of the interwebz......everyone was either being a total slut or promoting some band they were in (or groupies of). Also, everyone was competing with each other to have the most animations & videos running on thier page. Shit got annoying.
Homeslice is offline   Reply With Quote
Old 01-18-2010, 10:55 PM   #7
Rangerscott
Viff6N Mutated Warrior
 
Rangerscott's Avatar
 
Join Date: Mar 2009
Location: Texas
Moto: '01 Honda VFR 800 & '09 ER-6N
Posts: 8,704
Default

You dont like to twatter?
Rangerscott is offline   Reply With Quote
Old 01-19-2010, 02:00 AM   #8
Rangerscott
Viff6N Mutated Warrior
 
Rangerscott's Avatar
 
Join Date: Mar 2009
Location: Texas
Moto: '01 Honda VFR 800 & '09 ER-6N
Posts: 8,704
Default

What does a person's face book home page look like?
Rangerscott is offline   Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:20 AM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.