It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
AP Exclusive: Network flaw causes scary Web error
page: 18
share:
AP Exclusive: Network flaw causes scary Web error
hosted.ap.org...
(visit the link for the full news article)
By JORDAN ROBERTSON
AP Technology Writer
SAN FRANCISCO (AP) -- A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information.
The glitch - the result of a routing problem at the family's wireless carrier, AT&T - revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.
[edit on 15/1/10 by ProtoplasmicTraveler]
Now this is just a very interesting story indeed. Two women in Georgia attempting to sign into their Face Book accounts using three brand new Nokia
cellular phones using AT & T were logged in and taken directly into other Face Book user’s accounts without using that users account name or
password.
Evidently AT & T claims it was because their servers routed the wrong cookies to their phones that contained other Face Book user’s account names and passwords that then automatically signed them into those accounts simply by trying to access Face Book itself.
AT & T has admitted to the error after confronted with the evidence by the Associated Press with the evidence that this was actually occurring and occurring more than once.
It begs the question is how safe are the cookies being stored on servers that have our account user names and passwords?
hosted.ap.org
(visit the link for the full news article)
Mod Edit - To Fix Link.
[edit on Fri, 15 Jan 2010 20:53:55 -0600 by MemoryShock]
Evidently AT & T claims it was because their servers routed the wrong cookies to their phones that contained other Face Book user’s account names and passwords that then automatically signed them into those accounts simply by trying to access Face Book itself.
AT & T has admitted to the error after confronted with the evidence by the Associated Press with the evidence that this was actually occurring and occurring more than once.
It begs the question is how safe are the cookies being stored on servers that have our account user names and passwords?
hosted.ap.org
(visit the link for the full news article)
Mod Edit - To Fix Link.
[edit on Fri, 15 Jan 2010 20:53:55 -0600 by MemoryShock]
In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn't appear the users could have done anything to stop it. The problem adds a dimension to researchers' warnings that there are many ways online information - from mundane data to dark secrets - can go awry.
You can say that again. AT & T is claiming this is not really a threat if hackers figure out how to do this as they would be only able to access one account at a time by utilizing this errant cookie method. That the most sensitive sites are encrypted anyway and that encryption would prevent a hacker using the errant cookie method of being able to access such secure encrypted sites.
I really wonder though.
Doesn't matter facebook sells your information to 3rd parties all day everyday if you got a account delete it myspace is more secure
Originally posted by OpTiMuS_PrImE
Doesn't matter facebook sells your information to 3rd parties all day everyday if you got a account delete it myspace is more secure
As someone past the age of 40 I believe that Congress should stop renaming Post Offices and Airports for dead politicians and wealthy contributors, or be trying to botch health care...instead they should pass a laws like...
No one older than 40 can have a Face Book or My Space Account.
Anyone older than 40 should be excempt from having to text message anyone ever!
And no one who used to be a Cheif U.N. Weapons Inspector should be allowed anywhere near the Internet or teenage girls!
Is that too much to ask for?
Thanks for posting.
The whole point of a cookie is not to be on a server, I have never before heard of such an idiotic thing.
That means that highly sensitive data such as usernames and passowords are stored on *some* 3rd party remote servers without knowledge of their owners.
I cannot even begin to fathom what other reason besides spying on people's accounts would there be.
Let me explain how a very BASIC identification process goes:
What the "remote cookie" did in this process is CAPTURE/STEAL user entered password via malicious ways and store it in a 2-way cryptogram, which means it can be UNENCRYPTED. The cryptogram is STORED on a ROGUE non-facebook server database - eg. someone's USB disc as far as you're concerned.
The company responsible for this act should face serious charges by Facebook and/or its users.
Personally: I think the reason behind this "error" could be made up to cover some greater evil.
That means that highly sensitive data such as usernames and passowords are stored on *some* 3rd party remote servers without knowledge of their owners.
I cannot even begin to fathom what other reason besides spying on people's accounts would there be.
Let me explain how a very BASIC identification process goes:
- Person chooses a password for his account
- Password is sent via a HTT secure protocol (HTTPS) to a facebook server
- Facebook server-side software encrypts the password via 1-way algorithm so that it can never be decrypted again
- Encrypted password or so called cryptogram is stored on facebook secured server database
- User attempts to login to his account by entering his password which is then sent over a secure HTTPS protocol all over again
- Facebook encrypts the attempted password and compares the generated cryptogram against one stored in the database
- If matching passes, facebook sends secure-sensitive data back (eg user profile). If it fails, facebook sends error data.
- Should user forget his password, since facebook cannot decrypt the cryptogram it generates a new one and sends the new password via email. It is
very recommended that user changes the password because if someone hacks the email account - he would know the new password.
What the "remote cookie" did in this process is CAPTURE/STEAL user entered password via malicious ways and store it in a 2-way cryptogram, which means it can be UNENCRYPTED. The cryptogram is STORED on a ROGUE non-facebook server database - eg. someone's USB disc as far as you're concerned.
The company responsible for this act should face serious charges by Facebook and/or its users.
Personally: I think the reason behind this "error" could be made up to cover some greater evil.
This is another hit piece on the Internet. Fear mongering in hopes the people themselves call for a "new, more secure Internet" (read a more easily
controllable, where no one has any privacy, Internet).
It's obvious the problem here isn't the Internet or even the infrastructure, unlike what the article claims. This was a problem with cookies, it had nothing to do with the Internet itself. This is a problem with either Facebook, AT&T or the phones.
More and more we've been hearing about the problems of the Internet, and how easy it is for hackers to take over the electric grid and other catastrophic scenarios, shaping the public's perception and opinion in hopes they willingly relinquish all the (few) privacy and freedom they currently still can enjoy.
It's obvious the problem here isn't the Internet or even the infrastructure, unlike what the article claims. This was a problem with cookies, it had nothing to do with the Internet itself. This is a problem with either Facebook, AT&T or the phones.
More and more we've been hearing about the problems of the Internet, and how easy it is for hackers to take over the electric grid and other catastrophic scenarios, shaping the public's perception and opinion in hopes they willingly relinquish all the (few) privacy and freedom they currently still can enjoy.
Wait... what???
Cookies can only be read by the web server(domain) issuing the cookie, what would AT&T do with someone else's cookie.
So wait.. here we are not talking about a server-side cookie but a completely different animal, we are talking about a parent ISP issuing a cookie? What the hell are they doing with cookies and what are they able to do with it?
hmmmmm.... I don't see how this is possible.
Something doesn't seem right here
Untrue, if the cookies are decryptable than a hacker could just write a script and automate the "only one account a time" and gain so many usernames and passwords within minutes, perhaps seconds depending on security issues.
DNS Spoofing anyone?
Cookies can only be read by the web server(domain) issuing the cookie, what would AT&T do with someone else's cookie.
So wait.. here we are not talking about a server-side cookie but a completely different animal, we are talking about a parent ISP issuing a cookie? What the hell are they doing with cookies and what are they able to do with it?
Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers' phones to Facebook and back.
hmmmmm.... I don't see how this is possible.
Something doesn't seem right here
Fortunately, Hamiel said, the vulnerability would be of limited use to a hacker interested in pulling off widespread mayhem, because this hole would let him access only one account at a time. To do more damage the criminal would have to pull off the unlikely feat of gaining full control of the piece of equipment that routes Internet traffic to individual users.
Untrue, if the cookies are decryptable than a hacker could just write a script and automate the "only one account a time" and gain so many usernames and passwords within minutes, perhaps seconds depending on security issues.
DNS Spoofing anyone?
they should ad the rule that you can only be elected 3 times .
Originally posted by ProtoplasmicTraveler
Originally posted by OpTiMuS_PrImE
Doesn't matter facebook sells your information to 3rd parties all day everyday if you got a account delete it myspace is more secure
As someone past the age of 40 I believe that Congress should stop renaming Post Offices and Airports for dead politicians and wealthy contributors, or be trying to botch health care...instead they should pass a laws like...
No one older than 40 can have a Face Book or My Space Account.
Anyone older than 40 should be excempt from having to text message anyone ever!
And no one who used to be a Cheif U.N. Weapons Inspector should be allowed anywhere near the Internet or teenage girls!
Is that too much to ask for?
Thanks for posting.
reply to post by SassyCat
I think you are correct there my friend. As you factually laid out the process and how it is supposed to work that explanation exposes what therefore must be a lie in AT & T’s description of how it happened.
Why AT & T is lying may be extremely important but it would seem regardless of that importance they are in fact lying about how these occurrences happened.
The women that this happened too were pretty smart to send emails to their real accounts from the secure accounts that they were rerouted too so it could be proven and to take it directly to the press.
Now the next question is why didn’t the press though consult with a independent technical expert to challenge AT & T’s lie?
Personally: I think the reason behind this "error" could be made up to cover some greater evil.
I think you are correct there my friend. As you factually laid out the process and how it is supposed to work that explanation exposes what therefore must be a lie in AT & T’s description of how it happened.
Why AT & T is lying may be extremely important but it would seem regardless of that importance they are in fact lying about how these occurrences happened.
The women that this happened too were pretty smart to send emails to their real accounts from the secure accounts that they were rerouted too so it could be proven and to take it directly to the press.
Now the next question is why didn’t the press though consult with a independent technical expert to challenge AT & T’s lie?
new topics
-
A Warning to America: 25 Ways the US is Being Destroyed
New World Order: 2 hours ago -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 8 hours ago -
Maestro Benedetto
Literature: 9 hours ago -
Is AI Better Than the Hollywood Elite?
Movies: 9 hours ago
top topics
-
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies: 8 hours ago, 27 flags -
Weinstein's conviction overturned
Mainstream News: 17 hours ago, 8 flags -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues: 14 hours ago, 8 flags -
Massachusetts Drag Queen Leads Young Kids in Free Palestine Chant
Social Issues and Civil Unrest: 16 hours ago, 7 flags -
Las Vegas UFO Spotting Teen Traumatized by Demon Creature in Backyard
Aliens and UFOs: 13 hours ago, 6 flags -
A Warning to America: 25 Ways the US is Being Destroyed
New World Order: 2 hours ago, 6 flags -
Meadows, Giuliani Among 11 Indicted in Arizona in Latest 2020 Election Subversion Case
Mainstream News: 16 hours ago, 5 flags -
2024 Pigeon Forge Rod Run - On the Strip (Video made for you)
Automotive Discussion: 13 hours ago, 4 flags -
Is AI Better Than the Hollywood Elite?
Movies: 9 hours ago, 3 flags -
The functionality of boldening and italics is clunky and no post char limit warning?
ATS Freshman's Forum: 15 hours ago, 1 flags
active topics
-
Weinstein's conviction overturned
Mainstream News • 24 • : burritocat -
Gaza Terrorists Attack US Humanitarian Pier During Construction
Middle East Issues • 32 • : FlyersFan -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 690 • : burritocat -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media • 266 • : SchrodingersRat -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 66 • : baablacksheep1 -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 50 • : F2d5thCavv2 -
Russia Ukraine Update Thread - part 3
World War Three • 5732 • : F2d5thCavv2 -
The Acronym Game .. Pt.3
General Chit Chat • 7751 • : F2d5thCavv2 -
Salvador Dali's Moustaches
People • 28 • : zosimov -
Is AI Better Than the Hollywood Elite?
Movies • 17 • : ThePsycheaux
8