Re: facebook 'routing flaw'?
I logged out of the mobile interface on my AT&T cell phone. "Just in case=
"
What is also frightening / interesting is that facebook seems to link=20
the two sessions so that when I logged out of the phone based session to =
m.facebook.com, I was also logged out of my web based session as well.
Even more interesting is that trying to login to facebook on two=20
separate browser sessions won't work. I.e. if I login to facebook on one =
computer, and then login again on another computer, or on the same=20
computer in a different browser (i.e. firefox for one session and i.e.=20
for another), then the first session is dropped, which is good.
However, having a web browser based session, and a phone browser based=20
session, doesn't seem to matter to facebook and I can have both open at=20
the same time. There seems to be some potential to exploit there.
-Manny
(long time subscriber, but haven't posted since the late 90s)
On 1/16/2010 4:39 AM, Michael Scheidell wrote:
> AP Report says it was a 'routing problem'? any idea what they are
> talking about, do THEY know what they are talking about?
> Did AT&T mix up the destination ip addresses? did facebook NOT CHECK IP=
> ADDRESS AND COOKIES and disable the session when the ip changed?
>
> <http://www.foxnews.com/scitech/2010/01/16/network-flaw-causes-scary-we=
b-error/>
>
>
> SAN FRANCISCO =96 A Georgia mother and her two daughters logged onto
> Facebook from mobile phones last weekend and wound up in a startling
> place: strangers' accounts with full access to troves of private
> information.
>
> The glitch =97 the result of a routing problem at the family's wireless=
> carrier, AT&T =97 revealed a little known security flaw with far reachi=
ng
> implications for everyone on the Internet, not just Facebook users.
>
討論串 (同標題文章)