Options

AP Exclusive: Network flaw causes scary Web error

veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
Another reason for Facebook to move to HTTPS.

AP Exclusive: Network flaw causes scary Web error

Comments

  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    AP wrote:
    In each case, the Internet lost track of who was who, putting the women into the wrong accounts.

    Stupid Internet. I can't believe it did that icon_lol.gif

    Seriously though, I want to know the technical details behind this. How the hell is AT&T "misdirecting" cookies? Oh wait, they said AT&T. I guess that's sufficient...
  • Options
    veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    dynamik wrote: »
    Stupid Internet. I can't believe it did that icon_lol.gif

    Seriously though, I want to know the technical details behind this. How the hell is AT&T "misdirecting" cookies? Oh wait, they said AT&T. I guess that's sufficient...

    I would as well.

    Amusing quote, somehow I missed that icon_wink.gif
  • Options
    L0gicB0mb508L0gicB0mb508 Member Posts: 538
    I would love to see how this works. How is that really even possible?
    I bring nothing useful to the table...
  • Options
    JDMurrayJDMurray Admin Posts: 13,056 Admin
    I would love to see how this works. How is that really even possible?
    If AT&T is saying that it's their problem and not Facebook's, I'd suspect AT&T is using a Web cache to store session and authentication credentials, in addition to Web page information, for Facebook. There'd be an occasional screw-up with matching the AT&T mobile credentials with the correct cached pages, and this can apparently put you into someone else's already authenticated session. This is a feature AT&T can deactivate on their side, but there might be an unacceptable drop in performance for AT&T customers accessing Facebook if they did so.
  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    I would love to see how this works. How is that really even possible?

    This video shows the same concept (but with XSS): http://www.phreaknic.info/Videos/PN13/Brian_Wilson_&_Ryan%20Linn_-_Its_9AM_do_you_know_where_your_hashes_are_(PN13).avi
  • Options
    L0gicB0mb508L0gicB0mb508 Member Posts: 538
    Learn something new every day :) Thanks guys!
    I bring nothing useful to the table...
Sign In or Register to comment.