AP Exclusive: Network flaw causes scary Web error

veritas_libertas

Another reason for Facebook to move to HTTPS.

AP Exclusive: Network flaw causes scary Web error

dynamik

AP wrote:

In each case, the Internet lost track of who was who, putting the women into the wrong accounts.

Stupid Internet. I can't believe it did that

Seriously though, I want to know the technical details behind this. How the hell is AT&T "misdirecting" cookies? Oh wait, they said AT&T. I guess that's sufficient...

veritas_libertas

dynamik wrote: »

Stupid Internet. I can't believe it did that

Seriously though, I want to know the technical details behind this. How the hell is AT&T "misdirecting" cookies? Oh wait, they said AT&T. I guess that's sufficient...

I would as well.

Amusing quote, somehow I missed that

L0gicB0mb508

I would love to see how this works. How is that really even possible?

JDMurray

L0gicB0mb508 wrote: »

I would love to see how this works. How is that really even possible?

If AT&T is saying that it's their problem and not Facebook's, I'd suspect AT&T is using a Web cache to store session and authentication credentials, in addition to Web page information, for Facebook. There'd be an occasional screw-up with matching the AT&T mobile credentials with the correct cached pages, and this can apparently put you into someone else's already authenticated session. This is a feature AT&T can deactivate on their side, but there might be an unacceptable drop in performance for AT&T customers accessing Facebook if they did so.

dynamik

L0gicB0mb508 wrote: »

I would love to see how this works. How is that really even possible?

This video shows the same concept (but with XSS): http://www.phreaknic.info/Videos/PN13/Brian_Wilson_&_Ryan%20Linn_-_Its_9AM_do_you_know_where_your_hashes_are_(PN13).avi

L0gicB0mb508

Learn something new every day Thanks guys!