AT&T Glitch Connects Users To Wrong Accounts

Posted by Soulskill on Saturday January 16, 2010 @03:01AM from the reach-out-and-touch-some-one-at-random dept.

CAE guy writes "The Boston Globe is carrying an AP report which begins: 'A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information. The glitch — the result of a routing problem at the family's wireless carrier, AT&T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.' Who needs to worry about man-in-the-middle attacks when your service provider will hijack your session for you?"

1 of 138 comments (clear)

Min score:

Reason:

Sort:

Caching by nOw2 · 2010-01-16 03:38 · Score: 5, Interesting

I can't say for AT&T or Facebook what happened in this case, but I have seen similar things happening with poor-quality web caching proxies.
I am specifically talking of the horror that is Microsoft's ISA server.
At a previous job at an office powered by an MSDN subscription, there were cases where users would open websites for the first time and find themselves immediately logged in as someone who had already used and logged into that site on a nearby LAN computer.