Re: Internet security flaw exposes private data

[Dave Farber <dfarber () me com>]

> From: "Abe Singer" <abe () oyvay nu>
> To: "David Farber" <dave () farber net>
> Date: January 16, 2010 12:32:56 PM EST
> Subject: Re: [IP] Internet security flaw exposes private data
>
> Dr. Farber,
>
> For IP if you like...
>
>
> From what I can tell in the article and a few others I googles, this
> is not any sort of a new vulnerability, this was just the same old
> man-in-the-middle "attack" that any tcp session (at the ip/tcp layer)
> is vulnerable to.
>
> The problem highlited in this case is the flawed assumption
> that the Internet backbone and providers provide a trusted path.  I (and
> others) have said for years that one cannot trust a network one does not
> control. (Whether one can trust a network they *do* control is a different
> discussion).
>
> We use SSL for precisely that reason (sidestepping for the moment
> usability/trust issues with PKI).
>
> -- Abe
>
> > Begin forwarded message:
> >
> > From: "Charley Kline" <csk () mail com>
> > Subject: Internet security flaw exposes private data
> >
> > SAN FRANCISCO – A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and 
> > wound up in a startling place: strangers' accounts with full access to troves of private information.
> >
> > The glitch — the result of a routing problem at the family's wireless carrier, AT&T — revealed a little known 
> > security flaw with far reaching implications for everyone on the Internet, not just Facebook users.
> >
> >  
> > The problem had nothing specific to do with Facebook. It is a more general problem.
> >
> >  
> > See http://news.yahoo.com/s/ap/20100116/ap_on_hi_te/us_tec_facebook_at_t_glitch


-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com