Internet security flaw exposes private data

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: Peter Capek <capek () ieee org>
> Date: January 16, 2010 12:16:52 PM EST
> To: dave () farber net
> Subject: Re: [IP] Internet security flaw exposes private data

> Could this problem not be simply the occurrence of the very  
> unlikely, but not impossible, clash of source IP, destination IP,  
> TCP ports and sequence number?
> Given the number of connections which are established every day, and  
> situations
> such as NAT boxes, I'm surprised it doesn't happen more often.    
> (Perhaps it does,
> and we ascribe the resulting problem to other things.)   I don't  
> know what estimates were made in deciding the sizes of these fields  
> back when they were defined (late 70s?), but it seems quite possible  
> that those estimates about communication speed, number of endpoints,  
> etc, have been exceeded by now.
>
>              Peter Capek
>
>
> On Sat, Jan 16, 2010 at 11:31 AM, Dave Farber <dave () farber net> wrote:
>
>
>
>
> Begin forwarded message:
>
> > From: "Kevin T. Neely" <ktneely () astroturfgarden com>
> > Date: January 15, 2010 11:58:08 PM EST
> > To: dave () farber net
> > Subject: Re: [IP] : Internet security flaw exposes private data
>
> > You know what is interesting? I have done this with gmail. I had a  
> > couple friends staying at my house in Florida in early 2008. I had  
> > comcast as my ISP. One morning after making coffee, I openend up my  
> > laptop, went to gmail, and got one of my friends' accounts. He had  
> > brought his own laptop, but I asked anyway "John, did you use my  
> > laptop to check your email?" He hadn't. Somehow, it took me to his  
> > account and I had full access. I could not reproduce later in the  
> > day, so I didn't do anything about it.
> >
> > K
> >
> >
> > Dave Farber wrote:
> > > >From: "Charley Kline" <csk () mail com>
> > > >To: "David Farber" <dave () farber net>
> > > >Date: January 15, 2010 09:09:45 PM EST
> > > >Subject: Internet security flaw exposes private data
> > > >
> > > >
> > >
> > > SAN FRANCISCO – A Georgia mother and her two daughters logged on 
> > > to Facebook from mobile phones last weekend and wound up in a st 
> > > artling place: strangers' accounts with full access to troves of 
> > >  private information.
> > >
> > > The glitch — the result of a routing problem at the family's wir 
> > > eless carrier, AT&T — revealed a little known security flaw with 
> > >  far reaching implications for everyone on the Internet, not jus 
> > > t Facebook users.
> > >
> > > The problem had nothing specific to do with Facebook. It is a more  
> > > general problem.
> > >
> > > See http://news.yahoo.com/s/ap/20100116/ap_on_hi_te/us_tec_facebook_at_t_glitch
> > >
> > > Archives <https://www.listbox.com/member/archive/247/=now> <https://www.listbox.com/member/archive/rss/247/ 
> > > >    [Powered by Listbox] <http://www.listbox.com>
> Archives        



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com