Interesting People mailing list archives
Internet security flaw exposes private data
From: Dave Farber <dave () farber net>
Date: Sat, 16 Jan 2010 12:35:32 -0500
Begin forwarded message:
From: Peter Capek <capek () ieee org> Date: January 16, 2010 12:16:52 PM EST To: dave () farber net Subject: Re: [IP] Internet security flaw exposes private data
Could this problem not be simply the occurrence of the very unlikely, but not impossible, clash of source IP, destination IP, TCP ports and sequence number? Given the number of connections which are established every day, and situations such as NAT boxes, I'm surprised it doesn't happen more often. (Perhaps it does, and we ascribe the resulting problem to other things.) I don't know what estimates were made in deciding the sizes of these fields back when they were defined (late 70s?), but it seems quite possible that those estimates about communication speed, number of endpoints, etc, have been exceeded by now.Peter Capek On Sat, Jan 16, 2010 at 11:31 AM, Dave Farber <dave () farber net> wrote: Begin forwarded message:From: "Kevin T. Neely" <ktneely () astroturfgarden com> Date: January 15, 2010 11:58:08 PM EST To: dave () farber net Subject: Re: [IP] : Internet security flaw exposes private dataYou know what is interesting? I have done this with gmail. I had a couple friends staying at my house in Florida in early 2008. I had comcast as my ISP. One morning after making coffee, I openend up my laptop, went to gmail, and got one of my friends' accounts. He had brought his own laptop, but I asked anyway "John, did you use my laptop to check your email?" He hadn't. Somehow, it took me to his account and I had full access. I could not reproduce later in the day, so I didn't do anything about it.K Dave Farber wrote:>From: "Charley Kline" <csk () mail com> >To: "David Farber" <dave () farber net> >Date: January 15, 2010 09:09:45 PM EST >Subject: Internet security flaw exposes private data > >SAN FRANCISCO – A Georgia mother and her two daughters logged on to Facebook from mobile phones last weekend and wound up in a st artling place: strangers' accounts with full access to troves of private information.The glitch — the result of a routing problem at the family's wir eless carrier, AT&T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not jus t Facebook users.The problem had nothing specific to do with Facebook. It is a more general problem.See http://news.yahoo.com/s/ap/20100116/ap_on_hi_te/us_tec_facebook_at_t_glitchArchives <https://www.listbox.com/member/archive/247/=now> <https://www.listbox.com/member/archive/rss/247/ > [Powered by Listbox] <http://www.listbox.com>Archives
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Internet security flaw exposes private data David Farber (Jan 16)
- <Possible follow-ups>
- Internet security flaw exposes private data Dave Farber (Jan 16)
- Internet security flaw exposes private data Dave Farber (Jan 16)
- Re: Internet security flaw exposes private data Dave Farber (Jan 16)
- Internet security flaw exposes private data Dave Farber (Jan 16)