Search


  • Categories


  • Archives

    « Home

    Associated Press: AT&T Network Flaw Reveals Facebook Data

    Here’s an interesting story about mobile security affecting the privacy of a person’s data on social networking site Facebook.

    A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information.

    The glitch — the result of a routing problem at the family’s wireless carrier, AT&T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.

    In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information — from mundane data to dark secrets — can go awry.

    Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It’s not clear whether such episodes are rare or simply not reported. But experts said such flaws could occur on e-mail services, for instance, and that something similar could happen on a PC, not just a phone. […]

    Some Web sites would be immune from this kind of mix-up, particularly those that use encryption. A Web browser would have trouble deciphering the encryption on a page that a computer user didn’t actually seek, said Chris Wysopal, co-founder of Veracode Inc., a security company.

    Sensitive sites and those used for banking and e-commerce generally use encryption. But most other sites, including some Web-based e-mail services, don’t use it. One way of checking: The Web addresses of encrypted sites begin with “https” rather than “http.” Facebook uses encryption when user names and passwords are entered, to cloak the sign-on from snoops, but after the credentials are entered the encryption is dropped.

    Leave a Reply