Zoho users logging into other accounts by accident

Back to the article

Anonymous Coward

Premise #

Posted Friday 30th November 2007 20:07 GMT

Premise = argument

Premises = land/buildings etc.

I'm a pedant I admit it.

Raju Vegesna

Zoho #

Posted Saturday 1st December 2007 00:20 GMT

Under high load, we had a very rare race condition in a common underlying framework that caused this. Before we detected and applied a fix, our logs indicate that it impacted about 12 users.

We immediately took down the servers immediately when we detected the issue and we put in a patch. Our engineering teams are currently working on it round the clock monitoring to ensure that it will not recur.

We understand that our entire business is based on the user’s trust, and we are taking it very seriously.

Raju Vegesna

Zoho

Anonymous Coward

Race condition #

Posted Saturday 1st December 2007 00:20 GMT

A race condition indicates to me temp files... which seems to be the wrong way to handle this... WTF are they thinking? Or am I not as smart as I think I am?

AndyB

session id precision? #

Posted Sunday 2nd December 2007 12:10 GMT

i was working at a major uk retail bank when they first rolled out internet banking. An element of the session id was a time stamp and because the precision was too low, if two users logged on at more or less the same time they got the same session and saw the other's details. I think the incident actually made news at 10. Oh how we laughed!

Anonymous Coward

Hmmm... #

Posted Monday 3rd December 2007 04:33 GMT

> Before we detected and applied a fix, our logs indicate that it impacted about 12 users.

Not to be flippant, but that's mighty good logging you have there if it actually can be used to diagnose state that is not meant to be reached in the first place.

Forums

Forums home