AT&T says it has resolved a network glitch that caused some mobile customers to log into Facebook accounts belonging to complete strangers. "In a limited number of instances, a server software connectivity error resulted in some AT&T wireless customers being logged into the wrong Facebook account when they accessed Facebook …
Pull the other one it has crackers on it
Cookie misdirection my arse. Anyone who has even the slightest idea of how cookies and networks work can see this to be a complete pile of crock.
The ONLY way that cookie could have been redirected is from AT&T messing around with data flow - this stinks of DPI - absolutely festering with it.
I will be very interested to see what the techsperts say about this once they have had more time to investigate the situation - but it is pretty obvious from where I am sitting that AT&T are talking our of their misdirected arses.
"Value added" == "vulnerability added", once again.
Well, it's not so much DPI as it is plain ol'-fashioned proxying. Reading between the lines:
>"collaborated with Facebook to disable subscriber identification information as an option for automatic log-in.
>"For customers to access their Facebook account from AT&T wireless devices, Facebook now only will accept cookies placed by Facebook or full customer log-on information," AT&T said. "If the cookie isn't current, customers will be prompted to log in to their account"
... strongly implies that AT+T have some kind of partnering arrangement with FB, and they maintain some kind of trusted third-party FB authentication servers in their network, to provide a bit of "value-added" service to their customers by NATing, proxying and caching their login so that it can auto-login for them to save them having to type their email address and password so often. The sort of mix-up we've seen here could trivially easily occur in such a server if there was a bit of a race condition, or a non-atomic database, or for any of a multitude of other reasons related to the complexities of multi-threaded coding.
And the "fix" appears to have been for FB to decide to stop trusting AT+T's crappy servers. Good decision. They shouldn't have this kind of arrangement at all with anyone.
I have seen it happen on a few phones just last month. Most people don't have a reason to complain to AT&T since it isn't their profile being defaced.
In the words of Jobs
No big deal
Seriously though, this isn't really newsworthy as facebook is a site for losers anyway.
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Sysadmins and devs: Do these job descriptions make any sense?