[ NNSquad ] Re: [IP] Internet security flaw exposes private data

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: [IP] Internet security flaw exposes private data

To: <dave@farber.net>, <nnsquad@nnsquad.org>
Subject: [ NNSquad ] Re: [IP] Internet security flaw exposes private data
From: "Bob Frankston" <bob2-39@bobf.frankston.com>
Date: Sat, 16 Jan 2010 13:12:48 -0500
Cc: Peter Capek <capek@ieee.org>

This is what I was thinking =E2=80=93 especially if the carriers use =
proxies and reuse IP addresses per session. This is one reason we need =
protocols based on persistent relationships between end points rather =
than transient identifiers such as an IP address. Especially that 32 bit =
address which was obviously too small even then =E2=80=93 thus forcing =
reuse.

=20

Of course in the 70=E2=80=99s the IP address wasn=E2=80=99t considered =
transient because computers didn=E2=80=99t move around much.

=20

Today we pile a whole set of agendas on the =E2=80=9Cmobile =
Internet=E2=80=9D as if it were fundamentally different and mainly about =
mobile commerce. We need to recognize that untethering tests the =
1970=E2=80=99s design point and requires we think of end points as =
applications rather than fixed places.

   [ At least we've mostly gotten past the stage where https:  was
     only between the mobile proxy and Web servers when mobile users
     connected to "secure" Web sites -- with all data passing in the
     clear through the proxy.  But I agree, the manner in which mobile
     services have typically been layered on top of existing basic
     Internet services is suboptimal in several key aspects.

     However, the existing Internet environment represents an enormous
     edifice, and while I think it's grand to consider the long-term
     visions pointing at significantly major paradigm changes, I also
     feel that the likely path to get there (when we're talking about
     Internet infrastructure) will usually be gradual and
     evolutionary, rather than revolutionary.  So consideration of the
     long term is excellent, but it's essential that we work on the
     short and medium term as well.

       -- Lauren Weinstein
          NNSquad Moderator ]

=20

=20

From: Dave Farber [mailto:dave@farber.net]=20
Sent: Saturday, January 16, 2010 12:36
To: ip
Subject: [IP] Internet security flaw exposes private data

=20

Begin forwarded message:

From: Peter Capek <capek@ieee.org>
Date: January 16, 2010 12:16:52 PM EST
To: dave@farber.net
Subject: Re: [IP] Internet security flaw exposes private data

Could this problem not be simply the occurrence of the very unlikely, =
but not impossible, clash of source IP, destination IP, TCP ports and =
sequence number?
Given the number of connections which are established every day, and =
situations
such as NAT boxes, I'm surprised it doesn't happen more often.   =
(Perhaps it does,
and we ascribe the resulting problem to other things.)   I don't know =
what estimates were made in deciding the sizes of these fields back when =
they were defined (late 70s?), but it seems quite possible that those =
estimates about communication speed, number of endpoints, etc, have been =
exceeded by now.

             Peter Capek

On Sat, Jan 16, 2010 at 11:31 AM, Dave Farber <dave@farber.net> wrote:

Begin forwarded message:

From: "Kevin T. Neely" <ktneely@astroturfgarden.com>
Date: January 15, 2010 11:58:08 PM EST
To: dave@farber.net
Subject: Re: [IP] : Internet security flaw exposes private data

You know what is interesting? I have done this with gmail. I had a =
couple friends staying at my house in Florida in early 2008. I had =
comcast as my ISP. One morning after making coffee, I openend up my =
laptop, went to gmail, and got one of my friends' accounts. He had =
brought his own laptop, but I asked anyway "John, did you use my laptop =
to check your email?" He hadn't. Somehow, it took me to his account and =
I had full access. I could not reproduce later in the day, so I didn't =
do anything about it.

K

Dave Farber wrote:

>From: "Charley Kline" <csk@mail.com>

>To: "David Farber" <dave@farber.net>

>Date: January 15, 2010 09:09:45 PM EST

>Subject: Internet security flaw exposes private data

>=20

>=20

=20

SAN FRANCISCO =E2=80=93 A Georgia mother and her two daughters logged =
onto Facebook from mobile phones last weekend and wound up in a =
startling place: strangers' accounts with full access to troves of =
private information.

=20

The glitch =E2=80=94 the result of a routing problem at the family's =
wireless carrier, AT&T =E2=80=94 revealed a little known security flaw =
with far reaching implications for everyone on the Internet, not just =
Facebook users.

=20

The problem had nothing specific to do with Facebook. It is a more =
general problem.

=20

See =
http://news.yahoo.com/s/ap/20100116/ap_on_hi_te/us_tec_facebook_at_t_glit=
ch=20

=20

Archives <https://www.listbox.com/member/archive/247/=3Dnow> =
<https://www.listbox.com/member/archive/rss/247/>    [Powered by =
Listbox] <http://www.listbox.com>

=20

 <https://www.listbox.com/member/archive/247/=3Dnow> Archives  =
<https://www.listbox.com/member/archive/rss/247/>=20

 <http://www.listbox.com>=20

=20

 <https://www.listbox.com/member/archive/247/=3Dnow> Archives  =
<https://www.listbox.com/member/archive/rss/247/>=20

 <http://www.listbox.com>=20

=20

Prev by Date: [ NNSquad ] How "fanqiang" evades Chinese Internet censorship
Next by Date: [ NNSquad ] Internet security flaw exposes private data
Previous by thread: [ NNSquad ] How "fanqiang" evades Chinese Internet censorship
Next by thread: [ NNSquad ] Internet security flaw exposes private data
Index(es):
- Date
- Thread