A woman in Georgia and her two daughters have exposed a security flaw in the World Wide Wibble that effects everyone and not just visitors to the social notworking site.
Candace Sawyer, 26, was taken to an account that didn’t look like hers and seemed to be owned by a bloke who was a different colour from her.
She got her sister and her mum to try and the had the same problem on their phones and they got some Yankee Facebook accounts.
After some digging it turned out that the problem was not their phones but a flaw in AT&T’s routing infrastructure connecting the phones to the Internet.
Somehow misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers’ phones to Facebook and back.
The vulnerability means a hacker can access one account at a time, which is of limited use. But probably a good start to a wider campaign.
It is somehow managed by a “misdirected cookie.” But no one is really sure how. It has something to do with the fact that all the mobile Internet traffic for a particular area is routed through the same piece of networking gear. A site which used encryption would be immune to it.