<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_16_1331239</id>
	<title>AT&amp;T Glitch Connects Users To Wrong Accounts</title>
	<author>Soulskill</author>
	<datestamp>1263654060000</datestamp>
	<htmltext><a href="mailto:cabriggs@gmail.com" rel="nofollow">CAE guy</a> writes <i>"The Boston Globe is carrying an AP report which begins: 'A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with <a href="http://www.boston.com/business/technology/articles/2010/01/15/ap\_exclusive\_network\_flaw\_causes\_scary\_web\_error/">full access to troves of private information</a>. The glitch &mdash; the result of a routing problem at the family's wireless carrier, AT&amp;T &mdash; revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.' Who needs to worry about man-in-the-middle attacks when your service provider will hijack your session for you?"</i></htmltext>
<tokenext>CAE guy writes " The Boston Globe is carrying an AP report which begins : 'A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place : strangers ' accounts with full access to troves of private information .
The glitch    the result of a routing problem at the family 's wireless carrier , AT&amp;T    revealed a little known security flaw with far reaching implications for everyone on the Internet , not just Facebook users .
' Who needs to worry about man-in-the-middle attacks when your service provider will hijack your session for you ?
"</tokentext>
<sentencetext>CAE guy writes "The Boston Globe is carrying an AP report which begins: 'A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers' accounts with full access to troves of private information.
The glitch — the result of a routing problem at the family's wireless carrier, AT&amp;T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.
' Who needs to worry about man-in-the-middle attacks when your service provider will hijack your session for you?
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791594</id>
	<title>This is interesting because</title>
	<author>Anonymous</author>
	<datestamp>1263667680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Years ago I clicked on a dating service ad here on Slashdot.  It turned out (disappointingly) to lead to Match.com.  But the interesting thing was that I appeared to be logged in as a Match.com user (I had no account with Match at the time).  I verified that I was indeed logged in by going to the account details page, and was able to see this guy's personal info.</p><p>Now I could've been a dick, but I wasn't -- I logged out immediately.  But to this day I wonder how the heck that could've happened.</p></htmltext>
<tokenext>Years ago I clicked on a dating service ad here on Slashdot .
It turned out ( disappointingly ) to lead to Match.com .
But the interesting thing was that I appeared to be logged in as a Match.com user ( I had no account with Match at the time ) .
I verified that I was indeed logged in by going to the account details page , and was able to see this guy 's personal info.Now I could 've been a dick , but I was n't -- I logged out immediately .
But to this day I wonder how the heck that could 've happened .</tokentext>
<sentencetext>Years ago I clicked on a dating service ad here on Slashdot.
It turned out (disappointingly) to lead to Match.com.
But the interesting thing was that I appeared to be logged in as a Match.com user (I had no account with Match at the time).
I verified that I was indeed logged in by going to the account details page, and was able to see this guy's personal info.Now I could've been a dick, but I wasn't -- I logged out immediately.
But to this day I wonder how the heck that could've happened.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790568</id>
	<title>Technical details please!</title>
	<author>Azureflare</author>
	<datestamp>1263659820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Did the session IDs get crossed? This is the only thing I can think of: that the cookie got sent to the wrong handsets, perhaps because they were logging in simultaneously. This would be very worrisome if it were true, as it would not apply to other sites besides facebook, e.g. banking sites.
<br> <br>
However, I'm wondering if it may be a problem with the Facebook login system. Perhaps there is something wrong with how they identify a browser who is currently logging in, and they confused handsets on the carrier (since they probably share IPs with other handsets).
<br> <br>
More testing needs to be done to determine if this really is an ATT issue, or just a facebook issue.  Facebook doesn't exactly have cast-iron, secure code, from my experience.
<br> <br>
Also, AJAX can get wonky sometimes if you don't code it right, and facebook relies on a lot of AJAX now.</htmltext>
<tokenext>Did the session IDs get crossed ?
This is the only thing I can think of : that the cookie got sent to the wrong handsets , perhaps because they were logging in simultaneously .
This would be very worrisome if it were true , as it would not apply to other sites besides facebook , e.g .
banking sites .
However , I 'm wondering if it may be a problem with the Facebook login system .
Perhaps there is something wrong with how they identify a browser who is currently logging in , and they confused handsets on the carrier ( since they probably share IPs with other handsets ) .
More testing needs to be done to determine if this really is an ATT issue , or just a facebook issue .
Facebook does n't exactly have cast-iron , secure code , from my experience .
Also , AJAX can get wonky sometimes if you do n't code it right , and facebook relies on a lot of AJAX now .</tokentext>
<sentencetext>Did the session IDs get crossed?
This is the only thing I can think of: that the cookie got sent to the wrong handsets, perhaps because they were logging in simultaneously.
This would be very worrisome if it were true, as it would not apply to other sites besides facebook, e.g.
banking sites.
However, I'm wondering if it may be a problem with the Facebook login system.
Perhaps there is something wrong with how they identify a browser who is currently logging in, and they confused handsets on the carrier (since they probably share IPs with other handsets).
More testing needs to be done to determine if this really is an ATT issue, or just a facebook issue.
Facebook doesn't exactly have cast-iron, secure code, from my experience.
Also, AJAX can get wonky sometimes if you don't code it right, and facebook relies on a lot of AJAX now.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792170</id>
	<title>Re:But... what?</title>
	<author>mdwh2</author>
	<datestamp>1263671940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>Data which is not secure cannot have a security issue. It is already public.</i></p><p>I'm not sure you mean that, that's a circular definition - anything with a security hole means the data isn't secure, which by your definition means it's not a security issue. Therefore security issues can never exist?</p></htmltext>
<tokenext>Data which is not secure can not have a security issue .
It is already public.I 'm not sure you mean that , that 's a circular definition - anything with a security hole means the data is n't secure , which by your definition means it 's not a security issue .
Therefore security issues can never exist ?</tokentext>
<sentencetext>Data which is not secure cannot have a security issue.
It is already public.I'm not sure you mean that, that's a circular definition - anything with a security hole means the data isn't secure, which by your definition means it's not a security issue.
Therefore security issues can never exist?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790760</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790446</id>
	<title>Article Comments</title>
	<author>Anonymous</author>
	<datestamp>1263658800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Reading the article's comments (Ya, I know ban me for RTFA lol) the issue appears to be quite widespread, and possibly on Facebook's end. They appear to not sue encryption once you log in, so that is definitely a weakness there. But that "costs" more bandwidth... but if Google can do it and switch to HTTPS... but of course this is email, not public humiliation we are talking about here.</p></htmltext>
<tokenext>Reading the article 's comments ( Ya , I know ban me for RTFA lol ) the issue appears to be quite widespread , and possibly on Facebook 's end .
They appear to not sue encryption once you log in , so that is definitely a weakness there .
But that " costs " more bandwidth... but if Google can do it and switch to HTTPS... but of course this is email , not public humiliation we are talking about here .</tokentext>
<sentencetext>Reading the article's comments (Ya, I know ban me for RTFA lol) the issue appears to be quite widespread, and possibly on Facebook's end.
They appear to not sue encryption once you log in, so that is definitely a weakness there.
But that "costs" more bandwidth... but if Google can do it and switch to HTTPS... but of course this is email, not public humiliation we are talking about here.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30793514</id>
	<title>Rates?</title>
	<author>sjames</author>
	<datestamp>1263639780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So, AT&amp;T, tell us again what makes your service worth those outrageous rates? It seems you can't even assure that you won't deliver my data to a complete stranger.</p></htmltext>
<tokenext>So , AT&amp;T , tell us again what makes your service worth those outrageous rates ?
It seems you ca n't even assure that you wo n't deliver my data to a complete stranger .</tokentext>
<sentencetext>So, AT&amp;T, tell us again what makes your service worth those outrageous rates?
It seems you can't even assure that you won't deliver my data to a complete stranger.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790906</id>
	<title>T-Mobile</title>
	<author>flawd1</author>
	<datestamp>1263663060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I had something like this happen to me on T-Mobile a couple weeks ago. A mother and daughter were trying to call each other one night, and each call went to me. It went on for over an hour. I even tried to call their numbers back and got my voicemail.</htmltext>
<tokenext>I had something like this happen to me on T-Mobile a couple weeks ago .
A mother and daughter were trying to call each other one night , and each call went to me .
It went on for over an hour .
I even tried to call their numbers back and got my voicemail .</tokentext>
<sentencetext>I had something like this happen to me on T-Mobile a couple weeks ago.
A mother and daughter were trying to call each other one night, and each call went to me.
It went on for over an hour.
I even tried to call their numbers back and got my voicemail.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790652</id>
	<title>NAT problem on ATT's WAP gateway?</title>
	<author>Anonymous</author>
	<datestamp>1263660660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Might have been a NAT problem on ATT's WAP gateway.</p></htmltext>
<tokenext>Might have been a NAT problem on ATT 's WAP gateway .</tokentext>
<sentencetext>Might have been a NAT problem on ATT's WAP gateway.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792104</id>
	<title>The real secret and what spy agencies really see</title>
	<author>Anonymous</author>
	<datestamp>1263671340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I can't wonder if what happened here is not a glitch -- this is the access that the US Intelligence communities get all the time through ATT. The only "glitch" was that somehow, this lady temp. got into that loop. If this is the case, they see whatever, whenever all the time -- now that is what is really scary.</p></htmltext>
<tokenext>I ca n't wonder if what happened here is not a glitch -- this is the access that the US Intelligence communities get all the time through ATT .
The only " glitch " was that somehow , this lady temp .
got into that loop .
If this is the case , they see whatever , whenever all the time -- now that is what is really scary .</tokentext>
<sentencetext>I can't wonder if what happened here is not a glitch -- this is the access that the US Intelligence communities get all the time through ATT.
The only "glitch" was that somehow, this lady temp.
got into that loop.
If this is the case, they see whatever, whenever all the time -- now that is what is really scary.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792642</id>
	<title>How she knew it wasn't her account</title>
	<author>Fnord666</author>
	<datestamp>1263632520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>When describing how she knew it was not her account, Candace replied that<blockquote><div><p>"He's white -- I'm not,"</p></div>
</blockquote><p>
Apparently the fact that the account holder was also male was not the first thing to cross her mind.  I thought we had gotten farther than this.</p></div>
	</htmltext>
<tokenext>When describing how she knew it was not her account , Candace replied that " He 's white -- I 'm not , " Apparently the fact that the account holder was also male was not the first thing to cross her mind .
I thought we had gotten farther than this .</tokentext>
<sentencetext>When describing how she knew it was not her account, Candace replied that"He's white -- I'm not,"

Apparently the fact that the account holder was also male was not the first thing to cross her mind.
I thought we had gotten farther than this.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790754</id>
	<title>CLEARLY a web proxy problem...</title>
	<author>nweaver</author>
	<datestamp>1263661740000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>On the IP layer, this wouldn't happen, because there are cookies contained in the web traffic that are used to route things on the Facebook end, simply because there are NATS and the like.</p><p>Thus the problem is whatever in-path HTTP proxy AT&amp;T is using for their phones that crossed things over.</p><p>In-path HTTP proxies and caches can be very hard to find and may produce all sorts of interesting subtle problems when there are bugs in them.</p></htmltext>
<tokenext>On the IP layer , this would n't happen , because there are cookies contained in the web traffic that are used to route things on the Facebook end , simply because there are NATS and the like.Thus the problem is whatever in-path HTTP proxy AT&amp;T is using for their phones that crossed things over.In-path HTTP proxies and caches can be very hard to find and may produce all sorts of interesting subtle problems when there are bugs in them .</tokentext>
<sentencetext>On the IP layer, this wouldn't happen, because there are cookies contained in the web traffic that are used to route things on the Facebook end, simply because there are NATS and the like.Thus the problem is whatever in-path HTTP proxy AT&amp;T is using for their phones that crossed things over.In-path HTTP proxies and caches can be very hard to find and may produce all sorts of interesting subtle problems when there are bugs in them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791602</id>
	<title>oblig.</title>
	<author>Anonymous</author>
	<datestamp>1263667740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>THEN WHO WAS PHONE?</p></htmltext>
<tokenext>THEN WHO WAS PHONE ?</tokentext>
<sentencetext>THEN WHO WAS PHONE?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790870</id>
	<title>Re:Technical details please!</title>
	<author>Anonymous</author>
	<datestamp>1263662760000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>The article is poorly written and obviously is a hearsay of technical information loosely translated into something people might read.</p><p>The description of the potential scope of the problem (all of the internet, everybody, all of the time) is laughable.  Of course if I get a flat tire from a nail, and if nails are used everywhere, then everyone's tires are at risk from nails all of the time.   And we should all stay home.   Better to find out why that nail was there and if there is someone dropping nails on  the road.</p><p>Sounds like a bad session cookie, either at Facebook server or loadbalancer.  Or perhaps some network cache/proxy that keeps session info.   If it was a TCP connection that an IP router went bonkers on then a lot of other session things would go wrong too and packets would drop.  Its a complex world we live in so there is always the possibility that something weird and not so wonderful happened.</p><p>er.. awaiting better information</p></htmltext>
<tokenext>The article is poorly written and obviously is a hearsay of technical information loosely translated into something people might read.The description of the potential scope of the problem ( all of the internet , everybody , all of the time ) is laughable .
Of course if I get a flat tire from a nail , and if nails are used everywhere , then everyone 's tires are at risk from nails all of the time .
And we should all stay home .
Better to find out why that nail was there and if there is someone dropping nails on the road.Sounds like a bad session cookie , either at Facebook server or loadbalancer .
Or perhaps some network cache/proxy that keeps session info .
If it was a TCP connection that an IP router went bonkers on then a lot of other session things would go wrong too and packets would drop .
Its a complex world we live in so there is always the possibility that something weird and not so wonderful happened.er.. awaiting better information</tokentext>
<sentencetext>The article is poorly written and obviously is a hearsay of technical information loosely translated into something people might read.The description of the potential scope of the problem (all of the internet, everybody, all of the time) is laughable.
Of course if I get a flat tire from a nail, and if nails are used everywhere, then everyone's tires are at risk from nails all of the time.
And we should all stay home.
Better to find out why that nail was there and if there is someone dropping nails on  the road.Sounds like a bad session cookie, either at Facebook server or loadbalancer.
Or perhaps some network cache/proxy that keeps session info.
If it was a TCP connection that an IP router went bonkers on then a lot of other session things would go wrong too and packets would drop.
Its a complex world we live in so there is always the possibility that something weird and not so wonderful happened.er.. awaiting better information</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792146</id>
	<title>Re:How half of all customer support calls begin</title>
	<author>Agent ME</author>
	<datestamp>1263671760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you had a phone that did magical things, why would your first response be to get rid of it?</p></htmltext>
<tokenext>If you had a phone that did magical things , why would your first response be to get rid of it ?</tokentext>
<sentencetext>If you had a phone that did magical things, why would your first response be to get rid of it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790360</id>
	<title>can you hear me now?</title>
	<author>Anonymous</author>
	<datestamp>1263658080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Can you hear me now?  Maybe.  Can I see all your private information?  Yes!</p></htmltext>
<tokenext>Can you hear me now ?
Maybe. Can I see all your private information ?
Yes !</tokentext>
<sentencetext>Can you hear me now?
Maybe.  Can I see all your private information?
Yes!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790374</id>
	<title>How half of all customer support calls begin</title>
	<author>jarocho</author>
	<datestamp>1263658200000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>Quote from the article:
<br>
<br>
"I thought it was the phone -- 'Maybe this phone is just weird and does magical, horrible things and I have to get rid of it...'"</div>
	</htmltext>
<tokenext>Quote from the article : " I thought it was the phone -- 'Maybe this phone is just weird and does magical , horrible things and I have to get rid of it... ' "</tokentext>
<sentencetext>Quote from the article:


"I thought it was the phone -- 'Maybe this phone is just weird and does magical, horrible things and I have to get rid of it...'"
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30793590</id>
	<title>Something similar happened to me in 2005</title>
	<author>JNSL</author>
	<datestamp>1263640260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>In the fall of 2005, I was in a computer lab in Italy. There were probably 10 or 12 desktop stations. We'd often have trouble with our sessions temporarily crossing. So I'd be on Facebook and then all of a sudden somebody else's profile would show up when I'd click a link to my profile. Similarly, this would happen to other people. We couldn't make any changes - a single click to a new page would take us back to our account. Facebook was a very different operation back then, but I always assumed it was the network admins who were at fault.</htmltext>
<tokenext>In the fall of 2005 , I was in a computer lab in Italy .
There were probably 10 or 12 desktop stations .
We 'd often have trouble with our sessions temporarily crossing .
So I 'd be on Facebook and then all of a sudden somebody else 's profile would show up when I 'd click a link to my profile .
Similarly , this would happen to other people .
We could n't make any changes - a single click to a new page would take us back to our account .
Facebook was a very different operation back then , but I always assumed it was the network admins who were at fault .</tokentext>
<sentencetext>In the fall of 2005, I was in a computer lab in Italy.
There were probably 10 or 12 desktop stations.
We'd often have trouble with our sessions temporarily crossing.
So I'd be on Facebook and then all of a sudden somebody else's profile would show up when I'd click a link to my profile.
Similarly, this would happen to other people.
We couldn't make any changes - a single click to a new page would take us back to our account.
Facebook was a very different operation back then, but I always assumed it was the network admins who were at fault.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791960</id>
	<title>Re:But... what?</title>
	<author>zten</author>
	<datestamp>1263670140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've used m.facebook.com on AT&amp;T across different phones while using my account's SIM card without having to log in again.</htmltext>
<tokenext>I 've used m.facebook.com on AT&amp;T across different phones while using my account 's SIM card without having to log in again .</tokentext>
<sentencetext>I've used m.facebook.com on AT&amp;T across different phones while using my account's SIM card without having to log in again.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790330</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791024</id>
	<title>MITM</title>
	<author>gmuslera</author>
	<datestamp>1263663780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Unless are women, the people working at your service provider (and all the layers between you and your target site) are in fact man in the middle. That they decide to "attack" by their own choice or i.e. government order is up to them, but is up to you being aware of that and take measures to minimize risks.

Unless we are talking about facebook, of course, there lack of privacy don't seem to be a big priority.</htmltext>
<tokenext>Unless are women , the people working at your service provider ( and all the layers between you and your target site ) are in fact man in the middle .
That they decide to " attack " by their own choice or i.e .
government order is up to them , but is up to you being aware of that and take measures to minimize risks .
Unless we are talking about facebook , of course , there lack of privacy do n't seem to be a big priority .</tokentext>
<sentencetext>Unless are women, the people working at your service provider (and all the layers between you and your target site) are in fact man in the middle.
That they decide to "attack" by their own choice or i.e.
government order is up to them, but is up to you being aware of that and take measures to minimize risks.
Unless we are talking about facebook, of course, there lack of privacy don't seem to be a big priority.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790406</id>
	<title>the american response</title>
	<author>anonieuweling</author>
	<datestamp>1263658500000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext>should be:<br>
<br>
SUE the hell out of them.</htmltext>
<tokenext>should be : SUE the hell out of them .</tokentext>
<sentencetext>should be:

SUE the hell out of them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790784</id>
	<title>So packets can be mis-routed?</title>
	<author>nurb432</author>
	<datestamp>1263661980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Really now? And people are just now realizing this?</p></htmltext>
<tokenext>Really now ?
And people are just now realizing this ?</tokentext>
<sentencetext>Really now?
And people are just now realizing this?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30793012</id>
	<title>I can confirm this</title>
	<author>yamamushi</author>
	<datestamp>1263635640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have been getting facebook notifications for someone in Germany, I get notified of all the comments posted on their profiles. I thought this was something wrong with the facebook application itself, but this confirms my suspicions that there is a deeper issue at hand.</htmltext>
<tokenext>I have been getting facebook notifications for someone in Germany , I get notified of all the comments posted on their profiles .
I thought this was something wrong with the facebook application itself , but this confirms my suspicions that there is a deeper issue at hand .</tokentext>
<sentencetext>I have been getting facebook notifications for someone in Germany, I get notified of all the comments posted on their profiles.
I thought this was something wrong with the facebook application itself, but this confirms my suspicions that there is a deeper issue at hand.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30796454</id>
	<title>The Moral of the Story:</title>
	<author>dugrrr</author>
	<datestamp>1263671280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Click the damn "logout" link to end the session.</htmltext>
<tokenext>Click the damn " logout " link to end the session .</tokentext>
<sentencetext>Click the damn "logout" link to end the session.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30797614</id>
	<title>This quote rocks</title>
	<author>Nyder</author>
	<datestamp>1263736500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>...<br>"I thought it was the phone -- `Maybe this phone is just weird and does magical, horrible things and I have to get rid of it,'" said Candace Sawyer.<nobr> <wbr></nobr>...</p></div></div>
	</htmltext>
<tokenext>... " I thought it was the phone -- ` Maybe this phone is just weird and does magical , horrible things and I have to get rid of it, ' " said Candace Sawyer .
.. .</tokentext>
<sentencetext> ..."I thought it was the phone -- `Maybe this phone is just weird and does magical, horrible things and I have to get rid of it,'" said Candace Sawyer.
...
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790760</id>
	<title>Re:But... what?</title>
	<author>Bob9113</author>
	<datestamp>1263661740000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><i>If the site does not offer HTTPS, it is good practice to assume the information you store there is not secure.</i></p><p>Fixed that for you. Data sent in the clear is not secure.</p><p>From this we can make another logical step: Therefore this is not a security issue. Data which is not secure cannot have a security issue. It is already public.</p></htmltext>
<tokenext>If the site does not offer HTTPS , it is good practice to assume the information you store there is not secure.Fixed that for you .
Data sent in the clear is not secure.From this we can make another logical step : Therefore this is not a security issue .
Data which is not secure can not have a security issue .
It is already public .</tokentext>
<sentencetext>If the site does not offer HTTPS, it is good practice to assume the information you store there is not secure.Fixed that for you.
Data sent in the clear is not secure.From this we can make another logical step: Therefore this is not a security issue.
Data which is not secure cannot have a security issue.
It is already public.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790508</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790606</id>
	<title>Cool</title>
	<author>Anonymous</author>
	<datestamp>1263660120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This happened to me in Virgina a few weeks back. AT&amp;T is my service provider.

Promptly logged out so I could get onto mine.</htmltext>
<tokenext>This happened to me in Virgina a few weeks back .
AT&amp;T is my service provider .
Promptly logged out so I could get onto mine .</tokentext>
<sentencetext>This happened to me in Virgina a few weeks back.
AT&amp;T is my service provider.
Promptly logged out so I could get onto mine.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790450</id>
	<title>This makes no sense...</title>
	<author>Anonymous</author>
	<datestamp>1263658800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The website handles the login to accounts. The article was saying that folks were logging in via their AT&amp;T cell phones and ending up on others pages. I don't get it, one's phone has their login information, the phone sends the login info to Facebook, Facebook verifies the login information and then lets the user see their stuff. What, is ATT pooling login information to Facebook on one server and doing a lookup when someone wants to log into FB?</p><p>How in the World can this be AT&amp;T's fault unless they have some special deal with Facebook and they're the ones sending wrong information to Facebook. </p><p>If this is infact AT&amp;T's problem, then that means it could happen to those of us that have AT&amp;T as their ISP and login via their home computers.</p><p>Actually, WTF is Facebook doing?!? That is the real question here. How the hell is AT&amp;T mixed up in this?</p></htmltext>
<tokenext>The website handles the login to accounts .
The article was saying that folks were logging in via their AT&amp;T cell phones and ending up on others pages .
I do n't get it , one 's phone has their login information , the phone sends the login info to Facebook , Facebook verifies the login information and then lets the user see their stuff .
What , is ATT pooling login information to Facebook on one server and doing a lookup when someone wants to log into FB ? How in the World can this be AT&amp;T 's fault unless they have some special deal with Facebook and they 're the ones sending wrong information to Facebook .
If this is infact AT&amp;T 's problem , then that means it could happen to those of us that have AT&amp;T as their ISP and login via their home computers.Actually , WTF is Facebook doing ? ! ?
That is the real question here .
How the hell is AT&amp;T mixed up in this ?</tokentext>
<sentencetext>The website handles the login to accounts.
The article was saying that folks were logging in via their AT&amp;T cell phones and ending up on others pages.
I don't get it, one's phone has their login information, the phone sends the login info to Facebook, Facebook verifies the login information and then lets the user see their stuff.
What, is ATT pooling login information to Facebook on one server and doing a lookup when someone wants to log into FB?How in the World can this be AT&amp;T's fault unless they have some special deal with Facebook and they're the ones sending wrong information to Facebook.
If this is infact AT&amp;T's problem, then that means it could happen to those of us that have AT&amp;T as their ISP and login via their home computers.Actually, WTF is Facebook doing?!?
That is the real question here.
How the hell is AT&amp;T mixed up in this?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790508</id>
	<title>Re:But... what?</title>
	<author>MtHuurne</author>
	<datestamp>1263659460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>I don't know how Facebook does it specifically, but many sites will give the user a session cookie after entering his/her username and password. All further requests use that session cookie to identify the user. It sounds like a proxy at AT&amp;T served a cached response belonging to someone else and that included a session cookie that was still valid (not logged out or expired).</p><p>It may be a bug in the proxy or a bug in the HTTP headers set by Facebook that instruct how a response should be cached. It does show that it is a good idea to use HTTPS when accessing private data, not just for banking. If the site does not offer HTTPS, it is good practice to log out when you're done, so that the server will invalidate the session cookie.</p></htmltext>
<tokenext>I do n't know how Facebook does it specifically , but many sites will give the user a session cookie after entering his/her username and password .
All further requests use that session cookie to identify the user .
It sounds like a proxy at AT&amp;T served a cached response belonging to someone else and that included a session cookie that was still valid ( not logged out or expired ) .It may be a bug in the proxy or a bug in the HTTP headers set by Facebook that instruct how a response should be cached .
It does show that it is a good idea to use HTTPS when accessing private data , not just for banking .
If the site does not offer HTTPS , it is good practice to log out when you 're done , so that the server will invalidate the session cookie .</tokentext>
<sentencetext>I don't know how Facebook does it specifically, but many sites will give the user a session cookie after entering his/her username and password.
All further requests use that session cookie to identify the user.
It sounds like a proxy at AT&amp;T served a cached response belonging to someone else and that included a session cookie that was still valid (not logged out or expired).It may be a bug in the proxy or a bug in the HTTP headers set by Facebook that instruct how a response should be cached.
It does show that it is a good idea to use HTTPS when accessing private data, not just for banking.
If the site does not offer HTTPS, it is good practice to log out when you're done, so that the server will invalidate the session cookie.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790330</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30795576</id>
	<title>Facebook also screwed up here with their auth!</title>
	<author>freaker\_TuC</author>
	<datestamp>1263657240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The Sawyers experienced a different glitch. Coe said an investigation points to a "misdirected cookie." A cookie is a file some Web sites place on computers to store identifying information -- including the user name that Facebook members would enter to access their pages. Coe said technicians couldn't figure out how the cookie had been routed to the wrong phone, leading it into the wrong Facebook account.</p></div><p>I cannot understand why Facebook didn't add the ip address to the hash of the login; making it impossible to use the same cookie with another IP address.<br>I simply cannot understand. I even think mobiles generate their own UNIQUE identification code which can be used too for the mobile version of facebook.</p><p>I'd think BOTH are in error; facebook for having ratsass security and the phone company of making this possible.</p><p>Makes one wonder too; how safe we really are for MITM attacks; looking to this case...</p></div>
	</htmltext>
<tokenext>The Sawyers experienced a different glitch .
Coe said an investigation points to a " misdirected cookie .
" A cookie is a file some Web sites place on computers to store identifying information -- including the user name that Facebook members would enter to access their pages .
Coe said technicians could n't figure out how the cookie had been routed to the wrong phone , leading it into the wrong Facebook account.I can not understand why Facebook did n't add the ip address to the hash of the login ; making it impossible to use the same cookie with another IP address.I simply can not understand .
I even think mobiles generate their own UNIQUE identification code which can be used too for the mobile version of facebook.I 'd think BOTH are in error ; facebook for having ratsass security and the phone company of making this possible.Makes one wonder too ; how safe we really are for MITM attacks ; looking to this case.. .</tokentext>
<sentencetext>The Sawyers experienced a different glitch.
Coe said an investigation points to a "misdirected cookie.
" A cookie is a file some Web sites place on computers to store identifying information -- including the user name that Facebook members would enter to access their pages.
Coe said technicians couldn't figure out how the cookie had been routed to the wrong phone, leading it into the wrong Facebook account.I cannot understand why Facebook didn't add the ip address to the hash of the login; making it impossible to use the same cookie with another IP address.I simply cannot understand.
I even think mobiles generate their own UNIQUE identification code which can be used too for the mobile version of facebook.I'd think BOTH are in error; facebook for having ratsass security and the phone company of making this possible.Makes one wonder too; how safe we really are for MITM attacks; looking to this case...
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792684</id>
	<title>Knowing AT&amp;T...</title>
	<author>Anonymous</author>
	<datestamp>1263632820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>When are we going to get the story from the CEO somehow blaming this on the iphone and all the bandwidth they use?</p></htmltext>
<tokenext>When are we going to get the story from the CEO somehow blaming this on the iphone and all the bandwidth they use ?</tokentext>
<sentencetext>When are we going to get the story from the CEO somehow blaming this on the iphone and all the bandwidth they use?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790746</id>
	<title>It's not entirely new</title>
	<author>anorlunda</author>
	<datestamp>1263661560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>In the pre-LAN days of the 1980s we used to use terminal servers to connect dumb terminals to the computers.   Their purpose was to dish our point-to-point connections on demand.</p><p>Once in a while, perhaps due to a power glitch, the terminal servers would drop all connections and then immediately reconnect everyone at random.   Users abruptly found themselves in the middle of someone else's session.</p><p>Old technology or new, connection errors are bound to happen once in a while.</p><p>The true risk here is misplaced confidence.  People simplify; errors that happen very rarely are mentally simplified to "never happens."  They then become sloppy and unguarded.</p><p>In parts of India where customers suffer electric blackouts 4-5 times per day, commerce is so robust that they hardly notice.   When a regional blackout happens in a Western country once every 10 years or so, many people are caught unprepared.</p><p>Fire departments hold regular drills to maintain preparedness skills.  The frequency of real life emergencies is not sufficient.  Perhaps the public would be best served by participating in regular Internet drills, but I'm not going to hold my breath waiting for that to happen.</p></htmltext>
<tokenext>In the pre-LAN days of the 1980s we used to use terminal servers to connect dumb terminals to the computers .
Their purpose was to dish our point-to-point connections on demand.Once in a while , perhaps due to a power glitch , the terminal servers would drop all connections and then immediately reconnect everyone at random .
Users abruptly found themselves in the middle of someone else 's session.Old technology or new , connection errors are bound to happen once in a while.The true risk here is misplaced confidence .
People simplify ; errors that happen very rarely are mentally simplified to " never happens .
" They then become sloppy and unguarded.In parts of India where customers suffer electric blackouts 4-5 times per day , commerce is so robust that they hardly notice .
When a regional blackout happens in a Western country once every 10 years or so , many people are caught unprepared.Fire departments hold regular drills to maintain preparedness skills .
The frequency of real life emergencies is not sufficient .
Perhaps the public would be best served by participating in regular Internet drills , but I 'm not going to hold my breath waiting for that to happen .</tokentext>
<sentencetext>In the pre-LAN days of the 1980s we used to use terminal servers to connect dumb terminals to the computers.
Their purpose was to dish our point-to-point connections on demand.Once in a while, perhaps due to a power glitch, the terminal servers would drop all connections and then immediately reconnect everyone at random.
Users abruptly found themselves in the middle of someone else's session.Old technology or new, connection errors are bound to happen once in a while.The true risk here is misplaced confidence.
People simplify; errors that happen very rarely are mentally simplified to "never happens.
"  They then become sloppy and unguarded.In parts of India where customers suffer electric blackouts 4-5 times per day, commerce is so robust that they hardly notice.
When a regional blackout happens in a Western country once every 10 years or so, many people are caught unprepared.Fire departments hold regular drills to maintain preparedness skills.
The frequency of real life emergencies is not sufficient.
Perhaps the public would be best served by participating in regular Internet drills, but I'm not going to hold my breath waiting for that to happen.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790648</id>
	<title>sounds like somebody isn't using Cache-Control</title>
	<author>Anonymous</author>
	<datestamp>1263660600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It would be really easy to do this if they used squid or similar and somehow told it to not honor/honour the Cache-Control setting subsequent connections would end up re-using "objects" that were supposed to be private...like cookies.</p></htmltext>
<tokenext>It would be really easy to do this if they used squid or similar and somehow told it to not honor/honour the Cache-Control setting subsequent connections would end up re-using " objects " that were supposed to be private...like cookies .</tokentext>
<sentencetext>It would be really easy to do this if they used squid or similar and somehow told it to not honor/honour the Cache-Control setting subsequent connections would end up re-using "objects" that were supposed to be private...like cookies.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792740</id>
	<title>Mod parent down</title>
	<author>93 Escort Wagon</author>
	<datestamp>1263633360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>He readily admits to reading the article! Not only the article, but even the comments! We can't have that on Slashdot - we've got to nip this in the bud.</p></htmltext>
<tokenext>He readily admits to reading the article !
Not only the article , but even the comments !
We ca n't have that on Slashdot - we 've got to nip this in the bud .</tokentext>
<sentencetext>He readily admits to reading the article!
Not only the article, but even the comments!
We can't have that on Slashdot - we've got to nip this in the bud.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790446</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790332</id>
	<title>nsa account ftw!</title>
	<author>daveb1</author>
	<datestamp>1263657840000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>oooo im on as the nsa ooo pretty!</htmltext>
<tokenext>oooo im on as the nsa ooo pretty !</tokentext>
<sentencetext>oooo im on as the nsa ooo pretty!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792174</id>
	<title>cell phone internet uses a nat based system the hi</title>
	<author>Joe The Dragon</author>
	<datestamp>1263672060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>cell phone internet uses a nat based system the higher priced plan have real ip's. I think that media net is nat based.</p></htmltext>
<tokenext>cell phone internet uses a nat based system the higher priced plan have real ip 's .
I think that media net is nat based .</tokentext>
<sentencetext>cell phone internet uses a nat based system the higher priced plan have real ip's.
I think that media net is nat based.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790916</id>
	<title>Re:Good thing that Gmail is all https now</title>
	<author>Just Brew It!</author>
	<datestamp>1263663120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Seems to me that the only reason https has <b>not</b> become more widespread already is the computational load it places on web servers and browsers, due to the encryption. Given that even mobile devices now have more CPU horsepower than a desktop system from the early days of the Web, it is high time that we move anything that involves even marginally sensitive data to a secure protocol.</htmltext>
<tokenext>Seems to me that the only reason https has not become more widespread already is the computational load it places on web servers and browsers , due to the encryption .
Given that even mobile devices now have more CPU horsepower than a desktop system from the early days of the Web , it is high time that we move anything that involves even marginally sensitive data to a secure protocol .</tokentext>
<sentencetext>Seems to me that the only reason https has not become more widespread already is the computational load it places on web servers and browsers, due to the encryption.
Given that even mobile devices now have more CPU horsepower than a desktop system from the early days of the Web, it is high time that we move anything that involves even marginally sensitive data to a secure protocol.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790426</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790426</id>
	<title>Good thing that Gmail is all https now</title>
	<author>rolfwind</author>
	<datestamp>1263658680000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Probably will take Yahoo only another 15 years to catch up.  Wish all other services with even a small chance of transmitting private data would do the same.  Even if they charged for it (i.e. a premium account).</p></htmltext>
<tokenext>Probably will take Yahoo only another 15 years to catch up .
Wish all other services with even a small chance of transmitting private data would do the same .
Even if they charged for it ( i.e .
a premium account ) .</tokentext>
<sentencetext>Probably will take Yahoo only another 15 years to catch up.
Wish all other services with even a small chance of transmitting private data would do the same.
Even if they charged for it (i.e.
a premium account).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30799810</id>
	<title>He said...</title>
	<author>Anonymous</author>
	<datestamp>1263756060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>"I felt like I had been let down by the phone company and by Facebook," he said.</p></div><p>Thank you for choosing AT&amp;T</p></div>
	</htmltext>
<tokenext>" I felt like I had been let down by the phone company and by Facebook , " he said.Thank you for choosing AT&amp;T</tokentext>
<sentencetext>"I felt like I had been let down by the phone company and by Facebook," he said.Thank you for choosing AT&amp;T
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791082</id>
	<title>What makes this "little known"?</title>
	<author>Jessta</author>
	<datestamp>1263664080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What makes this "little known"?<br>This is the whole reason we have SSL(TLS) and happens all the time, except usually nobody notices.</p></htmltext>
<tokenext>What makes this " little known " ? This is the whole reason we have SSL ( TLS ) and happens all the time , except usually nobody notices .</tokentext>
<sentencetext>What makes this "little known"?This is the whole reason we have SSL(TLS) and happens all the time, except usually nobody notices.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790574</id>
	<title>Caching</title>
	<author>nOw2</author>
	<datestamp>1263659880000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>I can't say for AT&amp;T or Facebook what happened in this case, but I have seen similar things happening with poor-quality web caching proxies.</p><p>I am specifically talking of the horror that is Microsoft's ISA server.</p><p>At a previous job at an office powered by an MSDN subscription, there were cases where users would open websites for the first time and find themselves immediately logged in as someone who had already used and logged into that site on a nearby LAN computer.</p></htmltext>
<tokenext>I ca n't say for AT&amp;T or Facebook what happened in this case , but I have seen similar things happening with poor-quality web caching proxies.I am specifically talking of the horror that is Microsoft 's ISA server.At a previous job at an office powered by an MSDN subscription , there were cases where users would open websites for the first time and find themselves immediately logged in as someone who had already used and logged into that site on a nearby LAN computer .</tokentext>
<sentencetext>I can't say for AT&amp;T or Facebook what happened in this case, but I have seen similar things happening with poor-quality web caching proxies.I am specifically talking of the horror that is Microsoft's ISA server.At a previous job at an office powered by an MSDN subscription, there were cases where users would open websites for the first time and find themselves immediately logged in as someone who had already used and logged into that site on a nearby LAN computer.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790758</id>
	<title>Similar problem on my facebook app</title>
	<author>qwertyatwork</author>
	<datestamp>1263661740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have an iPhone with the facebook app with t-mobile.  After updating to the newest version, I keep getting notifications for other people.  I let facebook know but didn't get a reply.  Is anyone else having this problem?</htmltext>
<tokenext>I have an iPhone with the facebook app with t-mobile .
After updating to the newest version , I keep getting notifications for other people .
I let facebook know but did n't get a reply .
Is anyone else having this problem ?</tokentext>
<sentencetext>I have an iPhone with the facebook app with t-mobile.
After updating to the newest version, I keep getting notifications for other people.
I let facebook know but didn't get a reply.
Is anyone else having this problem?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790734</id>
	<title>Hardly new in end effect...</title>
	<author>Anonymous</author>
	<datestamp>1263661380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>The article says:</p><blockquote><div><p>Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else.</p></div></blockquote><p>But I, as a just random user of some commercial (read: mail-order, telephone company, etc.) websites have several times over the years requested information about my account and orders - and seen instead somebody else's information. In these cases the cause seems to have been non-unique cookies although that is purely a guess, maybe indeed there was some hijacking going on at the network level.</p><p>Some of these websites were supposedly "https" but some inspection of HTML source revealed this was just the frame, the actual information was frequently in non-secure inner frames. Poked around a tiny little bit and found that by altering the URL's in those frames I could see arbitrary customer's account info.</p><p>I didn't have the courage to tell anyone - after all, accessing somebody else's account information is a federal crime.</p></div>
	</htmltext>
<tokenext>The article says : Several security experts said they had not heard of a case like this , in which the wrong person was shown a Web page whose user name and password had been entered by someone else.But I , as a just random user of some commercial ( read : mail-order , telephone company , etc .
) websites have several times over the years requested information about my account and orders - and seen instead somebody else 's information .
In these cases the cause seems to have been non-unique cookies although that is purely a guess , maybe indeed there was some hijacking going on at the network level.Some of these websites were supposedly " https " but some inspection of HTML source revealed this was just the frame , the actual information was frequently in non-secure inner frames .
Poked around a tiny little bit and found that by altering the URL 's in those frames I could see arbitrary customer 's account info.I did n't have the courage to tell anyone - after all , accessing somebody else 's account information is a federal crime .</tokentext>
<sentencetext>The article says:Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else.But I, as a just random user of some commercial (read: mail-order, telephone company, etc.
) websites have several times over the years requested information about my account and orders - and seen instead somebody else's information.
In these cases the cause seems to have been non-unique cookies although that is purely a guess, maybe indeed there was some hijacking going on at the network level.Some of these websites were supposedly "https" but some inspection of HTML source revealed this was just the frame, the actual information was frequently in non-secure inner frames.
Poked around a tiny little bit and found that by altering the URL's in those frames I could see arbitrary customer's account info.I didn't have the courage to tell anyone - after all, accessing somebody else's account information is a federal crime.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790330</id>
	<title>But... what?</title>
	<author>Anonymous</author>
	<datestamp>1263657840000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Facebook login information is stored on the phone, is it not?</p></htmltext>
<tokenext>Facebook login information is stored on the phone , is it not ?</tokentext>
<sentencetext>Facebook login information is stored on the phone, is it not?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790874</id>
	<title>...and AT&amp;T strikes again.</title>
	<author>Just Brew It!</author>
	<datestamp>1263662820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This is sheer incompetence IMO. It is sad to see the organization which originally spawned Bell Labs -- arguably the most important private sector research organization the US has ever seen -- reduced to this. (Not to mention the fact that Lucent, nee Bell Labs, is now but a mere appendage to the French telecom operation Alcatel.)</htmltext>
<tokenext>This is sheer incompetence IMO .
It is sad to see the organization which originally spawned Bell Labs -- arguably the most important private sector research organization the US has ever seen -- reduced to this .
( Not to mention the fact that Lucent , nee Bell Labs , is now but a mere appendage to the French telecom operation Alcatel .
)</tokentext>
<sentencetext>This is sheer incompetence IMO.
It is sad to see the organization which originally spawned Bell Labs -- arguably the most important private sector research organization the US has ever seen -- reduced to this.
(Not to mention the fact that Lucent, nee Bell Labs, is now but a mere appendage to the French telecom operation Alcatel.
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791656</id>
	<title>Security flaws</title>
	<author>Jaktar</author>
	<datestamp>1263668160000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext><p>It turns out that both of these women who use AT&amp;T phones had both heard of Internet Explorer and Firefox.  The nation of Liberia is now warning users who have ever heard of Internet Explorer or Firefox to switch to Liberia's own Liberexplorer for a limited time only.  Supplies are running out fast and there is a strict limit of 2^10000th power per customer.  Just five easy installments of $10.99 and you're in the clear.  Act now!</p></htmltext>
<tokenext>It turns out that both of these women who use AT&amp;T phones had both heard of Internet Explorer and Firefox .
The nation of Liberia is now warning users who have ever heard of Internet Explorer or Firefox to switch to Liberia 's own Liberexplorer for a limited time only .
Supplies are running out fast and there is a strict limit of 2 ^ 10000th power per customer .
Just five easy installments of $ 10.99 and you 're in the clear .
Act now !</tokentext>
<sentencetext>It turns out that both of these women who use AT&amp;T phones had both heard of Internet Explorer and Firefox.
The nation of Liberia is now warning users who have ever heard of Internet Explorer or Firefox to switch to Liberia's own Liberexplorer for a limited time only.
Supplies are running out fast and there is a strict limit of 2^10000th power per customer.
Just five easy installments of $10.99 and you're in the clear.
Act now!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30799842</id>
	<title>Re:Hardly new in end effect...</title>
	<author>jc42</author>
	<datestamp>1263756240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><blockquote><div><p>Several security experts said they had not heard of a case like this,<nobr> <wbr></nobr>...</p></div></blockquote><p>But I, as a just random user of some commercial<nobr> <wbr></nobr>... websites have several times over the years requested information about my account and orders - and seen instead somebody else's information.<nobr> <wbr></nobr>... I didn't have the courage to tell anyone - after all, accessing somebody else's account information is a federal crime.</p></div></blockquote><p>And here we have a nice summary of how the legal (and political) system gets it all wrong.  They often set up laws that punish the victims who report such problems.  The result is that the victims stop reporting problems. The law-enforcement people and the politicians can then say that (reported) violations have decreased, so the laws must be effective.</p><p>It's an old story.  It's especially common in the software business, where people who merely make inquiries about security-related problems are commonly classified as "hackers".  So the people who want to solve the problems learn to keep very quiet.  In forums like this, we see people asking "Why is it all so bad?"  A good part of the answer is that the smart people have decided to not get involved, because they value their own freedom.</p><p>It's also the story behind the frequent attempts to shut down the sites that collect "file sharing" information. You'd think that the copyright owners would welcome such sites, as they help finger the copyright violators.  But instead, they sue the owners of the sites that point to the violators.</p><p>"Punish the messenger" seems to be a natural human reaction to news about things we don't like. And "If we don't know about it, it's not happening."</p></div>
	</htmltext>
<tokenext>Several security experts said they had not heard of a case like this , ...But I , as a just random user of some commercial ... websites have several times over the years requested information about my account and orders - and seen instead somebody else 's information .
... I did n't have the courage to tell anyone - after all , accessing somebody else 's account information is a federal crime.And here we have a nice summary of how the legal ( and political ) system gets it all wrong .
They often set up laws that punish the victims who report such problems .
The result is that the victims stop reporting problems .
The law-enforcement people and the politicians can then say that ( reported ) violations have decreased , so the laws must be effective.It 's an old story .
It 's especially common in the software business , where people who merely make inquiries about security-related problems are commonly classified as " hackers " .
So the people who want to solve the problems learn to keep very quiet .
In forums like this , we see people asking " Why is it all so bad ?
" A good part of the answer is that the smart people have decided to not get involved , because they value their own freedom.It 's also the story behind the frequent attempts to shut down the sites that collect " file sharing " information .
You 'd think that the copyright owners would welcome such sites , as they help finger the copyright violators .
But instead , they sue the owners of the sites that point to the violators .
" Punish the messenger " seems to be a natural human reaction to news about things we do n't like .
And " If we do n't know about it , it 's not happening .
"</tokentext>
<sentencetext>Several security experts said they had not heard of a case like this, ...But I, as a just random user of some commercial ... websites have several times over the years requested information about my account and orders - and seen instead somebody else's information.
... I didn't have the courage to tell anyone - after all, accessing somebody else's account information is a federal crime.And here we have a nice summary of how the legal (and political) system gets it all wrong.
They often set up laws that punish the victims who report such problems.
The result is that the victims stop reporting problems.
The law-enforcement people and the politicians can then say that (reported) violations have decreased, so the laws must be effective.It's an old story.
It's especially common in the software business, where people who merely make inquiries about security-related problems are commonly classified as "hackers".
So the people who want to solve the problems learn to keep very quiet.
In forums like this, we see people asking "Why is it all so bad?
"  A good part of the answer is that the smart people have decided to not get involved, because they value their own freedom.It's also the story behind the frequent attempts to shut down the sites that collect "file sharing" information.
You'd think that the copyright owners would welcome such sites, as they help finger the copyright violators.
But instead, they sue the owners of the sites that point to the violators.
"Punish the messenger" seems to be a natural human reaction to news about things we don't like.
And "If we don't know about it, it's not happening.
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790734</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790938</id>
	<title>Showing, once again</title>
	<author>russotto</author>
	<datestamp>1263663240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>....that if you really need data to be secure, end to end security is the only way to go.  That way, no matter what happens in the network (short of man in the middle attacks by a trusted or very resourceful attacker), either only you get your data, or nobody does.</p><p>Of course I'm here on slashdot via a non-secure connection, but the worst that happens here is someone steals my account to post obnoxious shit.   (and who would notice?)</p></htmltext>
<tokenext>....that if you really need data to be secure , end to end security is the only way to go .
That way , no matter what happens in the network ( short of man in the middle attacks by a trusted or very resourceful attacker ) , either only you get your data , or nobody does.Of course I 'm here on slashdot via a non-secure connection , but the worst that happens here is someone steals my account to post obnoxious shit .
( and who would notice ?
)</tokentext>
<sentencetext>....that if you really need data to be secure, end to end security is the only way to go.
That way, no matter what happens in the network (short of man in the middle attacks by a trusted or very resourceful attacker), either only you get your data, or nobody does.Of course I'm here on slashdot via a non-secure connection, but the worst that happens here is someone steals my account to post obnoxious shit.
(and who would notice?
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30796504</id>
	<title>Telecom Question</title>
	<author>dugrrr</author>
	<datestamp>1263758640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I know that cell calls use (or used to use) a form of security that involved constantly rotating calls from channel to channel (or whatever the terms are).  Does data access work in this way whereas AT&amp;T just handed over an open session (possibly from a dropped 'call')?</htmltext>
<tokenext>I know that cell calls use ( or used to use ) a form of security that involved constantly rotating calls from channel to channel ( or whatever the terms are ) .
Does data access work in this way whereas AT&amp;T just handed over an open session ( possibly from a dropped 'call ' ) ?</tokentext>
<sentencetext>I know that cell calls use (or used to use) a form of security that involved constantly rotating calls from channel to channel (or whatever the terms are).
Does data access work in this way whereas AT&amp;T just handed over an open session (possibly from a dropped 'call')?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790354</id>
	<title>It's not a GLITCH!  It's AUTOMATIC HACKING!</title>
	<author>Anonymous</author>
	<datestamp>1263658020000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>It's a feature, NOT a flaw.</p></htmltext>
<tokenext>It 's a feature , NOT a flaw .</tokentext>
<sentencetext>It's a feature, NOT a flaw.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790676</id>
	<title>Re:How half of all customer support calls begin</title>
	<author>Anonymous</author>
	<datestamp>1263660840000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext>Well, do you have any proof that it's not a magical phone???</htmltext>
<tokenext>Well , do you have any proof that it 's not a magical phone ? ?
?</tokentext>
<sentencetext>Well, do you have any proof that it's not a magical phone??
?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790374</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792146
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792170
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790760
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790508
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790330
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790870
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790568
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790916
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790426
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791960
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790330
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30799842
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790734
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_16_1331239_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792740
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790446
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790652
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790446
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792740
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790450
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790568
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790870
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790374
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790676
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792146
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790574
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30795576
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790874
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790426
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790916
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790606
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790938
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790354
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790330
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790508
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790760
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792170
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30791960
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790406
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30792642
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_16_1331239.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30790734
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_16_1331239.30799842
</commentlist>
</conversation>
