Michael Scheidell
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
Penned by Michael Scheidell on 20080510 9:55.32, we have:
|
|
| > From: <pablo.ximenes@upr.edu>
| > Date: 7 May 2008 20:37:46 -0000
| > To: <bugtraq@securityfocus.com>
> | \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
> |
> | 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
> | http://todd.fries.net/pgp.txt
> |
> | Penned by Michael Scheidell on 20080510 9:55.32, we have:
> | |
> | |
> | | > From: <pablo.ximenes@upr.edu>
> | | > Date: 7 May 2008 20:37:46 -0000
> | | > To: <bugtraq@securityfocus.com>
| \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
|
| 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
| http://todd.fries.net/pgp.txt
|
| Penned by Michael Scheidell on 20080510 9:55.32, we have:
| |
| |
| | > From: <pablo.ximenes@upr.edu>
| | > Date: 7 May 2008 20:37:46 -0000
| | > To: <bugtraq@securityfocus.com>
Maybe someone can check if the mobile operator had recently implemented
something like this?
-----Original Message-----
From: Michael Scheidell [mailto:scheidell@secnap.net]
Sent: Saturday, January 16, 2010 2:39 PM
To: bugtraq@securityfocus.com
Subject: facebook 'routing flaw'?
AP Report says it was a 'routing problem'? any idea what they are
Not a routing issue, more of a proxy issue, and not uncommon in mobile carrier networks. Getting security right in a mobile application is tricky given how carriers manage Internet access. With the growth of smartphones these kinds of issues will become more prevalent until carriers refactor how they manage traffic via their proxy's. I'll also note that while the referenced article suggests the use of SSL, there are issues with support in the mobile environment for SSL in terms of which certificate authorities are pre-installed on phones, whether applications have access to the certificate store on the mobile device (or need an embedded certificate), how certificate chaining and wildcarding is supported, and so on.
*********** REPLY SEPARATOR ***********
On 1/16/2010 at 7:39 AM Michael Scheidell wrote:
>AP Report says it was a 'routing problem'? any idea what they are
>talking about, do THEY know what they are talking about?
>Did AT&T mix up the destination ip addresses? did facebook NOT CHECK IP
>ADDRESS AND COOKIES and disable the session when the ip changed?
Michael Scheidell schrieb:
>
> or have wrong file?
>
> in attempting to upgrade png (due to security problem), we tried to
> pull from sourceforge mirrors.
> (note below, libpng says file size for libpng-1.2.27.tar.bz2 with
> scripts should be 641193) heanet has a bigger file.
> other sourceforge.net mirrors have it right.
>
http://forum.joomla.org/index.php/topic,203000.msg955330.html#msg955330
--
Michael Scheidell, CTO
Join SECNAP at SecureWorld Detroit 8-9
http://www.secnap.com/events for free and discounted seminar tickets
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
headers from unrelated domains sending spam through google mail servers..
They ignore the emails to abuse@google.com)
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
the same time. There seems to be some potential to exploit there.
-Manny
(long time subscriber, but haven't posted since the late 90s)
On 1/16/2010 4:39 AM, Michael Scheidell wrote:
> AP Report says it was a 'routing problem'? any idea what they are
> talking about, do THEY know what they are talking about?
> Did AT&T mix up the destination ip addresses? did facebook NOT CHECK IP
> ADDRESS AND COOKIES and disable the session when the ip changed?
>
fetch:
http://heanet.dl.sourceforge.net/sourceforge/libpng/libpng-1.2.27.tar.bz2:
size mismatch: expected 641193, actual 804821
--
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>
I would much prefer how verizon did it then the bizillion 'lynksys' WEP keys
in the neighborhood.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
Michael Scheidell wrote:
> (note below, libpng says file size for libpng-1.2.27.tar.bz2 with
> scripts should be 641193) heanet has a bigger file.
> other sourceforge.net mirrors have it right.
>
I've pulled the file from the SURFnet and University of Kent mirrors and
the simplesystems.org mirror referenced on the site. All have the same
804821 bytes big file. The tar.gz also doesn't match.
(its a flag in the sysinstall ini files.. its just a flag that needs to
be set)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
Regards
Marshall
On Apr 30, 2008, at 12:23 PM, Rainer Duffner wrote:
> Michael Scheidell schrieb:
>>
>> or have wrong file?
>>
>> in attempting to upgrade png (due to security problem), we tried to
>> pull from sourceforge mirrors.
The glitch — the result of a routing problem at the family's wireless
carrier, AT&T — revealed a little known security flaw with far reaching
implications for everyone on the Internet, not just Facebook users.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
<TABLE BORDER=1><TR><TH><a></TH></TR><TR><TD><a></TD></TR></TABLE>
If you get this (on 5.1, a little different than 5.0) than its patched:
(note the escaped <a>)
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
Let us feel blessed for the impact we made and the relationships created."
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
|
