the url or via a redirect to a uniquely generated page name which in
turn set the cookie depending on the variables passed in a URL or other
cached content, and two users browsed the page content in relatively
short periods of time, the session cookie issued would be identical.
Meaning the second person to browse facebook would be logged in as the
first person who had already authenticated themselves.
Maybe someone can check if the mobile operator had recently implemented
something like this?
-----Original Message-----
http://technicalinfodotnet.blogspot.com/2009/04/who-cloned-web-site-heres-ho
w-to-tell.html
Hope the paper proves insightful for some of you having to advise your
customers directly. I'll offer a beer at BlackHat Las Vegas this year to the
first person to name 3 large international banks that already use this
tracing process, and the algorithm they went with :-)
Cheers,
Gunter Ollmann
===============
From Wikipedia:
"America's Army (also known as AA or Army Game Project) is a tactical
multiplayer first-person shooter owned by the United States Government
and released as a global public relations initiative to help with U.S.
Army recruitment."
#######################################################################
