[54971] in North American Network Operators' Group
Security Flaw Exposes 35 Million AOL Accounts
daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Jan 22 18:01:48 2003
Date: Wed, 22 Jan 2003 18:00:35 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Stones and glass houses. Not to throw stones, but to learn how to build
better glass houses. California's SB 1386 doesn't become effective until
July 1, 2003.
http://www.betanews.com/article.php3?sid=1043252353
Security Flaw Exposes 35 Million AOL Accounts
By Nate Mook and Craig Newell, BetaNews
January 22nd, 2003, 11:19 AM
The accounts of millions of AOL subscribers were jeopardized this week due
to a serious flaw in the company's Web-based mail system, BetaNews has
learned.
The vulnerability stems from an error in one of AOL's international e-mail
authentication systems, which granted users access without correctly
verifying passwords. By simply entering an account name, an AOL user had
the ability to read any other user's e-mail and all personal data
contained therein.
