I've heard about problems with people occasionally logging into someone else's account through some Yuku glitch, but I thought this was resolved.
Apparently not, as someone on my board has just reported that when he logged into his Yuku account, someone else's came up and he had access to the
person's mail!!!
2 Kudos
Security Breach: Someone logged into another person's account
| Author | Comment | |||
|---|---|---|---|---|
 Latarnia |
Security Breach: Someone logged into another person's account |
Lead | ||
|
Posts: 50 11-May-08 5:37 PM |
|
|||
|
|
||||
|
Jibril Ammon |
#1 | |||
|
Posts: 2498 11-May-08 6:34 PM munificent member
|
Most of the time when that is happening it's because the ISP of the member uses caching servers... basically, they cache Yuku and the next user that
accesses the page appears logged in as that user.
AOL is the most notorious at that, they seem to cache a lot. |
|||
|
|
||||
|
reph |
#2 | |||
|
Posts: 708 11-May-08 6:53 PM |
Latarnia, if you can provide details in the "Serious Problem" thread at the bug forum, it may help get to the bottom of why these mistaken log-ins
happen. The member's screen name, the other screen name, the ISP that the member was using at the time--I don't know what else.
AOL has so many subscribers that it's often involved in these mixups, but sometimes the ISP is a different one. |
|||
|
|
||||
|
Latarnia |
#3 | |||
|
Posts: 50 11-May-08 6:53 PM |
They cache Yuku and can read private messages!?!?!?
|
|||
|
|
||||
|
Jibril Ammon |
#4 | |||
|
Posts: 2498 11-May-08 7:08 PM munificent member
|
Caching is common especially with dial ups. Is it a good idea? Not really on things you have to sign in for. Makes me worry... and glad I don't use an ISP
that caches.
|
|||
|
|
||||
|
lasher |
#5 | |||
|
Posts: 967 11-May-08 8:02 PM Check please!
|
these caching isp's must have servers with some serious ram,,,really serious, more serious than any i've ever heard of. 16 gb of ram is the largest
i've ever had any doings with. an isp with thousands of users,,,,caching in ram...i really find that difficult to digest.
caching has become the explanation for all the woes we experience. caching is "dirty data", i.e. data that hasn't been written to disk data base from memory yet. caching on local user level is more than that, because browsers will cache pages in virtual memory to speed up browsing,,,but the browser only "caches' your data,,,not someone elses data. this problem rests squarely on yuku's doorstep,,your isp doesn't know yuku, barely knows you, certainly doesn't know joe blow....it's just the gateway to yuku |
|||
|
|
||||
|
Pantalaimon1 |
#6 | |||
|
Posts: 152 12-May-08 11:56 AM |
You can avoid the problem of someone logging into another person's account by clearing your bookmarks + cookies if using Firefox. Go to Tools, then
"Clear Private Data" and check the boxes to include "Cookies". The same applies to IE. Go to Tools etc after each session on Yuku. Then
when the next person logs in there's no problem.
I share the same comp with my family. After each session of Firefox we always clear our bookmarks. Lyra |
|||
|
|
||||
|
Kristin |
#7 | |||
|
ADMINISTRATOR
Posts: 2124 12-May-08 12:28 PM |
Here's more background information on the problem with AOL and caching: http://ilia.ws/archives/59-AOL-Browser-Woes.html
This was a suggestion from a person commenting on the above article that may help:
|
|||
|
|
||||
|
lasher |
#8 | |||
|
Posts: 967 12-May-08 12:42 PM Check please!
|
exactly, the browser is caching. always have the browser check for newer pages, and to clear cache and temp files when you close it. simple tick boxes. but
that still does not explain how a user logs in with their name and password, and is directed to another users profile.
|
|||
|
|
||||
|
trofeo50 |
#9 | |||
|
Posts: 287 12-May-08 1:24 PM |
agreed... would have to be someone with access to that particular browser on that particular pc
|
|||
|
|
||||
|
Bad to the Bone Bob |
#10 | |||
|
Posts: 348 12-May-08 1:41 PM |
its a redirect issue on Ykuu's end not cache
brkl |
|||
|
|
||||
|
alison |
#11 | |||
|
ADMINISTRATOR
Posts: 9023 12-May-08 2:21 PM pink goddess |
server caching has nothing to do with a users computer or browser, it's caching done by an ISP on their own servers, for high traffic sites to speed up
loading and ease bandwidth for the ISP.
|
|||
|
|
||||
|
lasher |
#12 | |||
|
Posts: 967 12-May-08 2:39 PM Check please!
|
ebay,,,a very high usage site, has never once logged me into someone else's account when i log on with my password and id. i don't think yuku comes
anywhere near ebays bandwidth usage and hits on isp's ... in more than 10 years ebay has always logged me into my account. i can also say that yuku has
never logged me into someone else's account, but obviously some users are experiencing just that.
so in essence what you're saying is,,,i'm at yuku log in page (isp has already directed me there), i type in my id and password, but somehow my isp now decides to throw up a cached page that belongs to someone else? i just can't buy into that scenario, if it were a cached page from the isp how does my id and password become entangled with a cached page? or are you saying the log on page is the cached page and it completely ignores what i type in and decides that it's cached page (with someone else's id and password) trumps new input? |
|||
|
|
||||
|
Bad to the Bone Bob |
#13 | |||
|
Posts: 348 12-May-08 3:37 PM |
The people getting logged into other peoples accounts is a Yuku problem.
plain and simple deal with it, fix it and move on pointing fingers or making up excuses doesn't cut it. Who's head is going to be on the block when when one of the redircted accounts deletes a board? |
|||
|
|
||||
|
Boudica21 |
#14 | |||
|
Posts: 113 12-May-08 4:08 PM |
Bob are you suggesting a redirected account user from another part of the country (or another country) could accidentally log into a board owner's account
and delete their board?
If so, this is worrying. |
|||
|
|
||||
|
Kristin |
#15 | |||
|
ADMINISTRATOR
Posts: 2124 12-May-08 5:15 PM |
The developers are continuing to work on this problem from our end but there's no quick fix solution. It's impossible for us to reproduce which makes
testing solutions very difficult. All we can do is try various solutions and then monitor whether users are still reporting any new cases. So far it seems it
now happens very rarely and only to AOL users (or primarily to AOL users).
We are trying a new fix to try to prevent the caching that we just pushed today in fact. (Pushed just before I posted this.) |
|||
|
|
||||
|
lasher |
#16 | |||
|
Posts: 967 12-May-08 6:04 PM Check please!
|
and it seems to happen after a migration...
|
|||
|
|
||||
|
reph |
#17 | |||
|
Posts: 708 12-May-08 9:41 PM |
Kristin posted: The developers are continuing to work on this problem .... It's impossible for us to reproduce which makes testing solutions very
difficult.
What happens if you open yuku accounts on the ISPs where it happens, wiggling all the possible variables--various browsers, local accounts with similar screen names at different boards, global versus local accounts, and whatever else--and log in and out repeatedly, perhaps coordinating with another person and timing your logins close together? When a member at our board got the wrong account, she first saw several screen names go by that resembled hers, as reported in the "Serious problem" thread at bugbase. That must mean something about the cause. |
|||
|
|
||||
|
Boudica21 |
#18 | |||
|
Posts: 113 12-May-08 11:42 PM |
I reiterate that I find it deeply worrying someone outside my board could switch accidentally into my account and delete
my board. Even a remote million-to-one chance, AOL or notherwise.
Boo |
|||
|
|
||||
|
alison |
#19 | |||
|
ADMINISTRATOR
Posts: 9023 13-May-08 1:30 AM pink goddess |
ebay,,,a very high usage site, has never once logged me into someone else's account when i log on with my password and id. i don't think yuku comes anywhere near ebays bandwidth usage and hits on isp's ... in more than 10 years ebay has always logged me into my account. i can also say that yuku has never logged me into someone else's account, but obviously some users are experiencing just that. Sites are put on a caching server not purely becuase they are high traffic, but also because the ISP thinks that they will save their customers loading time. Ebay would NOT be on a caching server because the ISP knows what ebay is. They know that almost all pages that are being requested are unique to the customer, and that the same problem that we are having now might happen on ebay if they saved cached pages. We need AOL - and other ISPs - to recognise yuku as a site that should NOT be cached. We have information in our headers that SHOULD do that according to their own rules, but apparently doesn't. The team are still looking into the problem. But as you can see, the problem is not soley in our camp. |
|||
|
|
||||
|
lasher |
#20 | |||
|
Posts: 967 13-May-08 4:59 AM Check please!
|
there is one constant throughout the network model...each layer is about authentication
and the other constant i found in many years of working with code writers,,but i'll save that for another day |
|||
|
|
||||
Add Reply
- Announcements
- Lobby: newcomers, introductions, general chat
- Report A Bug
- Documented Bugs
- Resolved
- Yuku FAQs
- Accounts/Profiles
- Getting started
- Transferring Accounts from ezboard
- Navigation Bar & Menu
- Managing Accounts
- Profiles - Creation and Management
- Interacting With Profiles
- Private Messages
- Dashboard (Account history)
- Image & Videos
- Blogs
- General
- Communities
- Introduction
- Setting up
- Administration - Admin control panel
- Administration - Member Management
- Administration - Community Settings
- Administration - Forums & Chat
- Administration - Design/Look & Feel (Message Board Customization)
- Administration - Log & Stats
- Administration - Calendar
- Using message boards
- Moderation
- Chat
- General
- Submit a Help Article
