Some readers in the forum have been experiencing account access issues when using Fasttelco. When you login into a website (FaceBook, Gmail, Forum), it informs you that you have been logged out and then you have access to someone else’s account (and vice versa). There are screenshots in the forum of a user being redirected to several different gmail accounts and even gaining access to post under different user-names.
If you are unable to use another ISP to access your sensitive information, I suggest using a proxy, vpn or anonymizer (such as Tor) to bypass the Fasttelco cache server. For those who already logged into sensitive websites; login using a different ISP (or the methods suggested) and change your password.
This is most likely due to the Fasttelco cache server (which stores information locally to speed/conserve bandwidth) incorrectly passing data. If you are a user of Fasttelco, call up the help desk and demand that the cache server be disabled until they can fix it.
Link to the topics [here] [here] [here]
Thanks 36o!
-Posted by K.
73 replies on “Fasttelco security issues”
That sucks! No wonder I keep getting logged out of iTunes… I have Fasttelco here by force, not choice
(Btw.. I’m no longer with United Networks, left last July)
WTF
As expected from FT
Kems & Qnet > Everything else
yeah .. 1 problem after the other….!
Haha…..so not only are FT about 40% higher than the rest of the market – but they also cut costs by using a Cache Server.
i guess this would be the final straw for FT…. they might as well packup and leave…
KEMS > * > Qnet && UN && FT
Dudu
Port 443 is bypassed by the Cache server.
Use https
zaydoun:
You work for FT now? ๐
crocko rock:
All ISPs use a cache server … It also serves to speed up the internet (when properly configured)
mocman:
Their prices alone should be a reason enough to leave.
jaja:
My Qnet connection is pretty good, and much cheaper than the competition .. So Qnet/Zajil > UN/FT in my book.
Ghoda Gadha:
Thanks for the heads up .. The users are still stuck with servers that don’t have https access (forums)?
Yep, I can confirm that. It happenned to me when using Amazon.com
I kept getting a user called ‘Ibrahim’ whenever I was entering the help of my Amazon account. I had to wait for a few hours before it was OK again. I knew it was a FT problem. I’m waiting for my account to finish and I’m moving to KEMS…
Please don’t suggest using proxies or Tor to access sensitive info!!!!!!
Tor was abused and embassy information was stolen through it. The same goes for proxies. They’re simply someone else’s machine.
By the way, even when an ISP is using a cache or a transparent proxy, it should NOT cache SSL (encrypted) pages. It can’t, simply because the session exists between the user (you) and the server (gmail, for example) and the cache server has nothing to see.
Try accessing GMail using this link: https://mail.google.com instead of using gmail.com — This will work because gmail.com will only use SSL to authenticate then redirect you to your inbox using HTTP, where if you use https://mail.google.com, it will keep the SSL session and log you to your inbox with an encrypted channel.
The same applies for banking sites using SSL.
If you care enough, kindly correct the info in your post. If I’m wrong, correct me, please.
K.. No I don’t work for any ISP now
MBH:
Your correct .. the best solution would ultimately be to switch to another ISP and use https.
However, for the people who don’t have that option, tor/proxy is an alternative method, which i mentioned, than accessing it directly. I am not saying that tor/proxy is the best method (unless you use a private proxy) but its still a better bet than giving people open access (by mistake).
Wonderful. I thought I was going crazy. I kept trying to login to my facebook account and it kept logging me out.
So people have access to other people’s accounts and emails? I’m sure that’s not gonna cause aaaany problems.
In the US, if that ever happened you would get an explanation from the company and an email apology at the very least. I am sure Fastelco will have no comment and will not inform anyone. I would switch but the customer service at qualitynet is very bad or more like nonexistent.
Why is FT so reviled/hated/despised by the local blogosphere?
Ain’t it the only “Kuwaiti only owned” shop in town?
I guess the problem is not with the Cache servers of any of the ISPs.
If that were to be the case, the cache would be retained for other sites too, apart from googlemail.
How about BBC, or CNN ? The sites get updated.
I guess its a bug in the GMail or ISP server getting hacked. Worse can be unleashed upon users, if that happened.
~ Soul
Qualitynet Customer Care > Fasttelco Customer Care
Soul, Caching can be configured to ignore certain sites. they can mention not to touch sites like BBC/CNN , it is just to common that these sites are not to be cached.
Sometimes, when the ISPs are too slow in Kuwait. My Customers are like . Ray, how come our site is down and Sites like CNN and BBC are still working…. ๐
Rayboy, I am not sure about what configuration Mr. Jacob or Mr. Yacoub at Fastelco have set for the Cache server.
Will clarify and let you know.
As far as i know, their cache servers are working fine.
Probably the culprit might be DNS caching.
Many have overloaded OpenDNS after the cable break-down.
202.67.222.222
202.67.220.220
I am still hitting stones in a particular direction.
Hope i will strike soon.
~ Soul
Soul:
Its not just gmail .. facebook, amazon and even Mark’s forum is experiencing the same issues.
And DNS cache just stores the lookup result until the TTL .. it has nothing to do with logins or current information (unless the domain changed).
I agree with you K.
However, have a look at the following link.
https://en.wikipedia.org/wiki/DNS_cache_poisoning
~ Soul
Soul:
DNS-Poisoning is a serious risk and could be a very viable cause of this ..
However, then the users would get access to their own accounts (with the middle-server storing information) or be redirected to a completely different website. It doesn’t make sense to setup a complete DNS exploit only to store one page and show it to all the users.
And it isn’t related to OpenDNS as it has been shown to affect most FT users (I doubt they are all using OpenDNS).
K,
Yeah, OpenDNS can be safely excluded.
It makes sense as some cracker or script kiddie might only be trying to get some information randomly or through planting a trojan or worm.
Its easy to spoof a website or particular webpage/s.
It might explain why logging out happens.
~ Soul
Soul:
DNS cache servers are setup to only trust resolved from specific places (to prevent poisoning) .. I am not saying it isn’t possible, just find it highly improbable.
All signs point to bad configuration on cache server .. the rabbit hole isn’t that deep.
i’ve been a subscriber with fast telco ever since they opened. i even bared with them when they blocked all the website including kuwait university website and caused me to miss my registration time… but yeah, this is the last straw. i’m not going to renew my account. in fact, i’m calling them tomorrow, if there is a way to refund the remaining of my money, i will cut the subscription and go to kems.
The issue seems to be improbable poisoning.
However, we cannot rule out the possibility of bad config of cache server.
Infact, ISPs are quite careful about their configs.
I will get this clarified from Fastelco authorities incharge.
Till then.. I hope its better to keep the FT line down.
~ Soul
I know from 2005 that they have bad Security and Rubbish Service compared to other ISPs in Kuwait.
Not to mention that with them you have to be stuck with one IP address for the rest of your FT life!
Soul, i think in FT , DNS matters are handled by Robert, and like K said, i dont think it has to do with DNS caching, as it wouldnt matter to individual accounts. But we cant say!…
FT had installed a webcache for one of their biggest clients, inside the client’s internal network to speed up browsing. Somehow the cache was hacked. the internal network was viewing some strange photos on certain websites, while the world outside could see a proper site.
We manage to pin point the problem, and FT got the caching deleted and reconfigured. things were normal then.
Is it normal for Major ISPs to use public DNS’s like OpenDNS?.
There are people that are still using Fastshitco? they need to burn down again and this time for good.
Rayboy:
ISPs don’t use openDNS .. I believe rayboy was referring to users using them as their DNS.
Yes K, sorry i miswrote that. yeah i was wondering for the load OpenDNs would have on their servers , from people all over the world…
FT sucks they are the most expensive ISP in the world!
Damn it! There just has to be a glitch waiting to strike, huh?!
You are right Maya.
My log says so.
this is just unacceptable !!!
As for the DNS issue, we at Qnet use BIND 9.4.2 available at:
http://www.isc.org/products/BIND/
and DNS poisoning requires alot more sinister efforts in order to work, and is unlikely in the case you’re witnessing in FT. (to hijack specific logins like in facebook etc).
Usually when you get logged out randomly like was reported its because of one of two issues:
1- The redirection device (in FT’s case its a cisco CSM content switch module) is messed up and not keeping each user to his/her cache consistently, so your browsing session goes to 1 cache then the response comes back to a different one and then your browser gets confused and resets.
2- The caches usually have a configuration option to exclude certain dynamic objects (e.g. .php etc) from being cached, which makes sense because they change for each user and caching it would be useless. Sometimes a mis-configuration in there can create weird problems like what you’re seeing, but usually it shouldn’t.
I don’t know, I’m just guessing, is the problem still going on? we at Qnet would be glad to help. we all have caches, but we do our best to make them as harmless as possible. (they do save 30% of the bandwidth, when the caches go down, everyone gets congested)
Ummm, DNS poisoning has no relation to HTML content. If a DNS server is poisoned, it will only point you to the wrong server, not give you other people’s content.
FT subscribers will be affected only when logged in to session-based sites, that don’t use encryption (SSL), like Hotmail.
But such websites use cookies, this is why when you get someone else’s inbox/page, as soon as you click anywhere, you get signed off. Because the cookie set by the site is yours but the data sent by the FT proxy isn’t!
When I first heard about this, I archived all emails in my GMail inbox, so that the identity of my contacts remain private. Then I found out it was FT exclusive (I’m a QualityNet subscriber).
mishari26,
Cachig is great, when done properly. Unfortunately, the current web uses .PHP, .ASP, .ASPX for static content, rather than using .HTML, so not all content that should be cached is cached!
Wanna-be web designers should be slapped for that! ๐
mishari26:
Soul is confident that it is a DNS-poisoning attack https://248am.com/forum/viewtopic.php?t=4738 .. and that BIND9 is susceptible to exploits.
My money is still on a busted cache server storing dynamic content ..
MBH:
True .. but the majority of big websites that do use dynamic content are non-static. Its just safer to set it to non-cache then to end up with a mess like FT.
Mishari,
PHP is a scripting language.
Even CISCO CSM has transparent caching over WCCP.
Dynamic pages are retrieved directly from the server and NOT from the cache. It cannot be that way. Cisco guys are not lame-ar$es you see.
So, even if a wanna-be web-designer or developer is making pages dynamic, doesnt deserve a slap ! WTF !
Logging out is an anomaly, which is mostly suspected to be automated worm, trojan or spoofing.
K, how much money are you putting on the table ๐
~ Soul
so… can i log in now to my accounts using FT or not yet..??
I think its ok now, I logged in to amazon and gmail with no problems
can i have a confirmation from you K.?
steve_leb:
After a security risk like this .. I would probably switch to another ISP. If you are going to access sensitive information, use https (instead of https://).
I already use Wnet home.. but as for where i work.. well i cant force them to change FT now can i.. thanks for the tip man..
Did anyone face any issues while accessing a banking portal?
Conclusion: FT = F**king Terrible?
My company is evaluating their WiMAX service as a redundant link, or a load-balancing scheme, because we can’t tolerate any downtime., especially if our H.O.’s link failed. (Fiber, but it got cut off 5 times last year and fixing it took a lot of time due to delays from the MOC).
I guess I’ll recommend taking their WiMAX as data only and bounce Internet traffic off our existing QualityNet link.
I don’t know why a lot of you are complaining about FT rates and services..Blackberry the biggest mobile business network in the world had 2 blackouts recently, and the White House still uses Blackberry and did not stop because of those two outages..this outage costed business a lot of money.
So i think you guys should take it easy if you couldn’t login to your Face book account..or what i personally think the CIA Book account.
Thats technology..it has its f***ups
Ziza,
Having a blackout is one thing, and your personal information exposed to strangers, another.
FT had an outage a couple of years back when a fire started in their room in the Communications Tower. Some people complained but FT recovered quickly and did a good job back then.
It’s their tests & experiments that they conduct on subscribers that are outrageous.
MBH:
Our Zajil-Fiber link has been very reliable for the past two years, we also use Qnet and Arab Telecom data-links for redundancy. IMO, WiMax is still to fresh to use in a critical connection; especially with the ISPs using the clients as guinea pigs.
Ziza:
We are complaining about FT rates because they are double the markets .. and their services have proven to be subpar. The main issue wasn’t facebook but accessing Bank Accounts and E-mail which isn’t something that should be taken lightly.
I had enough of FT’s problems, the same IP it provides for everyone, somewhat slow speeds, and high prices.
I feel like switching to KEMS before the subscription expires. Is it possible?
Safat does not show the last 2-4 posts from here, thing its jinxed again.
K.theKuwaiti: I got access to someone’s BBK bank account, and another access to someone KFH stock trading page! That is beside the email thingy where the usernames and passwords were clearly shown on the review threads that gmail has!
~36o
Is this thing fixed as of today?
I want to know if its fixed also. At work I have FT and I didn’t log in to my blog all day because I didn’t want some other FT user somewhere in Kuwait logging in with my account.
I talked personally to the authorities there and they verified that the CACHE SERVER IS EMPTIED DAILY.
So, it isnt cache problem.
Wake up brothers !
Regards,
~ Soul
Soul:
Tell us .. who is really behind 9/11? And where is Bin Laden?
I never knew net companies had “authorities” .
K, I guess its G.W.Bush.
This is my best personal guess after seeing all those videos which popped up.
No idea about Bin Laden.
However, sarcasm doesn’t serve a purpose here.
I am honestly trying.
~ Soul
Purgatory,
You got your bone now. Bite my arse !
~ Soul
I cannรณt get to it with all this DNS and Cache Mumbo Jumbo going around, but thanks for the offer.
All the above is very educational!!!
Thank you all / Tahiyyati
Mark,
Keep on posting about FT and soon u won’t have a blog to login to ๐
K.theKuwaiti,
The thing about Arab Telecom & fiber-based links, is that they’re all using the MOC’s infrastructure and whatever happens to your links at the MOC end, you become under its mercy.
Let’s say that Shuwaikh hub (SKB) had some temporal damage, or an electricity outage (and I feel we’ll have a lot of that fun during summer), all our links will be dead, because the equipment is on the MOC’s grounds.
So far, the only company that doesn’t use the MOC’s end is FT, with its WiMAX infrastructure. FT is rented fiber pairs only to connect between different locations, they don’t rent space to house the equipment at the MOC.
I heard rumors that QualityNet is trying to get license for WiMAX, but I donno whether they’ll be using MOC or have their own thing.
Soul,
Assuming your sources are legitimate, so for a whole day, every FT subscriber can enjoy the exotic experience of venturing into other people’s accounts, and if not exotic enough, even expose their own!!!
I’m getting such an urge to get an FT account and loot all that money sitting there…
By the way, this begs the question: BBK & KFH don’t use SSL in all their pages????!!!!!
I emailed Arab Times newspaper and pointed at the issue. MAYBE that will force FT to fix the problem.
MBH,
FT is renting space at each MOC exhange and at each HUB/POP, SKB, MSF and TEC, each exchange is connected to its repected POP, for example Hawally is connected to TEC, Ahmadi is connected to MSF and so on, and i think its the same for every ISP or how else would they have connectivity to their dslams and other equipment in each exchange, I would think that The Wimax backbone is only used for the wimax connections because Fiber cables are way more dependable than any wireless solution. As for the problem with the cache, I have an FT and I have tried logging into gmail and amazon and had no problems, I dont have an KFH or BBK account so I cant confirm if there are any issues or not.
Soul, just wondering are you refering to Burgan Bank or Boubyan Bank?
MX5,
As far as I know, all ISPs rent a space from the MOC and put their equipment there. This however does not apply to FT’s WiMAX, as they only rent the fiber cables from the MOC, and keep the equipment at their own locations.
This information was given by QualityNet & FT project managers.
Maybe they fixed the problem by now… maybe.
I would imagine that thier Wimax Base Station Unit (BSU) would be connected to one of the POPs or even any of the exchanges, depending on which area in Kuwait that they are covering. This way the BSU would have direct connectivity to their core devices via Fiber cables.
anyway just speculating, thanks for the info.
FT ? and WIMAX? .. just becoz they use the term WIMAX? that doesnt mean they are using the real WIMAX technology. They still following the same concept like arabtelecom, except on a different frequency.
Rayboy,
Different frequency = WiMAX.
What ArabTelecom uses is the standard 2.4GHz frequency.
Both use point-to-point antennas; that doesn’t make it the same technology.
And yes, they did implement the actual WiMAX.
Hi all – I’ve been following this story for itp.net IT news –
I’ve got a statement on the problem from Google, (no luck with FASTtelco though), although Google claim that users couldn’t access other people’s accounts, just a summary page – wondered what people thought of that?
more here: https://www.itp.net/news/512232
be interested to know if the problems with other sites are still ongoing as well
rgds,
MS
Hai IT Guys,
The Implementing of WiMAX Basestation and Antenna in Some Areas of Kuwait is Still Under Testing by Arabtelecom(Mada Communication).
There will be No use to the Users of ARABTELECOM(MADA COMMUNICATION)
If You ask their Helpdesk Center 1822888 (or) Office 1801888 they con’t answer. They don’t have the answer even the Intellgent Engineers of Arabtelecom.
The customer’s will face the Problems as the same like before.
Because they are still in some Dought’s about the Implementations & Oprerations of WiMAX Basestations.
They cannot solve your Problems immediately.
The customer’s Will face the same Problems creating by Arabtelecom Current Wireless Broad Band Basestations and Antenna’s.