Do I need to be concerned about my computer security?
January 31, 2011 11:41 PM Subscribe
Today I clicked on the Chapters website's "My Account" link, which usually 'remembers' who I am and shows my email address, asking only for my password. Today, however, it showed a stranger's email address and name. Do I need to be concerned?
I haven't put much thought into how websites 'recognize' me, but I assume that they are able to identify something that is specific to my computer or IP address (?). The thing is, I've never been misidentified before. Today, the website had automatically filled in something like "daisy_adair9999@hotmail.com" (not my email address or name), and below the login was "Not Daisy Adair? Click here". Should I be concerned that someone has used my computer or wireless account? Is there something I can do to make sure my system is secure? (Please forgive my computer illiteracy.)
I haven't put much thought into how websites 'recognize' me, but I assume that they are able to identify something that is specific to my computer or IP address (?). The thing is, I've never been misidentified before. Today, the website had automatically filled in something like "daisy_adair9999@hotmail.com" (not my email address or name), and below the login was "Not Daisy Adair? Click here". Should I be concerned that someone has used my computer or wireless account? Is there something I can do to make sure my system is secure? (Please forgive my computer illiteracy.)
The other question is: Are you behind a proxy server? That is, using a computer inside an institution like a workplace?
posted by vacapinta at 12:11 AM on February 1, 2011
posted by vacapinta at 12:11 AM on February 1, 2011
I've had the same type of thing happen for several sites (including metafilter.com) when I'd access from my work PC which used a proxy/accelerator server. The proxy caches the homepage to "accelerate" things. But it is showing cached page it had for the other person. In 100% of the cases I've encountered, I've seen the page switch to the right person (me) if I clicked on something because it isn't a cached page when it dynamically sends a page to you. Plus, ecommerce sites will undoubtably ask you for your account name and password to buy something or check your account.
A proxy/acceleration server is pretty common in businesses, but they also aren't uncommon in residential ISPs. There is probably nothing to worry about. However, if it makes you feel better, should go to the site (by typing in the url directly) and change your password.
posted by birdherder at 12:23 AM on February 1, 2011
A proxy/acceleration server is pretty common in businesses, but they also aren't uncommon in residential ISPs. There is probably nothing to worry about. However, if it makes you feel better, should go to the site (by typing in the url directly) and change your password.
posted by birdherder at 12:23 AM on February 1, 2011
The simplest explanation is that someone else used your computer. Where is the computer, at home or work? Do you have any family members or friends that have visited recently (or work colleagues if at work) who might have used your computer?
If someone else sat down at your computer and logged in to the Chapter website with their own account it's not really something to worry about. In a lot of contexts it's a fairly normal thing to sit down at a friend's computer when you're at their house and quickly check your email or Facebook or whatever, so it might be that a visitor did this and it didn't occur to you that that's a thing that people would do.
On the other hand, if you're positive that no-one else has used your computer the explanation would be more complicated (e.g. above answers).
posted by EndsOfInvention at 3:40 AM on February 1, 2011 [1 favorite]
If someone else sat down at your computer and logged in to the Chapter website with their own account it's not really something to worry about. In a lot of contexts it's a fairly normal thing to sit down at a friend's computer when you're at their house and quickly check your email or Facebook or whatever, so it might be that a visitor did this and it didn't occur to you that that's a thing that people would do.
On the other hand, if you're positive that no-one else has used your computer the explanation would be more complicated (e.g. above answers).
posted by EndsOfInvention at 3:40 AM on February 1, 2011 [1 favorite]
It's not uncommon to be given someone else's credentials from a misconfigured caching proxy server (see here, here & here (hey! I know that place :)). It's very unlikely that someone broke into your computer & used their Chapters account, but it's possible they used your WiFi & the credentials got cached locally. But it's most likely just another user of your ISP whose login session you got handed by mistake.
Either way there's not much you can do because the process is entirely transparent to you. There's no option you can choose in your browser or OS that says "don't let an upstream proxy hand me cached login credentials from some other user". You might want to make a complaint to your ISP but beyond that really all you can do is keep an eye out for accidentally logging in as other users.
posted by scalefree at 7:17 AM on February 1, 2011
Either way there's not much you can do because the process is entirely transparent to you. There's no option you can choose in your browser or OS that says "don't let an upstream proxy hand me cached login credentials from some other user". You might want to make a complaint to your ISP but beyond that really all you can do is keep an eye out for accidentally logging in as other users.
posted by scalefree at 7:17 AM on February 1, 2011
Response by poster: Thanks for all your help so far. I'm pretty sure that no one has used my computer. (That would involve someone breaking in to my apartment.) I'm also the only person who uses this wifi, and I'm not on a network. So does that mean that someone has managed to gain access to my wifi?
posted by smilingtiger at 8:03 AM on February 1, 2011
posted by smilingtiger at 8:03 AM on February 1, 2011
Best answer: Probably not. It's probably just another user of your ISP who's been assigned the same caching proxy as you.
Caching proxies are servers that store web pages in a cache or pool that gets shared among its users to save on bandwidth. When the first user to visit a page actually goes to the page & pulls down a copy from it, a second copy is made into the cache. If that user (or another one) visits the same page, they get handed the copy from the cache instead. If nobody requests that page within a time limit, the cached copy gets deleted. What probably happened is you just got handed a cached copy of the Chapters login page that included someone else's login credentials. It's supposed to filter out things like that but misconfigurations happen & stuff slips through.
What you can do is send a complaint to your ISP, letting them know their caching proxy is misconfigured & you're getting somebody else's session information mixed into your requests. If you do, include the site you were visiting, your IP & the time it happened so they can trace it in their logs.
posted by scalefree at 8:18 AM on February 1, 2011
Caching proxies are servers that store web pages in a cache or pool that gets shared among its users to save on bandwidth. When the first user to visit a page actually goes to the page & pulls down a copy from it, a second copy is made into the cache. If that user (or another one) visits the same page, they get handed the copy from the cache instead. If nobody requests that page within a time limit, the cached copy gets deleted. What probably happened is you just got handed a cached copy of the Chapters login page that included someone else's login credentials. It's supposed to filter out things like that but misconfigurations happen & stuff slips through.
What you can do is send a complaint to your ISP, letting them know their caching proxy is misconfigured & you're getting somebody else's session information mixed into your requests. If you do, include the site you were visiting, your IP & the time it happened so they can trace it in their logs.
posted by scalefree at 8:18 AM on February 1, 2011
Best answer: It is also possible that the website uses your IP address as its "remember me" credential. If your ISP changed your IP address and the you got the IP that the old user had, it would make sense.
posted by gjc at 8:42 AM on February 1, 2011
posted by gjc at 8:42 AM on February 1, 2011
Best answer: @gjc - that wouldn't explain how the information was showing up in smilingtiger's browser. If that's how the website remembers you (seems grossly insecure, btw), that's one thing, but the cookie on smilingtiger's browser wouldn't have someone else's information stored in it.
It doesn't (necessarily) mean that someone has accessed your wifi, smilingtiger.
posted by getawaysticks at 9:52 AM on February 1, 2011
It doesn't (necessarily) mean that someone has accessed your wifi, smilingtiger.
posted by getawaysticks at 9:52 AM on February 1, 2011
Oh if you do file a complaint be sure to also include the email address that showed up on your screen. It's uncertain whether they'll actually do anything about it but chances go up the more details you give them that they can track.
posted by scalefree at 10:40 AM on February 1, 2011
posted by scalefree at 10:40 AM on February 1, 2011
This thread is closed to new comments.
posted by Sys Rq at 12:08 AM on February 1, 2011