AT&T, like any other large company, has had it’s share of bad news. Things like delayed support of MMS on the iPhone and complicity in warrantless wiretapping caused a stir, but nothing like the week the telecom giant has had so far this week.
On Sunday, AT&T began blocking traffic for img.4chan.org one of the most influential DNS entries in all Internetdom. If you’re not familiar with 4chat, that’s a good thing. Just know that’s where things like LOLcats and federal charges come from. The best and worst the Internet has to offer. Although some might not admit it, everyone who maintains an Internet presence lives in fear of angering 4chan and the Anonymous legion. Apparently, someone at AT&T forgot their fears. Wired later reported that AT&T was actually responding to a DDoS attack from 4chan, that was in turn a response to a DDoS from an unknown source. Will this fact stop the b-tards from seeking revenge?
Perhaps they won’t need to. Someone at AT&T seems intent on doing that to themselves. Some poorly coded PHP exposed the files on www.research.att.com to the public on Monday. Not just the files they wanted you to see, but things like /etc/passwd, the /proc filesystem, and so on. While is it doesn’t appear that any sensitive customer or corporate data has been exposed, it certainly has given a potential attacker a lot more information than a normal web server should expose. It is a very basic, simple mistake with broad consequences.
As of Monday evening, the ban hammer had been lifted from 4chan, and the www.research.att.com web server was blocking external traffic, presumably to guard against further exposure until they fix…the glitch. The end result of this appears to be mostly bad karma on the Internet with little in the way of actual damange, but AT&T has had a rough week. In fact, word Tuesday is that the removal of Google Voice-enabled apps from the iTunes app store is AT&T’s fault. Can anything go right for them?