Dan Kaminsky, the security researcher who found a major flaw in the domain name system in 2008 and recently founded a new company devoted to securing Web applications, says that a rickety session management system combined with a record number of users led to the tangled logins.
FORBES: AT&T's iPhone Preorder Security Mayhem Likely Caused By 'Session Exhaustion'