Facebook profile access 'leaked' claims Symantec

Access to hundreds of thousands of Facebook accounts may have accidentally been leaked because of a flaw in some applications.

Security firm Symantec discovered that programs were inadvertently sharing access tokens which could be used by advertisers.

It estimates that, as of last month, 100,000 applications were still enabling leaks.

Facebook said that it was improving authentication methods.

"We have been working with Symantec to identity issues in our authentication flow to ensure that they are more secure," Facebook's Naitik Shah wrote in a blog post on Tuesday.
Spare keys

In his report, Symantec's Nishant Doshi explained how access tokens act "like spare keys" to a Facebook user's account.

These keys were typically given out, with the user's permission, to help applications on the Facebook platform function.

With the keys, applications could access a user's profile and photographs, as well as posting messages on their wall.

However, the newly-discovered weakness in the old authentication method would allow spare keys to be passed to further third-parties - likely to include advertisers - through referral data.


"The Facebook application is now in a position to inadvertently leak the access tokens to third parties potentially on purpose and unfortunately very commonly by accident," explained Mr Doshi.

"We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties."

But he downplayed the risk, adding: "Fortunately, these third-parties may not have realised their ability to access this information."

Facebook's director of developer relations Kevin Purdy disputed the findings.

In a statement, he said: "We've conducted a thorough investigation which revealed no evidence of this issue resulting in a user's private information being shared with unauthorised third parties."

"In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from obtaining or sharing user information in a way that violates our policies."
Less secure

By default, new applications on Facebook are required to authenticate using OAuth 2.0, a shared open standard co-authored by several sites including Google and Twitter.

While older applications are encouraged to change to the new system, it is not yet compulsory.

Facebook is now working with third-party developers help migrate them to the OAuth 2.0 system.

"Because of the number of apps using our legacy auth system, we need to be thoughtful about this transition," wrote Facebook's Naitik Shah wrote.

Paul Mutton, a security analyst at Netcraft, said that while the vulnerability could potentially be used for malicious purposes, no secure data such as passwords has been taken.

"Potentially someone else could post stuff to your stream or to your friends' streams - making you like things that you perhaps wouldn't have liked," he said.

Makers of Facebook applications have been given until 1 September by Facebook to make sure their application uses the OAuth 2.0 system.

"For some applications to continue working, the makers will have to make changes. It's about giving the developers time," added Mr Mutton.

"It shouldn't take too long to make the change. But in the cases of more commercial apps, it's going to be more convoluted."

Symantec has advised users to change their passwords if they are concerned about unauthorised third-party access to their profile.

READ MORE - Facebook profile access 'leaked' claims Symantec

Sony to restart its PlayStation Network by end of May

Sony is planning to restore its online PlayStation Network (PSN) in full by the end of May.

The company shut its online video game network on 20 April, after discovering a major security breach.

Spokesman Satoshi Fukuoka admitted the company had missed a self-imposed deadline of restarting a partial service by the weekend.

He said Sony continues to investigate the case, after personal details from 100 million accounts were compromised.

The company had originally hoped to restart some of the services on the PSN last week.

However, it then emerged that another large network - Sony Online Entertainment (SOE) - had also been compromised, potentially putting a further 25 million accounts at risk.

This is in addition to the 77 million accounts hacked on the PSN.

The discovery was a major set-back in the company's attempts to get the networks up and running again.

"We were unaware of the extent of the attack on Sony Online Entertainment servers," Sony's Head of Communications Nick Caplin wrote in a blog post.

"We are taking this opportunity to conduct further testing of the incredibly complex system."
'Frustrated and upset'

The extended downtime is causing headaches for businesses which rely on the PSN as a key distributor of their content.

Christian Svensson, Senior Vice-President of Capcom, shared his irritation with users on the Capcom-Unity forum.

"I'm frustrated and upset by it for a number of reasons," he wrote.

"As an executive responsible for running a business, the resulting outage [is] obviously costing us hundreds of thousands, if not millions of dollars in revenue that were planned for within our budget.

"These are funds we rely on to bring new games to market for our fans."

He said the knock-on effect of the hack makes it "impossible to be sympathetic to their 'cause'".
War of words

The latest announcement comes after a war of words with hacker group Anonymous over who is responsible for the attack.

The collective has suffered its own hacking issues after one disgruntled user known as "Ryan" apparently attacked the Internet Relay Chat channel used by the group to co-ordinate its activities.

A list of usernames and corresponding IP addresses has been published by "Ryan" on the AnonOps site.

In a letter to the US Congress last week, Sony accused "leaderless" Anonymous of orchestrating a distributed denial-of-service (DDoS) attack at the same time the data theft occured.

Sony claimed a file planted on the network bore the trademark Anonymous "We are legion" slogan.

The group retalliated, describing Sony as "incompetent".

"Whoever broke into Sony's servers to steal the credit card info and left a document blaming Anonymous clearly wanted Anonymous to be blamed for the most significant digital theft in history," the statement read.

Last month, US lawyers filed a lawsuit against Sony for negligent protection of personal data and failure to inform players in a timely fashion that their credit card information may have been stolen.

Mr Fukuoka declined to comment on the lawsuit.

READ MORE - Sony to restart its PlayStation Network by end of May

100,000 net champions recruited

More than 100,000 volunteers have promised to help a campaign to get more people on the internet.

Government digital champion Martha Lane Fox hopes they will "engage people with the joys of being on the internet".

It is part of the Race Online 2012 campaign which is trying to get millions more people using computers by the end of next year - 9m people in the UK have never used the internet.

A range of cheap computers is being made available to further entice them.

The low price recycled PCs will be available from Microsoft, among others, for about £95.

Ms Lane Fox was appointed as the UK's digital champion in 2009, at which time she was tasked with getting the poorest four million Britons online by the time of the London Olympics in 2012.

Race Online 2012, as the campaign is known, has changed its focus and now aims is to make the UK "the world's first networked nation".

Ms Lane Fox explained what she wanted the volunteer army to do.

"I'm not asking people to sit down and go through the complications of a presentation or train somebody in complex coding - I just want to enthuse people and inspire them and I think the rest will take care of itself," she told the BBC.

"For those people, it's a very simple task - they need to engage people with the joys of being on the internet," she said.

"It might be a parent on the school gates, it might be somebody in your GP surgery, it might be someone in your local pub or another network that you're in," she said.

The 100,000 formal volunteers are just the start.

"It will lead a ripple effect of informally people thinking 'oh yes, I know somebody I work with who can't use the internet,' so hopefully the 100,000 will become many, many more than that," she said.

Prime Minister David Cameron has backed the campaign.

"Today there are nine million adults in the UK who have never used the internet - and nearly half of them are among our most disadvantaged people. That's why the work Martha Lane Fox is doing as the UK's digital champion is so important," he said.

According to the Office of National Statistics, the majority - 7.3 million - of those are aged over 55.

Part of Ms Lane Fox's remit is to look at ways of making savings by putting more government services online.

Last year she conducted a review of current government online services and concluded that they needed to be revolutionised.

A new site has now gone live and will be tested for a couple of months to gauge public reaction.

"It is off the back of the report done by Martha Lane Fox. We accept that we need to make massive improvements and this is the result of three months work with a small team," said project director Tom Loosemore.

The site will be much simpler, more searchable and be based on the user's location within the UK.

Dozens of government services are now available online. Some 70% of tax returns are now done via the web and other services, such as renewing car tax, have proved popular.

The BBC is launching its own media literacy campaign, which like Race Online, aims to mobilise people to help a relative, friend or neighbour take the first steps online.

At the heart of the campaign is its First Click website which offers advice and tips on how best to support others.

The BBC's director general Mark Thompson is among a host of people lined up to speak at a conference in London tomorrow aimed at discussing the best way to get more people online.

READ MORE - 100,000 net champions recruited

Microsoft confirms takeover of Skype

Microsoft has confirmed that it has agreed to buy internet phone service Skype.

The deal will see Microsoft pay $8.5bn (£5.2bn) for Skype, making it Microsoft's largest acquisition.

Luxembourg-based Skype has 663 million global users. In August last year it announced plans for a share flotation, but this was subsequently put on hold.

Internet auction house eBay bought Skype for $2.6bn in 2006, before selling 70% of it in 2009 for $2bn.

This majority stake was bought by a group of investors led by private equity firms Silver Lake and Andreessen Horowit.

Other major shareholders include tech-firm Joltid and the Canada Pension Plan Investment Board.

Shares in Microsoft ended the day in New York down 0.5% at $25.68. In contrast, eBay - which owns a stake in Skype - saw its share price rally 2.5%.
'Defensive move'

Microsoft chief executive Steve Ballmer said: "Skype is a phenomenal service that is loved by millions of people around the world.

"Together we will create the future of real-time communications so people can easily stay connected to family, friends, clients and colleagues anywhere in the world."

Skype will now become a new division within Microsoft, and Skype chief executive Tony Bates will continue to lead the business, reporting directly to Mr Ballmer.

"It's a strategic asset and a defensive move [for Microsoft]," said Colin Gillis, an analyst at BGC Financial.

"If they can put it on Windows 8, it gives them an advantage. It helps them in the tablet market."

Other analysts say Microsoft's aim in buying Skype is to improve its video conferencing services.
Price concerns

Although the price tag of $8.5bn will not stretch the US giant, some experts have questioned whether it is paying too much for a company that has struggled to turn a profit.

Michael Clendenin, managing director of consulting firm RedTech Advisors, said: "If you consider [Skype] was just valued at about $2.5bn 18 months ago when a chunk was sold off, then $8.5bn seems generous.

"[It] means Microsoft has a high wall to climb to prove to investors that Skype is a necessary linchpin for the company's online and mobile strategy."

This view was echoed by Ben Woods, head of research group CCS Insight.

"The big unanswered question is how do Skype assets work for Microsoft... how do you justify the price?" he said.

Skype was founded in 2003.

Calls to other Skype users are free, while the company charges for those made to both traditional landline phones and mobiles.

READ MORE - Microsoft confirms takeover of Skype

Researcher: iPad, iPhone IDs can give away identities

(Wired) -- The unique string of numbers and letters assigned to your iPhone can potentially expose your real-life identity.

Security researcher Aldo Cortesi last week published his discovery of a flaw in the unique device identifier (UDID) stored on each iPhone, iPad and iPod Touch.

While this device identifier is well-known, it's not supposed to be connected to a person's actual identity. But Cortesi discovered that some apps can link the identifier to the phone owner's Facebook profile, which effectively puts a face behind that string of numbers and letters.

"It's like a permanent, unalterable tracking cookie that can't be changed and that the user is not aware of," Cortesi told Wired.com. "The UDID idea has got such deep flaws because it literally identifies the device."

Apple and iOS app programmers use the 40-character string of letters and numbers as a method to identify each device uniquely, and presumably anonymously. The UDID is permanently tagged to the device, and it can't be erased or changed.

By itself, the UDID doesn't expose personal data, but to the extent that it's tied to other information about the phone's user, it can function like a permanent, ineradicable "evercookie." In theory, that could allow advertisers or other parties to track a wide variety of your activities through your smartphone. Whether that constitutes a privacy invasion, an annoyance or a convenience depends on your perspective. Early concerns over Web cookies, for example, have faded as the business community has standardized privacy protocols, including allowing users to easily identify sites that use them, and to opt out if they so choose.

This identifier is at the center of criticism amid growing concerns about smartphone privacy. The Wall Street Journal last year conducted independent tests and found that out of 101 apps, 56 transmitted the device's UDID to other companies without user awareness or consent.

In reaction to WSJ's investigation, some customers in Aprilfiled a lawsuit against Apple and a handful of app makers, alleging that they invaded user privacy by accessing customer information without permission and sharing it with third-party advertisers. They argued that the UDID could be virtually stapled to other information, such as age and location, to personally identify a customer, and that advertisers can create profiles to track each customer for marketing purposes.

"They're permanent Social Security numbers in your phone that are freely transmitted and can't change," said Justin Brookman, director of the Center for Democracy and Technology's consumer privacy project.

Cortesi said that Apple's UDID methodology is problematic because of the way it is designed. To track how apps transmit UDIDs, Cortesi created a tool called Mitmproxy.

In April, he found that OpenFeint, a gaming network integrated inside some apps to link players together, was transmitting UDID attached to personally identifiable information in some instances. When customers used their Facebook accounts to log in to OpenFeint, the game was transmitting UDID attached to the customer's Facebook ID, picture and occasionally GPS coordinates, he said.

OpenFeint claims to have 75 million registered gamers. Popular games that integrate OpenFeint include TinyWings, Pocket God, Robot Unicorn Attack and Fruit Ninja.

OpenFeint fixed the flaw after Cortesi notified the company. However, Cortesi explained that the issue is not isolated to the gaming network.

Apple explicitly tells iOS programmers that they "must not publicly associate a device's unique identifier with a user account" to ensure privacy. However, the fact that a network as big as OpenFeint managed to link UDIDs to Facebook accounts means that there are probably other apps linking UDIDs to personal data that have slipped past Apple's radar.

"By designing an API to expose UDIDs and encouraging developers to use it, Apple has ensured that there are literally thousands of databases linking UDIDs to sensitive user information on the net," Cortesi said.

Other than concerns about trading customer data with advertisers, an additional possibility is that app makers can peek at what a specific person is doing inside their apps, using analytics tools such as Flurry, Cortesi said.

Apple did not return a request for comment.

Charlie Miller, a security researcher who specializes in hacking smartphones, told Wired.com that the security issue raised by Cortesi is not a huge concern, but it does highlight some issues with the UDID. He said that a more secure design would be to have each app randomly generate a unique identifier for each device, so that a programmer can only track information relevant to his or her app.

However, Miller added that the erosion of privacy is inevitable in the always-connected age, and we have to sacrifice some privacy in exchange for app-powered services.

"The bottom line is traditional privacy has gone out the window with smartphones," Miller said. "You're carrying around always-on GPS-enabled, internet-enabled devices. You're downloading and running applications that are designed to share your thoughts and photos. [Cortesi] points out some things Apple could have done better to help protect your privacy, but basically, you voluntarily give up some of your privacy in order to use these apps and devices."

READ MORE - Researcher: iPad, iPhone IDs can give away identities

New 'Call of Duty' game, social network to debut this year

(CNN) -- Activision Blizzard is set to launch a new "Call of Duty" game for consoles alongside an ambitious digital platform later this year, Activision Publishing CEO Eric Hirshberg said on the company's earnings call Monday.

Executives have expressed an especially keen excitement about the new platform features.

They named "Call of Duty" as one of the two "significant investments" that Activision is making, which will include the company's largest marketing campaign, Activision Blizzard CEO Bobby Kotick said on the call. (The other investment is in PC developer Blizzard, which is working on "Diablo III" and a new massively multiplayer online game franchise unrelated to "World of Warcraft.")

"This year's 'Call of Duty' initiatives will result in the best 'Call of Duty' experiences we have created to date," Kotick said. In addition to paid features integrated into the platform, "You will see a lot of new services and capabilities that will be provided free of charge to all of our customers," he said.

The "Call of Duty" online service has been in development for two years under the name Project Beachhead, Hirshberg said. The company created a separate group, also called Beachhead, to focus full attention on the project, Kotick has said previously.

Activision will begin briefing reporters in San Francisco later this week about the project under nondisclosure agreements. The company plans to make a formal announcement in the next several weeks, Kotick said. Still more details are expected in June for the Electronic Entertainment Expo.

That a new entry in the "Call of Duty" series will be released this year isn't a bombshell. Activision has introduced a new game in that franchise each year since 2005. The most recent, "Call of Duty: Black Ops," was the top-selling game in the United States and Europe over the last three months.

"Black Ops" still draws fervent crowds for its multiplayer features and continues to sell well.

But that experience has been hampered by Sony Computer Entertainment's shutdown of the PlayStation Network, with the online gaming service approaching three weeks of downtime this week. Activision intends to release a download package for "Black Ops" in the next three months. "Hopefully the situation will be resolved by then," Hirshberg said.

Cliff Bleszinski, the design director for Epic Games, which makes another popular shooting franchise called "Gears of War," said he has doubts about "Call of Duty's" viability. "'Call of Duty' is doing well right now, but if I was one of the owners of that property, I'd be concerned about potential fatigue," he said in a recent interview.

This year's new installment may be called "Call of Duty: Modern Warfare 3" and debut in November, according to a report in the Los Angeles Times. "The game has exceeded every internal milestone," Hirshberg said on Monday's call.

READ MORE - New 'Call of Duty' game, social network to debut this year

What the Yuck: Am I having a panic attack?

Too embarrassed to ask your doctor about sex, body quirks, or the latest celeb health fad? In a regular feature and a new book, "What the Yuck?!," Health magazine medical editor Dr. Roshini Raj tackles your most personal and provocative questions. Send 'em to Dr. Raj at whattheyuck@health.com.

Q: My heart sometimes feels like it's racing in my chest - am I having a panic attack?

Anxiety can definitely cause palpitations (feeling like your heart is pounding or jumping in your chest). If you are about to do something nerve-wracking like give a speech, you may feel your heart beating a little faster, which is a normal response to stress hormones.

True panic disorder (aka panic attacks) is a form of anxiety disorder that occurs for no discernible reason. So if you get these symptoms only when you have something stressful going on (a blind date, a public speaking engagement), it's not a panic attack but a case of nerves.

However, if the chest symptoms come out of nowhere and you also feel intense fear or dread, feel faint, and are short of breath, trembling, or sweating, you could have panic disorder.

If you haven't been diagnosed with the disorder, get your symptoms checked out by a doctor. A racing in your chest could also mean there is something wrong with your heart - an abnormal rhythm, a heart valve problem, a heart muscle problem - all of which can be very dangerous if not diagnosed and treated. Your doctor will probably give you a test called a Holter monitor where you wear a machine for 24 hours that continually records your heart rhythm and rate; it's a continuous EKG.

Assuming your ticker is fine, ask for a referral to a therapist because panic disorder is one of the most treatable anxiety disorders. Options include talk therapy, prescription medication, including antidepressants or sedatives, or a combination of meds and psychotherapy.

READ MORE - What the Yuck: Am I having a panic attack?

Bin Laden's death ushers in whirlwind week as clues emerge

(CNN) -- The curtain is just beginning to rise on the scope and power of the world's most-wanted terrorist one week after U.S. Navy SEALs killed him during a daring nighttime raid.

New details have been released almost daily since a team of American commandos stormed bin Laden's compound in Abbottabad, about 50 kilometers (31 miles) north of Islamabad, killing him and four others.

For Americans, and much of the world, news of the killings brought a sense of relief, even satisfaction.

The pain, the frustration, the sadness elicited by the 9/11 attacks have never really left. How could they? For much of the past decade, Americans processed the world through the lens of the worst terrorist attacks ever committed on U.S. soil.

Since that attack, citizens of the United States, Britain, Spain and other countries had grown startlingly accustomed to terror strikes and near-misses. Adding to the pain was the ever-growing laundry list of indignities, the "fog of war," and the clarity to know that personal freedoms were eroding in agonizingly public ways.

Then it happened. Bin Laden was killed.

In announcing bin Laden's death, Obama called it "the most significant achievement to date in our nation's effort to defeat al Qaeda."

"A small team of Americans carried out the operation with extraordinary courage and capability. No Americans were harmed. They took care to avoid civilian casualties," he said.

Nearly 10 years and 7,000 miles from New York City, Shanksville, Pennsylvania, and the Pentagon, a team of U.S. Navy SEALs raided a complex in Abbottabad, shooting bin Laden and depositing his body into the sea.

The iconic image of the event? A White House photo of Obama and his aides monitoring via live video the capture of bin Laden.

It was personal

For Johnny Spann, father of the first U.S. victim in the Afghan war, the news was sweet.

"If you ask me if I am proud that he's dead, yes," Spann told CNN, in Winfield, a town in northwestern Alabama. "Am I glad he's dead? Yes. The guy was a monster. He was a killer."

Spann's son, Johnny Michael Spann, was a paramilitary officer for the CIA when he was killed during a riot among Taliban and al Qaeda prisoners on November 25, 2001.

For the nation's youth -- many of whom grew up with color-coded terror alerts and long lines at airport metal detectors -- bin Laden, their bogeyman, was finally gone.

How it happened was breathtaking -- redemption for a CIA dogged for years over real or perceived intelligence failures, some shine for the armed forces whose daily bravery rarely makes headlines and the signature moment of Barack Obama's presidency so far.

Yes, it was personal. Finally there was a solitary act that could boost our collective morale, even restore some sense of redemption. You can even call it revenge. Whatever. The swagger, just for a single, solitary moment, was back.

"We are ultimately going to defeat al Qaeda," the president told more than 2,300 troops who recently returned from Afghanistan. "We have cut off their head."

Head of the hydra has been cut off, what about the body?

A statement from al Qaeda on Friday acknowledging the death of bin Laden included renewed warnings of attacks against U.S. interests and suggested that a process to choose a successor was under way.

"Sheikh Osama didn't build an organization to die when he dies," the message said. It was posted on several jihadist forums known for carrying al Qaeda statements.

The Taliban quickly followed with a statement of its own on bin Laden's death, promising a fight for the U.S.

"Will the Americans be able -- through their media outlets, their agents, their instruments, soldiers, intelligence services and their might -- be able to kill what Sheikh Osama lived for and was killed for? How far! How impossible!" the statement said.

But support for radical Islam, after 10 years of infighting since 9/11, may have reached a tipping point.

The Muslim world was initially suspicious of U.S. intentions immediately following 9/11, with some even seeing bin Laden as a scapegoat.

"When 9/11 first happened, people in the Muslim world weren't entirely sure it was bin Laden who was behind it," said Juan Cole, a professor of modern Middle East history at the University of Michigan.

But as al Qaeda established affiliates throughout the Muslim world -- leading to deadly attacks that claimed Muslim lives in countries such as Iraq, Saudi Arabia and Morocco -- Muslim support waned.

"Terrorism went from being seen as something that happened 'over there' to something that affected Muslims themselves," said Cole.

Who will be the new public enemy?

The man to lead al Qaeda most likely will be Ayman al-Zawahiri, an Egyptian who was bin Laden's No. 2 in command. But Adam Gadahn, a U.S.-born spokesman for al Qaeda, may also have his hat in the ring. Like al-Zawahiri, Gadahn is on the FBI's most-wanted list.

The bylaws of al Qaeda, recovered by the U.S. military in Afghanistan after 9/11, set out clear guidelines on the replacement of bin Laden, requiring the Command, or Shura, Council of al Qaeda to "pledge allegiance to the deputy emir and elect him as emir in the event that the emir dies or is captured and there is no hope for his liberation."

The United States figures to have an edge on al-Zawahiri's whereabouts after the seizure by Navy SEALs of multiple thumb drives, storage devices and hard drives full of data from bin Laden's Abbottabad compound.

But al-Zawahiri is no bin Laden.

Whereas bin Laden's charisma inspired a generation of recruits, al-Zawahiri is a self-styled intellectual whose long-winded video and audio tapes must be tedious to even the most committed of al Qaeda members and whose arrogance has alienated many in al Qaeda ranks over the years. How bad must you be to irritate your fellow terrorists?

Also of concern to U.S. officials is al Qaeda in the Arab Peninsula, an arm of the umbrella terrorist organization that emerged in the years after 9/11.

From its bases in Yemen, AQAP has carried out some of the most audacious attempted terrorist attacks against the West, most notably Umar Farouk Abdulmutallab's attempt to blow up a Detroit-bound airliner on Christmas Day in 2009.

Although attacks by the Yemeni branch have failed, the group has come closer than other affiliates such as those in Iraq or in North Africa.

U.S. officials are working swiftly to dissect and act upon key information gleaned from the raid on Osama bin Laden's compound in Pakistan.

Intelligence officials on Saturday unveiled five videos of bin Laden that were confiscated from the Pakistan raid.

The videos, including one which shows the terrorist leader channel-surfing in front of a television, reveal a graying figure that effectively ran the world's terror organization like a home-based business.

With bin Laden gone, should Americans sleep more soundly?

The collective American psyche breathed a sigh of relief with the news of bin Laden's death. It made sense that the moment be one of celebration, said Columbia University psychiatrist Dr. Jeffrey Lieberman.

The country has been experiencing emotional malaise, with a slow-moving economy and a decade of angst about the threat of terrorism.

Then in an instant, a late Sunday night announcement lifted that burden of pain and helplessness.

"In the blink of an eye, the gloom and doom and pessimism has dissipated," Lieberman said.

As with every free society, there was healthy debate about the way one should respond to the news of bin Laden's death. While many shouted in jubilation at the demise of a terrorist mastermind, others were appalled by what they perceived as a simplistic, even primal, reaction to mortality.

Josh Pesavento, 22, a journalism student in New York who photographed the cheering crowds in Times Square, said he felt conflicted about the celebrations he witnessed.

"I don't believe that any person has the right to kill anyone, and I don't think that we should be cheering for yet more loss of life. However, I tell myself that in this situation, these people may be cheering for the end of an icon who led to the death of far, far too many," Pesavento said.

Danielle Tumminio, an Episcopal priest, said she fought back tears as she digested the news that bin Laden had been killed.

"My first reaction was, 'I wish I was with them,' " Tumminio said of the scenes of revelers she saw on the news. "My second reaction was, 'This is disgusting. We shouldn't be celebrating the death of anybody.' It felt gross."

For others, those closer to the events of 9/11, there was a sense of personal gratification.

Michael Tuohey, an airport worker who checked in one of the 9/11 hijackers, said when he turned on his television and saw Obama announcing that bin Laden's death, "I got a little choked up, because just knowing, you can't help but reflect back," he told CNN.

More debate centered on whether the White House should release photos of bin Laden's body. Many thought death photos of bin Laden were the only way to confirm the most die-hard skeptics. Critics countered that the Obama administration would lose its moral ground.

In the days and weeks ahead, there will be more revelations -- and the release of intermittent details -- as U.S. officials continue to pore over materials taken from bin Laden's compound.

While there is no evidence Pakistani authorities knew bin Laden was living in the same town as one of its top military academies, U.S. officials are keenly aware that the terrorist leader must have had help remaining undetected in in a mansion complex for six years.

National security adviser Tom Donilon told CNN in comments aired Sunday, "We'll clearly be working with (Pakistani authorities) to understand how we got to this point," he said.

READ MORE - Bin Laden's death ushers in whirlwind week as clues emerge