Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Confirmed: Twitter DNS diversion used Twitter login credentials

From: Dave Farber <dave () farber net>
Date: Fri, 18 Dec 2009 16:22:14 -0500




Begin forwarded message:


From: privacy () vortex com
Date: December 18, 2009 3:39:42 PM EST
To: privacy-list () vortex com
Subject: [ PRIVACY Forum ] Confirmed: Twitter DNS diversion used Twitter login credentials 
Reply-To: PRIVACY Forum Digest mailing list <privacy () vortex com>
Now confirming [ Ref: http://www.nnsquad.org/archives/nnsquad/msg02460.html ] that the Twitter DNS diversion last night was the result of someone using 
Twitter's own login credentials to change DNS data at Dyn's site,
according to Dyn's CTO:

http://bit.ly/80Ve4Y  (Wired)

So as suspected, this was not a "sophisticated" attack (e.g.,
DNS cache poisoning) but rather a conventional login attack.

It is interesting to consider that apparently a single
username/password pair was able to take Twitter's entire Web site
effectively offline globally.

At the very least one would hope that more advanced account control
mechanisms (e.g., certificate-based access authentication) would be
employed with critical accounts for organizations at this level.

--Lauren--
Lauren Weinstein
lauren () vortex com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition
  for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein

_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: