Interesting People mailing list archives
more on Confirmed: Twitter DNS diversion used Twitter login credentials
From: Dave Farber <dave () farber net>
Date: Fri, 18 Dec 2009 16:22:14 -0500
Begin forwarded message:
From: privacy () vortex com Date: December 18, 2009 3:39:42 PM EST To: privacy-list () vortex comSubject: [ PRIVACY Forum ] Confirmed: Twitter DNS diversion used Twitter login credentialsReply-To: PRIVACY Forum Digest mailing list <privacy () vortex com>
Now confirming [ Ref: http://www.nnsquad.org/archives/nnsquad/msg02460.html ] that the Twitter DNS diversion last night was the result of someone usingTwitter's own login credentials to change DNS data at Dyn's site, according to Dyn's CTO: http://bit.ly/80Ve4Y (Wired) So as suspected, this was not a "sophisticated" attack (e.g., DNS cache poisoning) but rather a conventional login attack. It is interesting to consider that apparently a single username/password pair was able to take Twitter's entire Web site effectively offline globally. At the very least one would hope that more advanced account control mechanisms (e.g., certificate-based access authentication) would be employed with critical accounts for organizations at this level. --Lauren-- Lauren Weinstein lauren () vortex com Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, GCTIP - Global Coalition for Transparent Internet Performance - http://www.gctip.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- more on Confirmed: Twitter DNS diversion used Twitter login credentials Dave Farber (Dec 18)
- <Possible follow-ups>
- more on Confirmed: Twitter DNS diversion used Twitter login credentials Dave Farber (Dec 18)
- more on Confirmed: Twitter DNS diversion used Twitter login credentials Dave Farber (Dec 18)