more on Confirmed: Twitter DNS diversion used Twitter login credentials

[Dave Farber <dave () farber net>]

Begin forwarded message:

> From: "Ed Gerck, Ph.D." <egerck () nma com>
> Date: December 18, 2009 5:09:54 PM EST
> To: dave () farber net
> Cc: ip <ip () v2 listbox com>
> Subject: Re: [IP] more on  Confirmed: Twitter DNS diversion used  
> Twitter login credentials

> [Dave: Greetings! For IP if you wish]
> > > It is interesting to consider that apparently a single
> > > username/password pair was able to take Twitter's entire Web site
> > > effectively offline globally.
>
> Twitter has used a weak password before (google: Another Security  
> Tip For Twitter: Don’t Use "Password" As Your Server Password), so t 
> his may be just the same.
>
> Yes, the problem is pervasive with username/password authentication,  
> but why don't people use certificate-based access authentication?
>
> In search for feedback on solutions, I'd like to invite IP'ers to  
> take five  minutes and go over these and other frequently asked  
> questions in the paper, and leave comments, at  www.email-security.net/papers/takefive.htm
>
> Cheers,
> Ed Gerck
> www.gerck.com



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com