[ NNSquad ] Confirmed: Twitter DNS diversion used Twitter login credentials

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Confirmed: Twitter DNS diversion used Twitter login credentials

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Confirmed: Twitter DNS diversion used Twitter login credentials
From: Lauren Weinstein <lauren@vortex.com>
Date: Fri, 18 Dec 2009 12:14:27 -0800

Now confirming [ Ref: http://www.nnsquad.org/archives/nnsquad/msg02460.html ] 
that the Twitter DNS diversion last night was the result of someone using
Twitter's own login credentials to change DNS data at Dyn's site,
according to Dyn's CTO:

http://bit.ly/80Ve4Y  (Wired)

So as suspected, this was not a "sophisticated" attack (e.g.,
DNS cache poisoning) but rather a conventional login attack.

It is interesting to consider that apparently a single
username/password pair was able to take Twitter's entire Web site
effectively offline globally.

At the very least one would hope that more advanced account control
mechanisms (e.g., certificate-based access authentication) would be
employed with critical accounts for organizations at this level.

--Lauren--
NNSquad Moderator

Prev by Date: [ NNSquad ] Yahoo's spam insanity
Next by Date: [ NNSquad ] Re: Yahoo's spam insanity
Previous by thread: [ NNSquad ] Yahoo's spam insanity
Next by thread: [ NNSquad ] Re: Yahoo's spam insanity
Index(es):
- Date
- Thread