Am I the only one who thinks this is somewhat disingenous, or at least
lacking in details?
http://blog.twitter.com/2009/12/update-on-last-nights-dns-disruption.html
I dontv even know what happened. I'm guessing, somehow, Twitter.com
had their DNS records pointed to some arbitrary host. I believe
bluehost, that's what dig told me at the time.
How bluehost handled that traffic is a testament to the 6.00 account
it must have been sitting on.
Is that what happened? Why did bluehost not immediately close that ip?
But the statement that no accounts are believed to be compromised...
How many have "remember me" enabled? Doesn't this mean all those users
had their login cookie sent along for capture?
If the hackers were more nefarious, they could have easily cloned the
login/pass box and captured the credentials and redirected to fail
whale. Smarter still, round robin the ip's to only 1 being false, most
would get in, but those who did not just gave up login and pass
details. They will try again later and all would work fine.
This would have taken much longer to rven discover.
How did someone get control of DNS?
With twitters size, could a call not been made to netsol, openDNS,
8.8.8.8, and the rest of the large 3rd party dns providers to shunt in
records with the correct IP's for a shirt time, until the real TTL's
refreshed?
Netsol could have solved it in one swoop.
I think a lot more detail about this need to be disclosed. This does
not seem like a Twitter security issue, it seems like a DNS issue,
largely outside of twitters control. Why not explain that?
Right now it appears twitter got hacked, again, but I dont think that
to be the case, though this blog posts lack of detail makes the public
feel Twitter was hacked.
Where did all the forgot password emails go, were MX records also put
in place. Where did email in general go, can we see the hacked zone
copy put in place?
Twitter did little wrong here, the blog post is so vague, it makes the
general public think It's twitters Machines, which if I understand
this, it's not.
Pretty sure I could self fix this with a few entries to /etc/hosts or
in my case, I would have just added the zone to my RR, had i known
what to add in.
Comments appreciated.
--
Scott
(Sent from a mobile device)