Archive for December, 2009

Twitter, DNS, the “Iranian cyber army” and panic – an analysis

Friday, December 18th, 2009

Status.twitter.com tells us that DNS records were overwritten temporarily tonight by attackers to redirect HTTP traffic to another host that was originally destined for twitter.com.

With the information that I know now (12:40am, 12/18):

The host which contained the landing page was hosted with bluehost. This tells us a few things

  • They didn’t have the infrastructure to do packet captures, or credential theft. Bluehost does shared hosting.
  • Any attempt to do so would have thrown TONS of SSL errors, and very likely DDoS’ed the server hosting the landing page. (Twitter had HUNDREDS of servers, these guys had 1.). All of your twitter apps would have thrown errors, or flat out stopped working.
  • Twitters security infrastructure was left untouched, and was not a target of the attack.

I’ve been watching twitter scroll with sensationalism and panic, people yelling “OH GOD TWITTER GOT HACKED EVERYONE CHANGE YOUR PASSWORDS NOW”.

Please – don’t do that.

Its going to make everyones job harder who have to work on this situation, it incites panic and causes people to prematurely flip out and do things they probably shouldn’t do.

I’ve had to deal with this in the past – people throwing their arms in the air and screaming about passwords being compromised when they in fact weren’t. It did not end well.

Please – think before you hit send.

Tags: , , , , , , , , , , , ,
Posted in insight, rants, technology | 3 Comments »

Zipline – a VPN security product.

Wednesday, December 16th, 2009

How many of those wordpress, joomla, drupal blogs, web2.0 products of various sort and other websites do you go to that are encrypted using SSL(https)? How many times a day to you enter your credentials, or use cookie based (the ‘remember me’ checkbox type) authentication on websites a day? Do you find yourself in coffee shops, or other public wifi frequently and sometimes wonder who is watching your traffic?

I know I do. Up until now I’ve been using SSH tunnels to get my traffic back home where I know nobody is running a packetsniffer. The trouble with SSH tunnels though is that they’re fickle, and often drop. I wanted a better solution – so I made one.

www.atenlabs.com/zipline

(more…)

Tags: , , , , , , , , , , , , , , , ,
Posted in Uncategorized | 2 Comments »

Hacking someones personal brand

Thursday, December 10th, 2009

Troll definitionI know two trolls. Roger Rustad, and David Kaiser – they run socallinux.org.

If you read anything these two post on socallinux.org you can quickly determine they use this mailing list to defame whomever they choose – and because their mailing list gets both spidered by google, and mirrored by list-serv they get pretty much automatic SEO. Multiple domain names replicating messages. And if the mailing list gets any activity for any reason the SEO goes up.

This is like a troll sniper rifle. You want someone to go down in flames, or you just want to make them real miserable? Talk smack about them somewhere that gets spidered by google and replicated to other sites. If anyone googles them, they’ll find listserv messages, mail-archive.com and google cache results all parroting the original messages.

Google is like the force. It can be used for good and evil. In this example, we’re looking at using it for evil.

(more…)

Tags: , , , , , , , , , , ,
Posted in insight, rants | No Comments »