Welcome to duststar theory

Twitter got hacked, so is Baidu

Autor duststar

Breaking news from Internet Storm Center.

Twitter got hacked on 17th Dec 2009. That is not new. Baidu got hacked today. Not shocking …

Both  sites were defaced using “legitimate” DNS modified entries which was caused by compromised DNS server. Thus, we can say that there is no real defacement occurring here. However, during these “hours” of compromised situation, users who are trying to login to twitter may have already given out their passwords to the hackers already. (So Twitter users please remember to change your passwords!)

DNS attacks has been an increasing trend since the time when Dan Kaminsky made multiple discoveries in DNS infrastructure weaknesses. We can expect the trend to continue to climb, and see more web defacement through such DNS man-in-the-middle (MITM) attack.

So as an organisation how can you defend yourselves?

Prevent

1. Do away with shared DNS hosting if possible.
2. Run and managed your own DNS servers.
3. Secure them.

Detect

1. Monitor any attacks against your DNS infrastructure.
2. Monitor all DNS zone transfers and your domains for sudden “IP change”.

Response

1. Establish response plan and procedures to deal with detected events.

The crucial point here is how fast can you detect an intrusion and respond to them. So, managed security services (MSS), internal computer emergency response team (CERT), or a system/network admin running on steroids (basically one person covers everything). You decide.

.duststar