Jaime Gago Condensing Information Systems From the Vapor Of Data

DNS Cracks on Twitter and Baidu

I wonder if the 2 successful and spectacular DNS attacks against 2 major websites (Twitter and Baidu) have anything to do with the DNS Cache Poisining that Dan Kaminsky revealed in 2008. Meh, probably not...

I never went too deep into Dan Kaminsky's rabbit hole (Alice are you there?), after all the main DNS NS I deal with are taken care of by some guy that -hopefully- totally understands this.

I do remember though that at the time the hole was made public Evgeniy Polyakov proved that even with the patches the hole was still there,oops...

Supposedly these "Iranian Cyber Army" DNS cracks are linked to some kind of social engineering, bad passwords and bad security policy of 2 name registrars. But such enormous mistakes and repeated twice on 2 websites that are amongst the most visited on the web, it’s surprising at the very least.

I mean it’s not like it’s jaimegago.com and its 3 visitors per day that has been cracked it’s f*cking Twitter *AND* Baidu. Granted, Twitter doesn't have the best reputation in terms of security (or even just regular uptime) but supposedly after too many secrets revealed they got a very good deal on buy one security engineer get one free.

Another element that kind of surprises me is, these 2 cracks did not get the web exposure one would think, especially when they occurred within such a small time interval and with -apparently- the same origin. Then if you had the whole Google vs China Government, Democracies vs Iran happening at the exact same time everything become even more confusing.

There is one is easy conclusion though, the world gone global is going to look at Information Systems Security Experts with more "interest" every day...