• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Syrian Army hacked Twitter and NYTimes.com on 8/27

A couple of clarifications...
It was the "Syrian Electronic Army" that performed the attack. They may or may not be related to any actual Syrians, Armies, or Rebel groups at all. Brian Krebs made a post to twitter earlier tonight that hinted that he had uncovered a whole lot of info about the group. You can keep an eye on his blog at krebsonsecurity.com...I'm guessing his story will post in the next couple of days.

Also, the attack was performed against a domain registrar in Australia. SEA changed DNS records. There is no reason to believe that any systems at Twitter or the NYTimes were breached or passwords compromised as a result of this particular attack. I'm not saying that changing your passwords is a bad idea, but I just don't think it's really necessitated by this sitation.

As a side note-
If you use twitter, you should definitely turn on login verification (their form of 2 factor authentication) so that a breach of your password alone would not be enough to access your account. The same goes for other services (like gmail and facebook) that have implemented a 2 factor auth system...always turn it on.
 
seepy83 said:
A couple of clarifications...
It was the "Syrian Electronic Army" that performed the attack. They may or may not be related to any actual Syrians, Armies, or Rebel groups at all. Brian Krebs made a post to twitter earlier tonight that hinted that he had uncovered a whole lot of info about the group. You can keep an eye on his blog at krebsonsecurity.com...I'm guessing his story will post in the next couple of days.

Also, the attack was performed against a domain registrar in Australia. SEA changed DNS records. There is no reason to believe that any systems at Twitter or the NYTimes were breached or passwords compromised as a result of this particular attack. I'm not saying that changing your passwords is a bad idea, but I just don't think it's really necessitated by this sitation.

As a side note-
If you use twitter, you should definitely turn on login verification (their form of 2 factor authentication) so that a breach of your password alone would not be enough to access your account. The same goes for other services (like gmail and facebook) that have implemented a 2 factor auth system...always turn it on.
Click to expand...


What you said is true... they did not access any stores id/password database tables... however:

if the DNS was changed, and anyone who access the site (forewarded by the DNS to the attackers imitation site) would have attempted to authenticate with a ID/PAssword, which would have then been harvested by the attacker.
 
OMG, I can't even begin to imagine the repercussions if an unauthorized person got access to someone's twitter account.

THEY COULD SEND TWEETS THAT WEREN'T TRUE!!!!!! The humanity.
 
Ben90 said:
OMG, I can't even begin to imagine the repercussions if an unauthorized person got access to someone's twitter account.

THEY COULD SEND TWEETS THAT WEREN'T TRUE!!!!!! The humanity.
Click to expand...

OMG... If you are stupid enough to use twitter... you are probably also stupid enough to use the same password for your Bank as you did for Twitter... and think about how many dollars you can get from how many passwordz...

DERP!
 
sao123 said:
What you said is true... they did not access any stores id/password database tables... however:

if the DNS was changed, and anyone who access the site (forewarded by the DNS to the attackers imitation site) would have attempted to authenticate with a ID/PAssword, which would have then been harvested by the attacker.
Click to expand...

This.
 
Out of an abundance of caution, I would absolutely agree that changing your password is a good idea.

However, there has been no indication that the attack on Twitter's DNS records was done to harvest passwords. When the SEA had control of the DNS records, they were not redirecting twitter users to a fake/imitation twitter site where unknowing twitter users would have attempted to authenticate.
 
sao123 said:
OMG... If you are stupid enough to use twitter... you are probably also stupid enough to use the same password for your Bank as you did for Twitter... and think about how many dollars you can get from how many passwordz...

DERP!
Click to expand...

You're forgetting the people that use Facebook and Twitter to troll average users of Facebook and Twitter, sometimes for legitimate, rhetorical reasons, irrespective of the general, non-pecuniary ramifications.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top