Am I the only one who thinks this is somewhat disingenous, or at least lacking in details?

I dontv even know what happened. I'm guessing, somehow, had their DNS records pointed to some arbitrary host. I believe bluehost, that's what dig told me at the time.

How bluehost handled that traffic is a testament to the 6.00 account it must have been sitting on.

Is that what happened? Why did bluehost not immediately close that ip?

But the statement that no accounts are believed to be compromised... How many have "remember me" enabled? Doesn't this mean all those users had their login cookie sent along for capture?

If the hackers were more nefarious, they could have easily cloned the login/pass box and captured the credentials and redirected to fail whale. Smarter still, round robin the ip's to only 1 being false, most would get in, but those who did not just gave up login and pass details. They will try again later and all would work fine.

This would have taken much longer to rven discover.

How did someone get control of DNS?

With twitters size, could a call not been made to netsol, openDNS,, and the rest of the large 3rd party dns providers to shunt in records with the correct IP's for a shirt time, until the real TTL's refreshed?

Netsol could have solved it in one swoop.

I think a lot more detail about this need to be disclosed. This does not seem like a Twitter security issue, it seems like a DNS issue, largely outside of twitters control. Why not explain that?

Right now it appears twitter got hacked, again, but I dont think that to be the case, though this blog posts lack of detail makes the public feel Twitter was hacked.

Where did all the forgot password emails go, were MX records also put in place. Where did email in general go, can we see the hacked zone copy put in place?

Twitter did little wrong here, the blog post is so vague, it makes the general public think It's twitters Machines, which if I understand this, it's not.

Pretty sure I could self fix this with a few entries to /etc/hosts or in my case, I would have just added the zone to my RR, had i known what to add in.

Comments appreciated.
-- Scott
(Sent from a mobile device)

Reply via email to