Thursday, January 7, 2010
Detecting DNS Hijacks Via Network Monitoring
John Sawyer writes for the darkReading's Evil Bytes Blog on the recent "slew" of DNS attacks. He specifically points out that the recent Twitter DNS Hijack would have been immensely more effective if Twits (or is it Twitterers?) were redirected to a cloned Twitter website....
Last year saw a slew of different DNS attacks. The most recent incident was the hijacking of Twitter's DNS records to redirect to a Website stating, "This site has been hacked by the Iranian Cyber Army." Though the impact to a company's public image can be large, DNS redirection attacks have the potential to be even more devastating than a tarnished image.
As mentioned in Dark Reading's Twitter DNS hijack article, the attack would have had much more serious consequences if the impostor site held a replica of the Twitter site in order to harvest user credentials. And since we all know how often people use the same password on multiple sites, that would spell disaster for many people.