The Daily Item, Sunbury, PA


August 30, 2013

How Twitter dodged website attack that took down New York Times


Bloomberg News — "There are still a lot of sloppy practices," Pescatore said. "There's a lot of room to raise the bar."

Because Twitter, based in San Francisco, monitors its DNS information in real time and had implemented a registry lock, it was better prepared than the New York Times, according to HD Moore, chief research officer at Rapid7, a Boston-based security firm. Since the attacks, many other companies have moved to institute similar safeguards, he said.

Twitter has had its DNS records hacked before. The company acknowledged in 2009 that its DNS records were compromised by hackers who defaced the site with a message about Iran. Jim Prosser, a spokesman for Twitter, declined to comment on the company's security measures.

A vast system that underpins how computers locate one another, DNS is often called the phone book of the Internet. In 2008, Dan Kaminsky, a security researcher, uncovered a flaw in the system that would let hackers easily impersonate legitimate sites. He worked with technology companies to fix it. The finding prompted several companies that process financial transactions online to adopt additional security measures to ensure their domain information is secure, while others stayed on the sidelines, according to SANS's Pescatore.

NeuStar and VeriSign, another provider of registry lock services, declined to identify the companies using its registry lock services. Danny McPherson, chief security officer of VeriSign, said in a statement that the technology gives customers more control over who can change information.

Eileen Murphy, a spokeswoman for the New York Times Co., said the newspaper is looking at additional measures.

"In light of this attack and the apparent vulnerability even at what had been highly secure registrars, we are tightening all of our security," she said.

Jay Nancarrow a spokesman for Google, declined to comment on the company's security. The company's Palestine site itself wasn't hacked and Google is talking with the domain manager to resolve the issue, he said.

Text Only