If you are a twitter user, how many times have you seen the above image? Well if you do use twitter regularly, chances are that you would have noticed it in several cases.

In an age, where we are talking about high quality computer security software & encryption software, hack attacks on twitter are major cause of worry for its 45 millions users.

Let us look at some of the reasons that led to Twitter’s breakdown !

The Cause

The hijackers defaced twitter by temporarily compromising twitter’s DNS records. Following screen grab shows the DNS hijacking as recorded via the PassiveDNS systems. The host www . mowjcamp . org was hosting the defacement.

While on one side, we can blame twitter for not being awake to the situation at the same time, part of the crisis can also be attributed to volumes of noise being contributed by the users.

There have been hacker attacks on the domain name system (DNS) servers that enable access to Twitter’s website disrupted service for many users, which directed them instead to a web page declaring “This site has been hacked by Iranian Cyber Army.” In the wake of the attack, which was fended off within hours, many fingers are being pointed at Twitter’s DNS provider, Manchester, NH-based Dyn Inc

Twitter will need to try and find the root cause of the denial-of-service attack, or more importantly build a more robust infrastructure with controls in place to withstand future DoS attacks.

Today’s article on Mashable highlights Twitter’s explanation on recent phishing attacks. Twitter blamed the outage on changes made to the company’s DNS (Domain Name System) records, which had matched the domain name with the IP addresses of its servers.

On its status page, Twitter said, “Twitter’s DNS records were temporarily compromised but have now been fixed. We are looking into the underlying cause and will update with more information soon”.

Stopping the problem

It is not that folks at twitter are not doing anything to stop this issue:

1. Recently, twitter has  a security upgrade – which disables links to hacker websites.
2. As a user, be careful about what you are posting, it could be a small family picture even. If there is a slightest of doubt in your mind, simply remove the information rather than exposing it to the public world.
3. A larger chunk of security experts say that you cannot stop a DDos attack as it is certainly difficult to respond in real-time to massive server requests from large ranges of IP addresses. However, there are select tools/services which can be utilized for reducing the resolution time. A nice list for the same is available at  – http://staff.washington.edu/dittrich/misc/ddos/
4. If you want to block or stop a DDoS attack, a commonly used tactic is through a network sniffer device which allows observation of offending IP addresses before they it hits your web servers.
5. Again as a user, never use same passwords on all social networks.
6. Like we talked about in Joomla’s case in the last article, be careful while installing 3rd-party twitter applications.

• Previous Entry: RockYou’s Sour Rhapsody
• Next Entry: HITECH fails to live up to data security standards