Comments are now closed due to spamming and personal attacks.

Twitter: https://twitter.com/huffpoclub

Breaking News

Twitter, AOL lock down URLs in wake of New York Times hack

Posted on Thursday, 29th August 2013 @ 04:46 PM by Text Size A | A | A

As the New York Times tried to wrestle back control of its website, AOL Inc. and Twitter Inc. quickly locked down parts of their own slate of domain addresses. But many other major websites continued to maintain limited security Wednesday morning.

The Syrian Electronic Army hacking group claimed responsibility for a hack Tuesday that sent some visitors of www.NYTimes.com to a hacker-controlled website. The hackers had secured the log-in information for a U.S. sales partner of domain name registrar Melbourne IT and then used the information to breach the company’s administrative interface. Once inside, they were able to change two strings of text that caused those trying to access the New York Times website to be redirected elsewhere.

Other companies that had their records stored with Melbourne IT, including AOL, Cisco, McAfee and Twitter, were also vulnerable, according to HD Moore, chief researcher for cybersecurity firm Rapid7.

“As details start to emerge about how the Twitter and NYT domains were modified, the practice of applying a ‘Registry Lock’ is being touted as a defense, and given as the reason why Twitter.com itself was not hijacked,” Moore said in a note Wednesday. “Although Twitter.com did have a lock in place, at the time of the attack, many large-brand domains were hosted with MelbourneIT and were not locked.”

To make changes to a locked domain, website owners must take a series of steps to authorize updates to a URL such as nytimes.com. Had the URL been locked, the hackers would also have needed the newspaper’s log-in credentials.

“It takes longer and is more complicated to make changes,” Bruce Tonkin, chief technology officer for Melbourne IT, said in an email.

Moore, the researcher, said the following sites were among the ones that had been locked down: AOL-owned Huffingtonpost.com, Mapquest.com, Patch.com and Techcrunch.com; Twitter-owned Tweetdeck.com, Twimg.com, Vine.co and T.co; and Starbucks.com.

But Moore still found several unlocked domain names. Some of the ones identified and verified by The Times included: Adobe.com, Barnesandnoble.com, Cisco.com, Discovercard.com, Mcafee.com and Victoriassecret.com.

Cybersecurity analysts have warned in the wake of this week’s issues that hackers with different aims than the Syrian Electronic Army could cause more damage.

The Syrian hackers redirected NYTimes.com to a webpage that could have led viruses to be downloaded to visitors’ computers, but their website was quickly shut down by Internet service providers. The hackers said their goal was to share a message in support of the Syrian government rather than infect computers.

Meanwhile, the Syrian hackers continued to target Melbourne IT after the company blocked their initial unauthorized access.

“I presume that because we have locked the hacker out of the account they had used to hijack the media sites — they have just been looking for opportunities to have a go at us,” Melbourne IT’s Tonkin said in an email. “So they are running port scans and trying to find anything they can.”

They did find a vulnerability in “a server housed in a separate data center from our main domain name registration systems,” Tonkin said.

They exploited the security hole to hack a defunct blog that Melbourne IT had set up a while back.

Tonkin said the blog website was shut down and that the company plans to “scan any other old servers at this remote data center site (which is mainly used a disaster recovery site) for security holes.”

“We operate several thousand servers at various levels of security, and they found an old server that is not currently being used or kept up to date with security patches,” he said.

Related News On HPUB:

  • Last Call to be the World Leader in Outer Space. by Daniel Bruno

    Last Call to be World Leader First posted: 03/18/2010 at Huffpo “Where is that moon, that leads to your soul?” – Aromabar     Legend has it that Kaguya descended from a race of moon…

  • Electoral Science: The Winner of the 2016 Election Will be a Republican

    Originally published at Washington’s Blog in April, 2016   by Daniel Bruno   Electoral Science: The Winner of the 2016 Election Will be a Republican I was the first person in the world to proclaim…

  • Report from Rio

    Report from Rio Daniel “No Passport” Bruno, reporting from Rio de Janeiro. Daniel is from Manhattan, is an author, inventor, specialist in 9/11 studies, and the interview host at www.hpub.org which publishes over 1000 censored…

  • The New Common Sense. by Daniel Bruno

    Americans need to retire the two party system. Congressional approval ratings hover around 8% yet most members are re-elected over and over again. The old definitions of liberal and conservative, left and right, no longer…

... post your own so far 0 comments

Comments

No comments yet.

Leave a Comment

You must be logged in to post a comment.

 
  • Hpub asks

    • Will Trump Survive to January 1, 2018 ?

      View Results

      Loading ... Loading ...
  • Breaking News