App.net cofounder Bryan Berg noticed that LinkedIn was DNS-hijacked tonight and that traffic was rerouted to a shady India-based site, http://www.confluence-networks.com.
According to Berg, that site does not require SSL (secure sockets layer), which means that anyone who visited in the last hour or so sent it their long-lived session cookies in plain text … a potential security risk.
DNS hijacking is the process of redirecting a domain name to a different IP address. IP addresses are strings of numbers that identify a server, but they’re long and hard to remember. The DNS system allows us to use simple, easy-to-remember , and it then translates them to IP address like 216.52.242.86.
(You can also use that IP address, by the way, in your browser.)
You can hijack a company’s DNS on the client side by hacking individual computers’ network configurations and on the Internet side by hacking a DNS server — or by installing a rogue DNS server that masquerades as a real DNS server. Alternatively, if you can access a company’s domain records, you can change the IP address associated with that company’s web services.
DownRightNow shows that LinkedIn had a service interruption from about 6 p.m. tonight and lasting until now.
However, I’m able to access the actual LinkedIn service right now, so the site must be up and available for at least some users, or maybe the DNS hijack has only affected a percentage of users.
No comments :
Post a Comment