Get started with App.net.

  Sign up now  
berg
    LinkedIn just got DNS hijacked, and for the last hour or so, all of your traffic has been sent to a network hosted by this company [confluence-networks.com]. And they don't require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext.
    There are 12 new posts
    doctorlinguist
      @berg so glad I pointed and laughed at LinkedIn years back.
      danatnr
        Likewise. >> @doctorlinguist: @berg so glad I pointed and laughed at LinkedIn years back.
        jacksonh
          @berg sales guys everywhere in a panic
          ravisorg
            @berg holy crap, that's huge!
            bryanjclark
              @berg welp, looks like you're #1 on Hacker News now.
              jeff
                Interesting @berg: LinkedIn just got DNS hijacked, & for last hour or so, all traffic has been sent to network hosted by this company [confluence-networks.com]. And they don't require SSL, so if you tried to visit, your browser sent your long-lived session cookies in plaintext
                bioselement
                  @berg What's really cute is their homepage is an abuse report guide. Am I allowed to be more then a little confused by that? >.>
                  briancosta
                    @berg @max One of the reasons why I just never use them. I log in like once every two months.
                    berg
                      To follow up on this thread, it does look like Network Solutions (uber-expensive) managed DNS platform was at fault, as it affected many other domains. I wonder if LI's been in contact with the domain parking service that sunk all their traffic.
                      berg
                        The fact that LinkedIn still doesn't require that all logged-in user activity take place over HTTPS means that individual users are vulnerable to more trivial attacks. This must not seem like a big deal to them either, I guess?
                        sulgi
                          @berg good thing I only go onto LinkedIn like...3x a year.
                          berklee
                            @berg Didn't they lose 6 million passwords earlier? Seems to me they still don't care about that sort of stuff…
                            randolph1
                              [Post deleted]
                              arjankoole
                                @berg why does a place like LinkedIn, with hundreds of engineers, not manage their own DNS?
                                berg
                                  @arjankoole building a robust, globally-anycasted, DDoS resistant authoritative DNS service is very, very difficult. they're wise to pay someone else to do it.
                                  pilgrim
                                    @berg Another reason I'm glad I deleted my account.
                                    samweinberg
                                      @berg They're also phishing their customers' email passwords. No joke. https://news.ycombinator.com/item?id=5900120
                                      arjankoole
                                        @berg a small ISP in the Netherlands had that in 1999. :-) And you can bet those DNSBL's drew some DDoS attacks. We didn't even notice. Nor did we notice the attempted lawsuits.
                                        smartwatermelon
                                          @berg @abraham Wonder if that somehow explains all the weird spammy invites I've been receiving today.
                                          abraham
                                            @smartwatermelon Maybe but those are not unusual.