MBTA's Web site lapses in and out of consciousness due to possible attack on server that links it to the Internet

What PunMonkey got at mbta.com last night.What PunMonkey got at mbta.com last night.

What could be a hacker attack on an Internet DNS server - or a server misconfiguration - is causing problems for people trying to connect to mbta.com. Starting last night, some users have reported being unable to connect to the site or being connected to a "domain for sale" page, although other users report no problems.

MBTA spokesman Joe Pesaturo confirmed this morning the problem is related to problems at a DNS server used by the MBTA. DNS servers act like directories for Internet-connected computers, translating human-like names, such as mbta.com, into the numerical addresses associated with specific Web servers.

Tech Crunch reports LinkedIn and some Fidelity servers have also been affected by the issue.

Confluence Networks, an Indian service provider to whose servers some Web sites were redirected, says:

Note that it has already been verified that this issue was caused due to a human error and there was NO security related issue caused by the same.

Neighborhoods: 

Topics: 

Free tagging: 

    Comments

    Bringing failure online

    By on

    Finally the T is bringing its failures to the digital age. Limiting breakdowns to physical infrastructure is just so old-fashioned. This way you don't even have to live in Boston to enjoy them.

    up
    11

    Yes, how stupid of the T to

    By on

    Yes, how stupid of the T to use the same DNS service as LinkedIn, one of the largest web sites on the planet. They should have known better.

    up
    11

    Perhaps this is what was

    By on

    Perhaps this is what was responsible for 3 dead trains on the Green Line this morning?

    Of course! Uploading a virus

    By on

    Of course! Uploading a virus to the mothership's mainframe has knocked out all the drone vessels and rendered them useless! Haven't you seen Independence Day?

    Just wait until the Green

    By on

    Just wait until the Green Line reaches the internet age circa 1996. Complete with pop up ads and pron.

    This was a massive problem, many domains affected

    Hundreds of domains including usps.com, mbta.com, fidelity.com, and linkedin.com were affected. My employer, who I won't mention here, is still very busy dealing with the fallout.

    The publicly-available details are: last night Network Solutions, the domain registrar for all these domains, suddenly started resolving them all to an IP address belonging to Confluence Networks, which runs sites that gather ad revenue from expired/parked domains. Network Solutions has issued a vague statement claiming it was an error. Confluence denies all responsibility.

    The assertion by Confluence that "there was NO security related issue caused by the same" defies logic. When you have many secure websites being redirected to a non-secure third-party site, that is a security issue. I think Network Solutions' statement that "no confidential data was compromised" is also an overreach.

    up
    11

    "secure websites being redirected"

    By on

    If users accessed https://[their desired domain]/, there would have been no issue, since the domain names on the certificates would not have matched — ideally, only the rightful owner of a given domain can get a certificate registered to it. Unless somehow Confluence managed to procure fraudulent certificates for the domains in question while the domain lookup error was occurring, users would have been safe.

    In theory you are correct

    Ideally, all users would know how to use SSL properly.

    In practice, many (most?) users are not going to be sophisticated enough to notice a man-in-the-middle attack. Many people just type, for example, www.americanexpress.com and rely on the website to redirect them to https://www.americanexpress.com. Even if they do specify https, a man-in-the-middle can redirect them to http. Then they have to be alert enough to realize that the "lock" icon isn't being displayed in their browser.