Twitter Offline Due To DDoS

The elusive Precision dropped a submission in my lap about a DDoS taking down Twitter running on CNet. It's been down for several hours, no doubt wreaking havoc on the latest hawtness in social networking. Won't someone please think of the tweeters? Word is that both Facebook & LiveJournal have been having problems this AM as well.

It's kinda back...

[pdboddy]

My tweets are getting through, albeit slower than usual.

Whoops.

[BigglesZX]

Might it have had something to do with the Twitter-based HTML demo (http://tech.slashdot.org/story/09/08/05/2348219/HTML-5-Canvas-Experiment-Hints-At-Things-To-Come?art_pos=8) that made Slashdot earlier today? The site in question hits Twitter for a large number of tweets, and I imagine a lot of /.'ers were checking it out earlier. I doubt it helped, at the very least...

Re:I Only Use Slashdot Anyway

[bakana]

anyone else thinks this may have something to do with this: http://tech.slashdot.org/story/09/08/05/1555219/XML-Library-Flaw-mdash-Sun-Apache-GNOME-Affected

Cloud? Decentralize

[Bob9113]

Decentralization is the solution to single-link failures.

Cloud is centralization.

JM2C, YMMV.

Oh come on.

[thePowerOfGrayskull]

This is how their "journalists" report news on CNet? FTA - the very last line:

There has been no indication that any of these various attacks are connected. But it's probably not a coincidence that they all coincide with the annual Defcon hacker convention.

You mean the one that ended Sunday? Nice. Real nice.

HTML5 demo

[tom17]

I'm wondering if that HTML5 demo http://tech.slashdot.org/story/09/08/05/2348219/HTML-5-Canvas-Experiment-Hints-At-Things-To-Come?art_pos=8 had anything to do with it. If the normal /. crowd went to the demo, which then in turn loads 100 'tweets' from twitter, is that not equivalent to twitter receiving a 100x slash-dotting?

Tom...

Re:I Only Use Slashdot Anyway

[mini+me]

Normally I would use Twitter to find out why a site is inaccessible, since it is the goto place for up to the minute news. While Slashdot did eventually bring the story forward, it too far too long to be relevant. Twitter was already back online by the time this story appeared on the front page.

Re:Nelson -------

[Dragonslicer]

What's truly disheartening to me is that a formerly relevant news site like cnn.com has it on their front page. Oh CNN, I remember when you used to report actual news...now look what you've become.

Obviously you haven't watched CNN lately, otherwise you would know how dependent they are on Twitter now. Seems like all they do these days is read Twitter messages from viewers.

How Will CNN Survive?!?

[MartinSchou]

Don't they get most of their stuff from Twitter these days?

Granted, I don't watch CNN and get my impression of them from The Daily Show, but judging by that coverage it seems like CNN is reduced to just reading aloud stuff from Twitter.

I'm still waiting for The Daily Show showing a clip showing a CNN host trying to read out "OMG PWNIES!!1!!111oneONE"

Re:I Only Use Slashdot Anyway

[kristjansson]

and mine is this... think about it, every /.er that fired up the test pulled 100-ish tweets simultaneously for the sparkling dot bling on the test page. that would make the site a slashdot-effect magnifier with a factor of about 100...
then again, how many slashdotters actually RTFA?

Re:Give me a break

The funny thing is that nobody used or cared about twitter outside of a handful of nerds until the people in charge of twitter struck on the advertising idea of "convince everyone that everyone is already using it, and it's the most popular thing online". After that, it started being reported on weekly by sites like Slashdot as well as major news sites, until it started getting massive buyout offers.

Honestly, I still don't think that many people care about it. There are a handful of popular bloggers, but I don't think I've ever met a person in "real life" that has twittered for longer than a week. I'm 26, by the way.

A similar strategy was/is used by Second Life, which is why corporations started flocking to it and then realized they'd been duped.

Re:I Only Use Slashdot Anyway

[sverrehu]

I don't know about the new attacks, but I researched a bit after
Gregory Steuck posted about "XXE (Xml eXternal Entity) attack" on
Bugtraq in 2002 (http://www.securityfocus.com/archive/1/297714).

You can easily do DoS attacks on a Java-based thing running on
e.g. Linux if you manage to trick the server into parsing one of the
following two XML documents:

        <?xml version="1.0" encoding="ISO-8859-1"?>
        <!DOCTYPE foo [
            <!ENTITY xee SYSTEM "file:/dev/tty">
        ]>
        <foo>foo: &xee;</foo>

        <?xml version="1.0"?>
        <!DOCTYPE foo SYSTEM "file:/dev/tty">

Both will make the XML parser try to read from the TTY, thus blocking
"forever" waiting for input that never comes. The fun thing is that
it doesn't help to setExpandEntityReferences(false), even though the
name sounds like it would help. The only thing that works (afaik), is
to install a custom made EntityResolver that refuses to look up
external entities. Since nobody does that, this vulnerability may be
found all over the place.

Variations exist for other OS-es and other web platforms as well. I
even found that Adobe Reader was vulnerable once
(http://shh.thathost.com/secadv/adobexxe/), and I recently stumbled
across a similar thing in a commercial web-protecting security
application. (They're working on a fix.)