Social Engineering, Password Reset and DNS Hijack

The DNS provider Web.com has been subject to a Social Engineering attack which allowed a pro-Palestine hacking gang to successfully reset the password of a few important customers, and use the new password to change the resolution of their domain name to other sites. See for example here for a description of the attack.

Again and again, as of today the technical side does not look to be the weak side of  ICT Security. In particular cryptography is sound and reliable, and many technical ICT security products deliver what the promise.

On the other side, username + password show another time how much inappropriate they are to support our current security needs. But what can we use instead?

The general problem lies mostly in our ability to make a system “secure” by including logical, physical and procedural measures to give a 360 degrees protection. Indeed, the security level of a system is that of its weakest point, which for most systems means that they are really insecure.