Slashdot Mirror
GoDaddy Accounts Vulnerable To Social Engineering (and Photoshop)
itwbennett writes: On Tuesday, Steve Ragan's GoDaddy account was compromised. He knew it was coming, but considering the layered account protections used by the world's largest domain registrar, he didn't think the attacker would be successful. He was wrong. Within days, the attacker gained control over Steve's account just by speaking to customer support and submitting a Photoshopped ID.
... is the name of a domain name I searched for on their site to see if they'd bite.
A few years ago I thought I'd buy a domain for myself. Went and searched for it on their site. NEVER DO THIS.
It wasn't taken.
I ummed and aahed and slept on it.
I came back. It was taken. By Domains By Proxy LLC. Who are owned by GoDaddy.
It seems to have been sold on to another speculator, unless Afternic are them too. (I just checked. Afternic were bought out by GoDaddy in 2013).
I own the .co.uk variant of it now. I used GANDI, who by all accounts, are not wankers.
So, if you want a domain, be prepared to buy it on the spot if it's available. And use a registrar who aren't arseholes.
If somebody does that and removes money from your bank, the bank is going to have to show it was really you, or that there was sufficient authentication by a route you agreed to. A conversation with a bank employee and a photoshopped ID are not going to be considered sufficient authentication. If it turns out the bank was liable, it is going to have to restore the money, and it will be able to do so. Recovering the money fraudulently taken from the bank is, after that, the bank's problem.
There have been cases where stolen domains (where the evidence is clear) are never returned. It seems to depend on the registrar, and that's a good reason not to use GoDaddy.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes