Comments on: GoDaddy Security update

By: And how do you store my password? | ashishb

And how do you store my password? | ashishb — Sun, 15 May 2011 21:02:34 +0000

[...] using a key whose access is presumably more limited than encrypted data itself. But this can freak out tech-savvy people and is also bad, since if any employee who is able to get to see the password [...]

By: Papa est là ! | Linux-backtrack.com

Papa est là ! | Linux-backtrack.com — Mon, 24 Jan 2011 16:49:07 +0000

[...] lendemain, je lisais l’update sur le blog. Il est dit : « it reached the ears of the GoDaddy [...]

By: JasonGiedymin.com » Blog Archive » Trust your host?

JasonGiedymin.com » Blog Archive » Trust your host? — Tue, 08 Jun 2010 16:47:20 +0000

[...] finished reading an article from slashdot in which a user caught GoDaddy trying to log on to his box… with his password. [...]

By: Anonymous

Anonymous — Fri, 26 Feb 2010 22:36:45 +0000

Since this is a Virtual Private Server giving the administrator who owns the real server root is not outlandish… You've given up your security to those who have physical access to the machine.

By: Anonymous

Anonymous — Fri, 26 Feb 2010 11:04:31 +0000

Get back to work ppl. Or are all of you out of work these days and troll blogs 24/7?

By: IsCyborg

IsCyborg — Thu, 25 Feb 2010 23:29:43 +0000

One concern with the retrievable password storage – if you use the same password for your GoDaddy account as you do for anything else, such as your e-mail account, a snoopy CSR could potentially access it.

By: Anonymous

Anonymous — Thu, 25 Feb 2010 17:13:06 +0000

How much do you want to bet that they put all those encrypted passwords on a server connected to the Internet? They didn't brag about the server being offline, so it's probably, stupidly, online.

By: Anonymous

Anonymous — Thu, 25 Feb 2010 15:31:59 +0000

The farther back you read on GoDaddy, the funnier this gets. These fools actually advertise the security solutions they put in place!!

http://www.webhosting.info/news/1/godaddy.com-boosts-web-hosting-security_0531069043.htm

Ah tippingpoint… now we know what's looking for us.

Great job there, Mr. SEE-ESS-OOO

By: Anonymous

Anonymous — Thu, 25 Feb 2010 14:23:06 +0000

Wow. Big self-inflicted black-eye for the guy who writes this security blog — I can't imagine any serious employer hiring you after this incident. Hope GoDaddy paid you off darned well.

Giving GoDaddy you root passwd is like giving your house-key to your cleaning service. This works for some people: you get your house cleaned on a regular basis, and it gets done when your not home, so it doesn't intrude into your lifestyle. If you trust your cleaning service, its great. If you are paranoid, have valuables in your house, or happened to hire a cleaning service that's been infiltrated by the mob, you are SOL. If you live in a bad neighborhood, and your cleaning lady gets mugged, you are SOL. If your cleaning service hires a juvenille delinquent, your SOL. If they're not bonded, you're SOL. There's a whole mountain of failure scenarios that open up when you allow others to have too much access to your house. Same deal with godaddy — myself, I'd be wayyyy too paranoid to put up with that, and I can't even begin to imagine the lifestyle of a self-proclaimed security expert who thinks this is acceptable.

FWIW, My webservers have been getting SSH passwd-guessing attempts 24×7 for the last decade. Usually from China, often from eastern europe, but also California, you name it — there are script kiddies running ssh-passwd-guessers all over the planet. With that track record, ain't no way I'd let any godaddy employee anywhere near my machines. Your just setting up to get trojaned. Lots of luck w/ life…

By: Anonymous

Anonymous — Thu, 25 Feb 2010 13:17:08 +0000

Holy crap. This is the security leadership of GoDaddy? Mommy, I'm afraid.

http://twitter.com/ngwarner
http://valleywag.gawker.com/361399/go-daddy-defrauds-customer-google-defrauds-go-daddy

Oh. My. God.