security GoDaddy accounts vulnerable to social engineering and Photoshop

[TheWatcher]

GoDaddy’s layered verification protections defeated by a phone call and four hours in Photoshop. I have some domain names, over hundreds of them in my GoDaddy account.
http://que.com/2015/03/19/godaddy-accounts-vulnerable-to-social-engineering-and-photoshop/

 

[RapidNames.com]

it was lengthy post but still interesting to read..

we have godaddy staff here @ NP. let we wait for his reply...

 

[Hybrid Names]

just curious two step verification is not available in india ...why ?

 

[Name Trader]

This was a very interesting read. Well worth it. The OP suggested that Network Solutions might have been better because you have to fax your id's into them. This is a fallacy. If you try to fax your details to NS, all you get a ringing tone. It never picks up the phone. I tried for 5 days. In the end, I had to contact support, and tell them their fax wasn't working, at all. They gave me an email address to send the documents to. So any perceived benefit from using the fax, went straight out the window.

I would have commented this on the article, but didn't find any way to post comments.

 

[Dave_Z]

just curious two step verification is not available in india ...why ?

Probably because Go Daddy is trying to find a provider in India with acceptable mobile roaming fees between countries.

 

[Hybrid Names]

Probably because Go Daddy is trying to find a provider in India with acceptable mobile roaming fees between countries.

yes but they can provide two step email verification

 

[Kate]

It's sad, but it's nothing new at all. Remember how sex.com was stolen back in 1994 ?
Social engineering is also the modus operandi of scripts kiddies like Syrian electronic Army.

It works...

 

[DubDubDubDot]

There is a way they could eliminate 100% of these type of domain thefts.... Offer account holders the option of turning off email and phone password resets and instead send out a snail mail letter that must be signed for. There would be an extra fee for this type of reset of course.

 

[Acroplex]

The only way to combat domain theft is to change the way domains are owned. I've explained how this would work here: http://acro.net/blog/domains/domain-ownership-hot-topic-icann-51-conference-los-angeles/

 

[Lite]

Now they have 2 factor authentication with SMS text code. It would be nice if they implement Google authenticator.

 

[homebuyer]

Adding a big "Transfered, Deleted, and Not Renewed Domains" history button in one's Godaddy account would help account holders know if someone has stolen domains from them.

 

[TheWatcher]

Actually that's a good idea.