Reg'd with Go Daddy ? be careful all it takes is Photoshop and a phone call

dbit · 01-04-2015 8:31am #1

http://www.csoonline.com/article/2898128/disaster-recovery/godaddy-accounts-vulnerable-to-social-engineering-and-photoshop.html?utm_source=linkedin&utm_medium=social&utm_content=Oktopost-linkedin-group&utm_campaign=Oktopost-Godaddy

dbit · 01-04-2015 8:32am

Same would probably work against Blizzard and the likes , Dab hand at the aul watermarks in photie siopa.

AnCatDubh · 01-04-2015 12:15pm

I often wondered what the point was in giving scanned identification if you were not going to verify or hadn't the capacity to verify that with the issuer of said verification. Ok, a physical document of a type might be discernible/identifiable through the various watermarks and document features that they command (if you were going to the bother of same) but if you are accepting a scan/copy of a photo id as verification it doesn't say much for your security processes where you have no capacity to verify.

Also of note the last line of the story and GoDaddy's response - rather than recognising that a problem had occurred, and they were immediately implementing measures to minimise clients exposure they come out with a smarmy albeit I gather factual statement and threat;

Falsifying government issued identification is a crime, even when consent is given, that we take very seriously and will report to law enforcement where appropriate

dbit · 01-04-2015 12:55pm

AnCatDubh wrote: »

I often wondered what the point was in giving scanned identification if you were not going to verify or hadn't the capacity to verify that with the issuer of said verification. Ok, a physical document of a type might be discernible/identifiable through the various watermarks and document features that they command (if you were going to the bother of same) but if you are accepting a scan/copy of a photo id as verification it doesn't say much for your security processes where you have no capacity to verify.

Also of note the last line of the story and GoDaddy's response - rather than recognising that a problem had occurred, and they were immediately implementing measures to minimise clients exposure they come out with a smarmy albeit I gather factual statement and threat;

Spot on I'm just playing devils advocate .

BoB_BoT · 01-04-2015 5:27pm

I too never understood why a company would accept a scan / photo of an ID as proof of who you are. A little bit of Photoshop sorts out any pesky issues such as, real photo, name, ID number.

I used a games website a few months back to buy a heavily discounted game. I paid for it with credit card, went to credit card providers authentication site, even after this they were still looking for ID as proof of who I am.... absolutely silly.

But what was even better, they wanted me to take a picture of my ID with me in the picture, i.e. a selfie with my ID, ha! A bit cleverer, but still doesn't stop someone with a bit of photoshop skill to sort that one out.

anvilfour · 17-04-2015 11:59am

AnCatDubh wrote: »

I often wondered what the point was in giving scanned identification if you were not going to verify or hadn't the capacity to verify that with the issuer of said verification. Ok, a physical document of a type might be discernible/identifiable through the various watermarks and document features that they command (if you were going to the bother of same) but if you are accepting a scan/copy of a photo id as verification it doesn't say much for your security processes where you have no capacity to verify.

Also of note the last line of the story and GoDaddy's response - rather than recognising that a problem had occurred, and they were immediately implementing measures to minimise clients exposure they come out with a smarmy albeit I gather factual statement and threat;

Who would they report it to?

Reg'd with Go Daddy ? be careful all it takes is Photoshop and a phone call

Comments