Conversation

Notices

1. Blaise Alleyne (balleyne)'s status on Thursday, 30-Jan-2014 17:11:08 EST Blaise Alleyne
   "By taking over my GoDaddy [account], my attacker was able to control my email." Domain registrar as weakest link... http://ur1.ca/giusc
   • lnxw37 (lnxwalt on quitter) (lnxw37)'s status on Thursday, 30-Jan-2014 18:14:57 EST lnxw37 (lnxwalt on quitter)

     in reply to
     @balleyne In some ways, domain registrars are 2nd weakest links. The corrupt certificate authorities system is the weakest link.
   • Blaise Alleyne (balleyne)'s status on Friday, 31-Jan-2014 01:08:09 EST Blaise Alleyne

     in reply to

     • lnxw37 (lnxwalt on quitter)
     @lnxw37 but a CA attack couldn't directly hijack your personal email and all your social media accounts with it
   • lnxw37 (lnxwalt on quitter) (lnxw37)'s status on Friday, 31-Jan-2014 07:51:50 EST lnxw37 (lnxwalt on quitter)

     in reply to
     @balleyne True. But a CA attack could trick you into giving all needed info (and more) directly to the attacker.
   • Blaise Alleyne (balleyne)'s status on Friday, 31-Jan-2014 12:07:55 EST Blaise Alleyne

     in reply to

     • lnxw37 (lnxwalt on quitter)
     @lnxw37 yeah, very true. Thing that scares me is, while CA attack takes skill/privilege, registrar attack was just via clever phone calls.
   • cross (cross)'s status on Friday, 31-Jan-2014 15:36:16 EST cross

     in reply to

     • lnxw37 (lnxwalt on quitter)
     @balleyne @lnxw37 the phone calls are still executed skillfully. Unless the GD phone people are just that bad.
   • Blaise Alleyne (balleyne)'s status on Friday, 31-Jan-2014 15:40:49 EST Blaise Alleyne

     in reply to

     • cross
     • lnxw37 (lnxwalt on quitter)
     @cross @lnxw37 true, but the barrier to entry is so low. Anyone could try a social engineering attack. Not just anyone could compromise a CA