Page 1 of 1
Basic Security Holes
Posted: Fri Dec 01, 2006 1:30 pm
by tarrigo
I currently was asked by someone why godaddy.com might have sent them an email saying their site was vulnerable. I was a little baffled after looking at the site because it does not use a database, there are no login areas, no request forms, it is just information and graphics. Are there some really basic security issues that people know of that someone could briefly mention. I don't need in-depth explanations, I can do searches and find out the rest. Just want to see if there is something I am not aware of.
Posted: Fri Dec 01, 2006 1:44 pm
by feyd
It likely has to do with either XSS or XSRF or some other silly acronym thereof. Without knowing more detail, it's difficult to say but as long as the site uses static pages, it's typically harder to do much of anything truly vulnerable.
Posted: Fri Dec 01, 2006 2:02 pm
by Luke
who knows... godaddy (as well as a lot of other tech-related bargain sites) likes to scare their customers who aren't so tech-savvy with things like "Your information is publicly available via whois - would you like to pay us to hide that information?" and things like that. You might ask them what exactly the email said.
I agree
Posted: Fri Dec 01, 2006 3:14 pm
by tarrigo
That was one of my first questions, in terms of whether or not the email followed with some type of sales pitch. They said no, but I know that if godaddy has any type of basic marketing savvy that they have planted a nice seed in your head that will keep you up long enough at night to make you go and ask them for help or a possible resolution to the problem. Of course $$$ signs will follow.
Nonetheless it worked because I am here taking time to look into it. I may not have designed the site, but I am being propositioned to see if I can find anything out.
Posted: Mon Dec 04, 2006 11:27 am
by bobby9101
sounds like a spoof email to me.
godaddy doesn't care about it's clients sites... unless it is illegal