Thursday, December 25, 2008

Security Risks in GoDaddy Total DNS Control

Web server authentication is an essential element of an organization's trust strategy for e-business. By reliably authenticating web servers to visiting browsers, SSL server certificates help build that trust.

Until recently, GoDaddy, the world's largest ICANN-accredited domain registrar, have been found a security risk in there Total DNS Control panel. GoDaddy Total DNS Control allows user to perform advanced DNS functions, such as changing zone records. But the  latest revision of TDNS is not safe, because they even the use of http access to the Total DNS Control, This is really terrible. As we know http(Hypertext Transfer Protocol) is extremely unsafe. The others can use Sniffer to intercept, view and analyze all of the HTTP traffic between a web browser or any program that uses the HTTP protocol and the web server. Given these factors, many organizations would prefer to manage web server authentication with the RSA Web Server SSL technology application.

Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol and a network security protocol.HTTPS has also been known as "Hypertext Transfer Protocol over Secure Socket Layer"(SSL). An SSL Certificate enables encryption of sensitive information during online transactions. Each SSL Certificate contains unique, authenticated information about the certificate owner. A Certificate Authority verifies the identity of the certificate owner when it is issued.

To fix that security risks in GoDaddy, remember: If you use GoDaddy's Total DNS Control Panel, do not click on the original link to "Total DNS Control and MX Records", that link is unsafe http protocol. To invoke HTTPS, replaces "http://" with "https://" in the Web address. The link is such like this:

https://tdns.secureserver.net/?domain=YourDomainName&prog_id=GoDaddy&type=1

No comments:

Post a Comment