
GoDaddy hack: Miscreant steals SSH login creds after vandalizing server file - notRobot
https://www.theregister.co.uk/2020/05/05/godaddy_ssh_login_details_compromised/
======
tialaramex
Why passwords?

One of the very best things about secsh (the IETF's working groups sometimes
have fun names, hence their group replacing the Common Authentication
Technology is named 'kitten') was that they specifically required Public Key
Authentication as a MUST in the standard.

That doesn't mean everybody's SSH setup actually does public key auth, in fact
since quite intentionally IETF standards have no "teeth" it doesn't even mean
nobody ignores the MUST and refuses everything except passwords, but it does
mean one less excuse.

If you use public key authentication then the bad guys in this scenario only
get a small privacy hole, whereas if you used passwords they learn your
credentials and can impersonate you.

------
mkj
Sounds like "the offending SSH file" modified was sshd, so it captured
passwords that were used for auth to the server?

------
monksy
I wonder if some of the "reopen" sites are in the data.

~~~
josefresco
I like the cut of your jib.

------
gumby
I’m puzzled. They got a load of people’s public keys? So what?

Or they got something that's not clearly described from the article. I don’t
know what “ssh password” is stored in clear text. A private key's passphrase
isn't cleartext and isn't on the server!

------
skilled
It's not like having access to GoDaddy's accounts directly would change
something for this specific hack. 28,000 credentials is a substantial heist
considering the foul play one could achieve with that many (sub)-websites.

It makes you wonder how many hosting companies have never caught up on
backdoors that were added 10~ years ago. For the most part, security these
days runs much tighter than it did in the days of simple PHP shells.

------
iamwil
An unfortunate domain name that didn't learn their lesson from
expertsexchange.com or penisland.com

~~~
dang
This comment was about [https://www.onlinetoolsexpert.com/godaddy-confirms-
data-brea...](https://www.onlinetoolsexpert.com/godaddy-confirms-data-
breach/).

We switched the URL to the article that one points to (and seems to have
cribbed from).

------
hootbootscoot
Now that's a highly respected company that doesn't ever upsell it's crap
services and certainly never plays domain-name games. Lol. Go Daddy stinks.
It's bad. Avoid them. Their entire market gambit is "fool the less technically
savvy while acting authoritative"... I can gossip about them at length if
required, but let's rather not, and say we did. Pretty much any other crap
host will be better, even a 1and1 or something...

