Hackernoon logoThe GoDaddy Hack Would've Been Impossible In The Dappy System by@fabcotech

The GoDaddy Hack Would've Been Impossible In The Dappy System

Raphael Hacker Noon profile picture

@fabcotechRaphael

Building Dappy, a ultra-secure no-DNS and no-CAs first of its kind web browser.

Dappy is a first of its kind open source web browser and name system that addresses at the same time the structural flaws of the Domain Name System, and the inevitable vulnerabilities of private corporations.

It is currently being built and improved to unlock never seen levels of trust, accessibility and peacefullness for running a website on the internet.

Giant registrar gets compromised … again

Around April 2020, many GoDaddy employees were tricked, and transferred ownership of over 6 targeted domain names to hackers. It was also disclosed this year (2020) that GoDaddy was compromised and exposed 28.000 domain names to the same vulnerabilities in 2019, including critical websites like cryptocurrency exchange liquid.com and payments service escrow.com.

The Domain Name System (DNS) is built upon the idea of splitting domain names management to unique private corporations. You can’t own and manage by yourself, therefore you’ll have to go through a registrar like GoDaddy, who will manage it for you. GoDaddy itself manages around 55 millions domain name, giant corporations naturally became attack targets.

DNS root servers also are critical services, Verisign is the company responsible for DNS lookup requests addressed to .com, .net and .name
websites, it sits behind GoDaddy in the chain of trust, although it is
as vital as the registrar for your website.

The main point is that by owning a .com domain purchased on GoDaddy your website will have a vital relationship with GoDaddy or Versign. Either company could potentially be compromised, and as a result, your website would instantly be compromised as well.

Private corporations will always be vulerable, simply because humans run it, and humans make mistakes.

The dappy system

The dappy system removes the need to trust unique private corporations to expose a website to the internet, it specifically addresses this critical issue of confiding DNS managmenet to a chain of trusted and vulnerable companies.

When you own a name (equivalent of DNS’s domain names), you own it as a resource on a public database (blockchain) no one except you can manage, update, or sell.

There are many corporations equally responsible for responding to lookup requests, instead of single ones like in the DNS (Verisign Inc, Donuts Inc or Uniregistry). We mean the following: the browser that is asked to resolve shampoo to an IP address (dappy names don’t have extension) queries simultaneously many independant corporations instead of a single one, it also requires all the responses it receives, or a large portion of them, to be the same.

This mechanism is called multi-request, a corporation may be compromised, it does not really matter because the browser will query 5, 10 or 15 companies, and instantly flag the response different from the others as unusual or suspect. If there is a large portion of suspect responses, let’s say 4 out of 10, the browser can decide not to tolerate this level of uncertainty, not reach the IP address at all and display an error message.

The dappy system includes many other security features, it works with a dedicated open source browser available on the 3 major desktop platforms. We specifically targets websites and companies in the search for new and disruptive tools and ideas. If you want to read more about dappy, lease visit the website and join the discord community.

https://dappy.tech

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.