MySpace And GoDaddy Shut Down Huge Archive Of Security Mailing Lists

from the silly-companies dept

Rich Kulawiec writes in to point out that, a site that archives various security-related discussion email lists (and run by Fyodor, author of nmap, and generally well-known within the security realm) was yanked offline completely yesterday thanks to a bogus complaint from MySpace to the registrar/hosting company Fyodor used, GoDaddy. It seems that MySpace was freaking out that yet another big list of MySpace usernames and passwords had leaked (and spread all over the net). So, they went into damage control mode. A few copies of the MySpace list had been mailed to one of the security mailing lists archived as Seclists, and rather than simply asking that they be removed, MySpace went straight to the hosting company to get the entire domain turned off -- which GoDaddy did without question (or giving Fyodor a chance to appeal). In other words, they shut down a huge domain full of useful information that was used by a lot of people, over one complaint on some information that is widely available all over the internet. Fyodor also notes that these types of bogus requests to hosting companies and registrars are only increasingly lately. It seems like there may be an opportunity for a registrar hosting company to advertise that they don't wilt at the first sign of legal language, and at least give their customers a chance to respond.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Rich Kulawiec, 26 Jan 2007 @ 7:48am

    Re: dude

    You've missed multiple points here.

    The URL of the entire username/password list was posted to a PUBLIC
    mailing list with multiple PUBLIC archives, of which Fyodor's is only one

    At that point, the game is over. There is no point in even thinking
    about trying to suppress the information by any means. It's in the wild,
    and no posturing, threatening, or anything else will undo that.

    The only things that can be done are (a) to notify the affected users
    (b) to change their passwords -- don't wait for them to do it --
    (c) to figure out how this was done and take steps to avoid a repeat
    (d) to alert all MySpace users, since nothing guarantees that the list
    in question included *all* compromised accounts and (e) to publicly
    apologize for the problem.

    Shooting the messenger, as MySpace did with GoDaddy's collusion,
    simpy reveals their own incompetence and lack of comprehension.
    It's thus hardly surprising that this is not the only security issue
    they have.

    And now they have -- by their very ill-advised handling of
    this incident, especially given Fyodor's well-deserved standing in
    the community -- sent the message to all security researchers that
    they are much better off NOT reporting or discussing any problems
    with MySpace publicly.

    This is an amazingly stupid move. They *might* be able to undo
    the damage if they issued an unconditional public apology to Fyodor,
    in which they admit that they were completely wrong, AND in which
    they offer to pick up the tab for his expenses in moving. But I doubt
    that will happen.

    Pity. Perhaps one day, when they've reaped what they've
    sown, they will learn.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.