Forwarded from: security curmudgeon 

---------- Forwarded message ----------
From: security curmudgeon 
To: Declan McCullagh 
Cc: Fyodor 
Date: Tue, 30 Jan 2007 03:05:47 -0500 (EST)
Subject: myspace, godaddy and the ongoing trend


Declan, feel free to post this to Politech if you wish. Late night 
ramblings from a curmudgeon, nothing more.

--

One thing that many people seem to be missing with this entire story is, 
"why seclists.org?" The full-disclosure mail list [0] is archived on 
*hundreds* of web servers around the world [1] and even has corporate 
sponsorship [2]. Was the official archive of the mail list [3] 
threatened? Or was Fyodor and seclists.org threatned because that site 
is the first hit on Google if you search for "full disclosure mail list 
archive"? Did MySpace bother to contact the registrar of the second hit 
(neohapsis.com) over their archive [4]?

I bring this up because once again I am in the middle of a legal threat 
to remove content off a domain I help manage [5]. At the moment, the 
full content of the legal threat and my reply have not been published 
like previous threats [6] but they will in the near future. Like 
Fyodor/seclists.org, the law firm and company threatening to sue us over 
publishing material hasn't contacted any other site hosting the same 
information currently (yes, we've asked). We do know they have sent 
legal threats in the past to two other sites who run the same type of 
resource [7], both of which instantly caved in and removed the content 
without considering the implications (to the integrity of their 
resource, or the validity of the legal threat).

I'm definitely not a lawyer, but if a company wants to protect its 
interests, doesn't it have to make a marginal effort to contact the 
people/sites allegedly infringing upon their rights? Or is that how 
these law firms are operating these days? Threaten the first hit on 
Google, get them to cave in and then use that action as a basis for 
claiming your argument has merit in subsequent legal threats. That is 
certainly what the lawyer who contacted us is doing. In his second mail 
he cites that other sites have removed the material and so should we. 
This seems like a vicious snowball effect that allows a legal firm to 
systematically threaten and stifle free speech, regardless of any legal 
or ethical merit.


jericho
attrition.org


[0] https://lists.grok.org.uk/mailman/listinfo/full-disclosure
[1] http://www.google.com/search?q=full+disclosure+mail+list+archive&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official 
[2] http://secunia.com/ 
[3] http://lists.grok.org.uk/pipermail/full-disclosure/ 
[4] http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0282.html 
[5] http://attrition.org/ 
[6] http://attrition.org/postal/legal.html 
[7] http://attrition.org/dataloss/ 


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn