AOH :: PT-1413.HTM

MySpace, GoDaddy pull plug on computer security domain name without warning

MySpace, GoDaddy pull plug on computer security domain name without warning
MySpace, GoDaddy pull plug on computer security domain name without warning



Usually if someone has a problem with a page on a Web site, the Web site 
owner or hosting provider is contacted. YouTube gets nastygrams over 
Saturday Night Live copyright violations. Barney's lawyers send 
nastygrams to Baltimore sysadmins who post photos of plush toys in 
unflattering poses.

And so on. This is the normal order of the universe, and it could be a 
whole lot worse. (The DMCA's notice-and-take-down section could be 
tilted heavily in favor of content owners, for instance.)

This week we caught a glimpse into what a whole lot worse might look 
like. MySpace was upset because a list of some 45,000+ user names and 
passwords were floating around online (I'm guessing because of shoddy 
security practices at MySpace, but I don't know for sure). They were 
posted to a mailing list that's archived at seclists.org, which is a 
kind of list repository. Politech is featured there, for instance:
http://seclists.org/politech/2007/Jan/index.html 

Instead of contacting Seclists.org owner Fyodor Vaskovich, MySpace went 
directly to his *domain name registrar*, which is GoDaddy. GoDaddy 
yanked his site by, as far as I can tell, pushing an immediate update to 
the .org registry to make his domain name invisible. It appears as 
though GoDaddy gave Fyodor just 52 seconds of notice:
http://seclists.org/nmap-hackers/2007/0000.html 

GoDaddy's general counsel Christine Jones defended the deletion when I 
talked to her today, saying it's good corporate citizenship. See:

http://news.com.com/2100-1025_3-6153607.html 
 >When asked if GoDaddy would remove the registration for a news site 
like CNET News.com, if a reader posted illegal information in a 
discussion forum and editors could not be immediately reached over a 
holiday, Jones replied: "I don't know...It's a case-by-case basis."

She was even more blunt in an interview with Kevin Poulsen at Wired 
News, saying 52 seconds of notice in a voicemail was "pretty generous":
http://blog.wired.com/27bstroke6/2007/01/godaddy_defends.html 
"I think the fact that we gave him notice at all was pretty generous," 
she said.

Fyodor has given me permission to post some of the correspondence here 
(note how long it took him to get an answer about why his domain was 
zapped):
http://politechbot.com/docs/fyodor.godaddy.myspace.seclists-1.012507.txt 
http://politechbot.com/docs/fyodor.godaddy.myspace.seclists-2.012507.txt 

-Declan
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/ 
Moderated by Declan McCullagh (http://www.mccullagh.org/) 


Make REAL money with your website!

The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.