MySpace and GoDaddy Shut Down Security Site

Several readers wrote in with a CNET report that raises novel free-speech questions. MySpace asked GoDaddy to pull the plug on Seclists.org, a site run by Fyodor Vaskovich, the father of nmap. The site hosts a quarter million pages of mailing-list archives and the like. MySpace did not obtain a court order or, apparently, compose a DMCA takedown notice: it simply asked GoDaddy to remove a site that happened to archive a list of thousands of MySpace usernames and passwords, and GoDaddy complied. Fyodor says the takedown happened without prior notice. The site was unavailable for about seven hours until he found out what was happening and removed the offending posting. The CNET article concludes: "When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: 'I don't know... It's a case-by-case basis.'"

GoDaddy probably complied...

[mhazen]

....because Rupert Murdoch would have just bought them and fired the people who questioned whether NewsCorp has the right to restrict freedom of information.

And, by the way, I hope GoDaddy's reading this. I'm moving my domains away from you because of your lackadaisical approach to our constitutional rights.

Re:Overkill

[DBCubix]

Let's post some usernames and passwords on MySpace and ask for their domain to be taken down. It only sounds fair.

not an intelligent move..

[sanimalp]

The LAST thing in the world i would want to do as a registrar, or ANY web based business for that matter, is to piss off a bunch of hackers. I think karma might prevail on this one.

Re:Overkill

[Dimentox]

Sounds great, You start by posting yours.

Re:Case by case basis

[Original+Replica]

""We have no backbone. We obey power."

So we should change the name to "YesDaddy".

Overkill is an understatement

[A+beautiful+mind]

It should be downright bloody illegal to do what Godaddy did. Or if not illegal, it should have serious repecussions for them as a registrar up to the point of dropping their registrar status.

Besides, Myspace's effort was entirely useless. Those usernames/passwords were already compromised, Fjodor's site was just one that had it from the many places it can be found. The sensible thing would have been a forced password reset for the users involved not trying to coerce a registrar.

My position is that unless a legal, court ordered action is forced on the registrar, it should be forbidden to drop anything. And in the case there is content that shouldn't be public on the site, that is a _hosting_ issue not a domain issue. Go bugger the hosting company with legal documents.

Unconscionable

[gellenburg]

1. Unconscionable: How I feel about this whole matter. Completely unconscionable that GoDaddy could or WOULD do anything like this.

2. 142: The number of domains I have registered with GoDaddy.

3. $1500: Roughly the annual amount I pay for my domains to renew them each year.

4. 48: The number of hours I have allotted myself this weekend to transfer each and every one of them AWAY from GoDaddy to someplace like NameCheap.com or DomainMonitor. Haven't decided yet.

5. True: Boolean value for whether or not I am pissed-off.

6. Very Much: The level of item 5, above's, value.

Re:Overkill

[Scott+Lockwood]

0) Take responsibility for your security being laughable, fire the people responsible, and secure your own shit before flinging it at others?

Hmmm.......

HERE IS A LINK FROM GOOGLE : FULL LIST

http://archives.neohapsis.com/archives/fulldisclos ure/2007-01/0282.html

now please shut down google?

oh I see, they are corporate and fydor is the little guy, I forgot!!!

GoDaddy Response

[godaddyabuse]

I am Ben Butler, the Director of Network Abuse at Go Daddy and I want to personally address your posts regarding SecLists.org. As we have said to our customers - Go Daddy is committed to keeping the Internet a safe place. If there is material online that is jeopardizing Internet safety, we will take necessary action. In this case, Go Daddy attempted to contact the customer with regard to a large list of MySpace user names and passwords which appeared on his Web site. The registrant was not available at the time. In order to protect users of MySpace from the risk of having private data revealed, we removed the site until we could make contact with our customer. Once we were able to discuss the issue with the registrant, he assured us he would remove the offending material and we re-enabled his site while he was on the phone. The site was back up within one hour. In each case like this, my department follows a set of operating procedures evaluating whether to remove hosting content or to redirect domain names. The decision is carefully made on a case-by-case basis. Most times, the site is left as is. An important issue I would ask you to consider is one that is a top priority for us at Go Daddy - child exploitation or even the potential for it. I don't know of any parent who wouldn't want their child's username and password protected. Ben Butler Director of Network Abuse The Go Daddy Group, Inc Abuse@GoDaddy.com

Re:GoDaddy Response

[Fulcrum+of+Evil]

As we have said to our customers - Go Daddy is committed to keeping the Internet a safe place. If there is material online that is jeopardizing Internet safety, we will take necessary action. I

That's not your damn job! You are a registrar. If you take it upon yourself to police the contents of the sites in your registry, what happens when you get sud for failing to do so? Go do your job and stop trying to police things that are none of your business.