January 28, 2007

Disturbing: MySpace and Go-Daddy DoS Security Site

This is disturbing story. An evil person doing phishing collected 56,000 MySpace user names and passwords and posted them to the "Full-Disclosure" mail list, which is open "unmoderated mailing list for the discussion of security issues" everybody can subscribe to.

Now, of course the mail list is open and is archived by dozens of sites and of course MySpace could just change passwords for compromised users, but no, they instead decided to shut down one particular security site (seclists.org, why only this one?) that happens to be also archiving the "Full-Disclosure" mail list.

And MySpace wanted to make it done real fast, so not bothering about bullshit like contacting seclists.org site owner or hosting company they contacted the domain name registrar (!) which happens to be well respected (so far) Go-Daddy.com, and somehow convinced them to remove the whole seclists.org domain name from the DNS. Now that's cool.

The site is back on now, but Go-Daddy still defends seclists.org takedown, which smells more and more bad. Go-Daddy used to be my favorite domain name registrar. Now I'm (and probably many others) not sure. It's amazing how Go-Daddy turned MySpace problem into their own problem.

...