Go Daddy, MySpace Lock out SecLists
(Page 1 of 4 )
It’s tempting to say that what we have here is a failure to communicate. When MySpace went to Go Daddy with a request to shut down SecLists.org, it was the beginning of an uproar that observers are still talking about a few weeks later. In this article, I’ll try to sort out the “he said, she said” statements and attempt to spell out the implications.
I’d like to start with what happened -- which is where we quickly start running into those “he said, she said” statements. Social networking site MySpace saw its security breached around mid-January when a list of 56,000 of its user names and passwords hit the net. This list was posted several times to the members of the Full-Disclosure mailing list. The mailing list is devoted to the somewhat controversial idea of disclosing all of the known details of a security problem.
It isn’t clear when MySpace knew its security had been breached, but this reportedly wasn’t the first time it has happened. The information having now found its way onto the Internet, MySpace tried to get the cat back in the bag. A number of web sites archive the Full-Disclosure mailing list. One of these sites is SecLists.org, whose raison d’etre is to archive a number of IT security and other IT-related mailing lists. SecLists.org archived the post from Full-Disclosure that contained the dangerous list as a zipped attachment.
MySpace rightly wanted that list removed. Strangely, though, it didn’t go to the owner of the SecLists.org web site. It didn’t even go to his ISP. Rather, it went to Go Daddy, his domain name registrar, and asked that the site be taken down. It’s important to note at this point that MySpace did not have a court order.
What happened next is a matter of debate. According to Go Daddy general counsel Christine Jones, “We tried to contact the registrant, but they were not available at the time. To protect the MySpace users from potentially having private information revealed, we removed the site.” Jones gives the impression that SecLists.org was down for only an hour, and that the site was promptly restored after the owner contacted Go Daddy’s abuse department. The picture Jones gives is of a registrar acting quickly and responsibly, but not precipitously. She also makes it sound as if Go Daddy might have even been generous in giving any warning, pointing out that the company’s terms of service says it “reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever.”
More Web Hosting News Articles
More By Terri Wells