Re: [ISN] GoDaddy pulls security site after MySpace complaints

From: InfoSec News (alerts@private)
Date: Tue Jan 30 2007 - 23:10:14 PST


Forwarded from: Times Enemy <times (at) krr.org>

Greetings.

I realize this is old news by now ... but ...

As the author of this article hints, this could be a somewhat legal 
method for performing a fairly effective Denial-of-Service attack 
against a domain, just about any domain, even a highly respected 
security site such as seclists.org.  In this particular instance, i 
would list GoDaddy as the perpetrator of the Denial-of-Service attack, 
with MySpace as the partner in crime. Perhaps this could be an organized 
crime outfit?

So, it seems a new DOS tool may exist, which requires no download, no 
botnet, no international players, no high bandwidth, no real skill at 
all.  All it takes is the ability to bully and slap domain registrars 
around, which apparently is pretty easy, considering a Network Solutions 
customer can scare the "largest registrar in the world" into doing its 
bidding.

Seriously, force stronger passwords and this would be a non-issue.

I am not familiar with the legal ramifications of archiving passwords, 
nor am i in the know with illegally hosting copyrighted material, but 
this whole thing causes me to wonder how much copyrighted data/material 
is being illegally hosted on the rather lame myspace domain....

I do not own thousands of domains, but i can probably have a hundred or 
so domains transferred out of godaddy.  So who is offering secure and 
responsible domain registrar services these days?

.times enemy


-=-

InfoSec News wrote:

> http://news.com.com/GoDaddy+pulls+security+site+after+MySpace+complaints/2100-1025_3-6153607.html
> 
> By Declan McCullagh
> Staff Writer, CNET News.com
> January 25, 2007
> 
> update - A popular computer security Web site was abruptly yanked 
> offline this week by MySpace.com and GoDaddy, the world's largest 
> domain name registrar, raising questions about free speech and 
> Internet governance.
> 
> MySpace demanded that GoDaddy pull the plug on Seclists.org, which 
> hosts some 250,000 pages of mailing list archives and other resources, 
> because a list of thousands of MySpace usernames and passwords was 
> archived on the site. GoDaddy claims its customers own about 18 
> million domains.
> 
> GoDaddy complied. In a move that Seclists.org owner Fyodor Vaskovich 
> said happened with no prior notice, the company deleted his domain 
> name--causing his site to be effectively unreachable for about seven 
> hours on Wednesday until he found out what was happening and removed 
> the password list.
> 
> "They didn't tell me why they removed the site," Vaskovich, creator of 
> the popular Nmap security auditing utility, said in a phone interview. 
> "At a very minimum, we should get warning."

[...] 


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Jan 30 2007 - 23:17:59 PST