Forwarded from: Times Enemy <times (at) krr.org> Greetings. I realize this is old news by now ... but ... As the author of this article hints, this could be a somewhat legal method for performing a fairly effective Denial-of-Service attack against a domain, just about any domain, even a highly respected security site such as seclists.org. In this particular instance, i would list GoDaddy as the perpetrator of the Denial-of-Service attack, with MySpace as the partner in crime. Perhaps this could be an organized crime outfit? So, it seems a new DOS tool may exist, which requires no download, no botnet, no international players, no high bandwidth, no real skill at all. All it takes is the ability to bully and slap domain registrars around, which apparently is pretty easy, considering a Network Solutions customer can scare the "largest registrar in the world" into doing its bidding. Seriously, force stronger passwords and this would be a non-issue. I am not familiar with the legal ramifications of archiving passwords, nor am i in the know with illegally hosting copyrighted material, but this whole thing causes me to wonder how much copyrighted data/material is being illegally hosted on the rather lame myspace domain.... I do not own thousands of domains, but i can probably have a hundred or so domains transferred out of godaddy. So who is offering secure and responsible domain registrar services these days? .times enemy -=- InfoSec News wrote: > http://news.com.com/GoDaddy+pulls+security+site+after+MySpace+complaints/2100-1025_3-6153607.html > > By Declan McCullagh > Staff Writer, CNET News.com > January 25, 2007 > > update - A popular computer security Web site was abruptly yanked > offline this week by MySpace.com and GoDaddy, the world's largest > domain name registrar, raising questions about free speech and > Internet governance. > > MySpace demanded that GoDaddy pull the plug on Seclists.org, which > hosts some 250,000 pages of mailing list archives and other resources, > because a list of thousands of MySpace usernames and passwords was > archived on the site. GoDaddy claims its customers own about 18 > million domains. > > GoDaddy complied. In a move that Seclists.org owner Fyodor Vaskovich > said happened with no prior notice, the company deleted his domain > name--causing his site to be effectively unreachable for about seven > hours on Wednesday until he found out what was happening and removed > the password list. > > "They didn't tell me why they removed the site," Vaskovich, creator of > the popular Nmap security auditing utility, said in a phone interview. > "At a very minimum, we should get warning." [...] _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 30 2007 - 23:17:59 PST