Forwarded from: security curmudgeon <jericho (at) attrition.org> ---------- Forwarded message ---------- From: security curmudgeon <jericho (at) attrition.org> To: Declan McCullagh <declan (at) well.com> Cc: Fyodor <fyodor (at) insecure.org> Date: Tue, 30 Jan 2007 03:05:47 -0500 (EST) Subject: myspace, godaddy and the ongoing trend Declan, feel free to post this to Politech if you wish. Late night ramblings from a curmudgeon, nothing more. -- One thing that many people seem to be missing with this entire story is, "why seclists.org?" The full-disclosure mail list [0] is archived on *hundreds* of web servers around the world [1] and even has corporate sponsorship [2]. Was the official archive of the mail list [3] threatened? Or was Fyodor and seclists.org threatned because that site is the first hit on Google if you search for "full disclosure mail list archive"? Did MySpace bother to contact the registrar of the second hit (neohapsis.com) over their archive [4]? I bring this up because once again I am in the middle of a legal threat to remove content off a domain I help manage [5]. At the moment, the full content of the legal threat and my reply have not been published like previous threats [6] but they will in the near future. Like Fyodor/seclists.org, the law firm and company threatening to sue us over publishing material hasn't contacted any other site hosting the same information currently (yes, we've asked). We do know they have sent legal threats in the past to two other sites who run the same type of resource [7], both of which instantly caved in and removed the content without considering the implications (to the integrity of their resource, or the validity of the legal threat). I'm definitely not a lawyer, but if a company wants to protect its interests, doesn't it have to make a marginal effort to contact the people/sites allegedly infringing upon their rights? Or is that how these law firms are operating these days? Threaten the first hit on Google, get them to cave in and then use that action as a basis for claiming your argument has merit in subsequent legal threats. That is certainly what the lawyer who contacted us is doing. In his second mail he cites that other sites have removed the material and so should we. This seems like a vicious snowball effect that allows a legal firm to systematically threaten and stifle free speech, regardless of any legal or ethical merit. jericho attrition.org [0] https://lists.grok.org.uk/mailman/listinfo/full-disclosure [1] http://www.google.com/search?q=full+disclosure+mail+list+archive&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official [2] http://secunia.com/ [3] http://lists.grok.org.uk/pipermail/full-disclosure/ [4] http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0282.html [5] http://attrition.org/ [6] http://attrition.org/postal/legal.html [7] http://attrition.org/dataloss/ _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 30 2007 - 23:28:46 PST