[ISN] Response to Bob Parsons Dropped by Moderators

From: InfoSec News (alerts@private)
Date: Mon Feb 19 2007 - 01:30:35 PST

Forwarded from: Times Enemy <times (at) krr.org>


Yes, i may be beating the proverbial dead horse, however, i am 
pro-actively looking for ways to express my discontent with the way 
GoDaddy has overstepped it's bounds and disrespected the internet 

I include Bob Parson's response and justification of GoDaddy's actions 
to dropping http://www.SecList.org below.

So far, it seems my response, to Bob Parson's rather weak excuse for 
dropping http://www.SecLists.org, is unacceptable by the bobparsons dot 
com moderators.  Other postings to this thread have gone through 
moderation since my submission, and have appeared online.  I could see 
how it may be off-topic, however, Bob made it "on-topic" by allowing the 
biggles' post through, and then again by responding to biggles' post.

Perhaps it may find a warm spot in your hearts ...

Original thread:

#------- INSERT -----------------------------------
Please don't do dumb things like take down seclists.org just because 
myspace asks you to.
#3 biggles on Feb 14 2007, 06:46 Reply

Dear biggles,

We didn't take the site down because MySpace asked us to. We took that 
site down because the content on it was inappropriate — usernames and 
passwords for over 75 thousand kids sites on MySpace.com. We tried to 
reach the owner to get him to volunatary remove the bad content — but he 
was not available. As the usernames and passwords were being accessed 
for no doubt nefarious purposes, we had to act.

After we took the site down, we were contacted by the owner who then 
voluntarily removed the inappropriate content and his site went back up 
in an hour.

When you have a website that allows posting of anything, with it comes 
the responsibility to act when you are made aware that some of the 
content might be out-of-bounds. You also need to be available for 
contact when a problem arises.

I ask you: If you had a child whose username and password was posted on 
that website, what would you have wanted GoDaddy to do? Leave the 
website up and let it be distributed all over the world, or be a good 
citizen and take the site down until such time as the bad content is 

Sometimes you just have to do what's right. And that's what we did.

Appreciate your post,

# 3.1 bob parsons on Feb 14 2007, 11:11 Reply
# ------- END INSERT -------------------------------

My response, submitted and apparently rejected, 2007.02.14 approx. 

#------- INSERT -----------------------------------

I'll bite ...

If my child(s) username and password were posted on www.seclists.org 
[http://www.seclists.org] , i would have another serious discussion with 
my children about strong passwords.  We would immediately change *all* 
of their passwords, and we may even close the account(s).  We may even 
respond to the thread in question with a chuckle and a polite thank you 
for the heads-up.

If my child(s) username and password were posted on www.seclists.org 
[http://www.seclists.org] , i would expect GoDaddy to do it's job, not 
as the internet police which is quite frankly beyond the scope of a 
domain registrar imho, but as a domain Registrar.

If my child(s) username and password were posted on www.seclists.org 
[http://www.seclists.org] , i would also expect GoDaddy to not balk and 
be slapped around by a www.networksolutions.com 
[http://www.networksolutions.com] customer.

If my domain were the cause for concern, i would want my registrar to 
know it's legal rights, and to not bend over at the slightest legal 
threat(s).  I would want my registrar to do it's job and protect my 
domain(s).  I would want my registrar give me a fighting chance to 
defend myself and my domain(s).  As a paying customer, as a client of my 
domain registrars, i would expect them to take my side, as easily as 
they take my money, when my site(s) content is questioned; especially 
when those questioning my site(s) are supporting a different registrar's 
bank account.

If a threat is merely a viable potential for something to occur, and if 
that pathetic social networking site simply had to threaten legal action 
to have GoDaddy drop one of it's paying clients, then GoDaddy should 
have thought its actions completely through.  The threat ignored has 
actually backfired, and become a vulnerability.  Now GoDaddy has lost, 
and will continue to lose business because of it.  All a competing 
domain registrar need do is offer good customer support and protect 
their clients' domains.

GoDaddy may have legal protection to conduct business so poorly, but 
GoDaddy is lucky this incident happened with a domain owner who has more 
character than most.  As i see it, GoDaddy conducted a denial-of-service 
(DOS) attack against SecLists.org, at the behest of myspace.  It was 
irresponsible, not a wise move, even foolish, of GoDaddy to do what it 
did, and to even get involved.

Also, Bob, i try to keep lame marketing gimmick's, such as GoDaddy's, 
out of my children's view, because i find it offensive and inappropriate 
for children.  It may succeed at getting attention, but due to GoDaddy's 
decision to play the moral judge and drop www.seclists.org 
[http://www.seclists.org] i am shopping for a new domain registrar for 
my domains, my clients' domains, and for anyone else who wants a truly 
responsible domain registrar.
#------- END INSERT -------------------------------

Also, for anyone who notices ... i am working on it ....


Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Mon Feb 19 2007 - 01:53:32 PST