On Saturday 03 February 2007 12:38, chefren wrote: > On 2/3/07 8:10 PM, bofh wrote: > > I'm not saying godaddy is a thief, but equating the amount of $$ > > donated to being a good friend is wrong. If a thief steals $30mil > > and gives you $1mil, is he your best friend? > > > > I think the criticisms here have been over gogaddy's business > > practises, and not the fact that they donated $10k. > > > > Godaddy *SHOULD NOT* have taken down fyodor's list no matter how > > much of an ass you believe he is. Is godaddy the new internet > > vcensor? > > I believe he is an ass for his reaction. > > I have understood thousands of passwords of people were on-line > because they were commented on his webpages. Godaddy was in the chain > of keeping them on-line and they pulled their plug immediately to > deminish the damage, they put the plug back within one hour. > > Fyodor can be a hero for other reasons, in this case he misused his > power to damage Godaddy and we hear nothing about what I presume the > fact, that privacy of thousands of people were at risk because of his > site sending copies of their logins to anyone who asked for it. > > Godaddy was in the chain and reacted. I don't maintain websites with > free publishing possibilities for unknown people, he did and this is > what he risks with it. > > This is comparable to the firebrigade that ruins your door because > they want to stop a fire. > > +++chefren
chefren, Your understanding is mistaken. The "seclist.org" domain name is nothing more than a mail list archive like marc.theaimsgroup.com. The MySpace login credentials were posted (multiple times) to a public mailing list (full-disclosure@lists.grok.org.uk) and *one* archive of the mailing list was hosted at the seclists.org domain name. There are *many* other archives of the list around the 'net which still hold the offending information, including marc.theaimsgroup.com You can find information including sponsors and charter for the full-disclosure mailing list here: https://lists.grok.org.uk/mailman/listinfo/full-disclosure You can find details about what happened, and how long it took to restore service to the mail list archive here: http://seclists.org/nmap-hackers/2007/0000.html Since I have just posted all the information one would need to dig up those compromised MySpace credentials and this post will be archived in lots of different places, do you think it's OK to have the openbsd.org or theaimsgroup.com domains yanked from existence? The real problem was security at MySpace and unfortunately, they tried to "fix" their security problems by making legal threats against godaddy to yank one of many archives of their embarrassment. Both MySpace and GoDaddy picked the wrong person to screw, and now damaging both companies, in fact possibly putting them out of business for their censorship attempts, seems like well deserved retribution. Though I respect your right to disagree and voice your opinions, companies like MySpace and GoDaddy would try to have you and anyone who archives your opinions shut down by any means possible. Personally, I think denying them as much business as possible seems like a good idea. kind regards, jcr
