Usually if someone has a problem with a page on a Web site, the Web site
owner or hosting provider is contacted. YouTube gets nastygrams over
Saturday Night Live copyright violations. Barney's lawyers send
nastygrams to Baltimore sysadmins who post photos of plush toys in
unflattering poses.
And so on. This is the normal order of the universe, and it could be a
whole lot worse. (The DMCA's notice-and-take-down section could be
tilted heavily in favor of content owners, for instance.)
This week we caught a glimpse into what a whole lot worse might look
like. MySpace was upset because a list of some 45,000+ user names and
passwords were floating around online (I'm guessing because of shoddy
security practices at MySpace, but I don't know for sure). They were
posted to a mailing list that's archived at seclists.org, which is a
kind of list repository. Politech is featured there, for instance:
http://seclists.org/politech/2007/Jan/index.html
Instead of contacting Seclists.org owner Fyodor Vaskovich, MySpace went
directly to his *domain name registrar*, which is GoDaddy. GoDaddy
yanked his site by, as far as I can tell, pushing an immediate update to
the .org registry to make his domain name invisible. It appears as
though GoDaddy gave Fyodor just 52 seconds of notice:
http://seclists.org/nmap-hackers/2007/0000.html
GoDaddy's general counsel Christine Jones defended the deletion when I
talked to her today, saying it's good corporate citizenship. See:
http://news.com.com/2100-1025_3-6153607.html
>When asked if GoDaddy would remove the registration for a news site
like CNET News.com, if a reader posted illegal information in a
discussion forum and editors could not be immediately reached over a
holiday, Jones replied: "I don't know...It's a case-by-case basis."
She was even more blunt in an interview with Kevin Poulsen at Wired
News, saying 52 seconds of notice in a voicemail was "pretty generous":
http://blog.wired.com/27bstroke6/2007/01/godaddy_defends.html
"I think the fact that we gave him notice at all was pretty generous,"
she said.
Fyodor has given me permission to post some of the correspondence here
(note how long it took him to get an answer about why his domain was
zapped):
http://politechbot.com/docs/fyodor.godaddy.myspace.seclists-1.012507.txt
http://politechbot.com/docs/fyodor.godaddy.myspace.seclists-2.012507.txt
-Declan
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
