MySpace Allegedly Kills Security Website

Found on Wired on Thursday, 25 January 2007

Computer security guru Fyodor (pictured) reports waking up yesterday to find his website SecLists.org essentially removed from the web by his domain registrar, GoDaddy. After a bunch of phone calls to GoDaddy, he eventually got them to explain why: Because MySpace asked them too.

MySpace was apparently unhappy with a post that crossed Full Disclosure earlier this month, in which the author attached the spoils of a phishing attack against MySpace users, consisting of 56,000 user names and passwords.

These lists have surfaced in the security community before, allowing the white hats to see the data that the black hats have swindled out of unsuspecting users. Bruce Schneier did a fascinating analysis of an earlier MySpace password list in his Wired News column last month.

That was totally wrong on so many levels. It's not GoDaddy's business to block domains just because MySpace sends them an email. What happens if all the other "I don't like that posting" trolls start doing the same? Will GoDaddy roll over again or ignore them because they aren't a big player? MySpace might have good intentions, but the passwords are out. Those who want them already have them; they won't need to copy them from a website. They have to do damage control, and that does not mean to force down websites. It means notifying the affected users, blocking those accounts until the owners re-activate them from their personal email and educate them more about phishing. Additional material can be found at Seclist and another Wired entry.

Browse all articles« Previous « » Next »