Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
MySpace tactics raise researcher's ire
Published: 2007-01-26

Security researcher "Fyodor" had some choice words for social networking site MySpace and his registrar GoDaddy on Thursday, after MySpace convinced GoDaddy to take down his domain,, to quash a list of passwords available from many other places on the Internet.

The interruption in doman-name service lasted for most of Wednesday, according to a statement posted by the security researcher and creator of the NMap port scanning tool. The take down--requested by MySpace because an archive of the Full-Disclosure security mailing list included a list of 56,000 passwords--happened without any warning, Fyodor said. GoDaddy confirmed to CNET that it had taken the domain down at the request of MySpace.

"Instead of simply writing me, or, asking to have the password list removed, MySpace decided to contact, only, GoDaddy and try to have the whole site of 250,000 pages removed because they don't like one of them," Fyodor said in the statement.

This is the second time that MySpace has had to chase down a list of leaked passwords. Last year, MySpace users fell for a simplistic phishing attack and a file of 34,000 passwords made the rounds. The company has tried numerous initiatives to make its community more secure, including hiring a former Microsoft security investigator and sponsoring an effort to create a list of online identifying information for registered sexual offenders.

The latest move, however, attempted to re-capture information that had already spread on the Internet for more than a week.

"Most of the censorship attempts are for the full-disclosure list," Fyodor wrote. "It would be easiest just to cease archiving that list, but I do think it serves an important purpose in keeping the industry honest."

Neither GoDaddy nor MySpace responded to requests for comment.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
too bad for godaddy... 2007-01-26


Privacy Statement
Copyright 2009, SecurityFocus