Comments on: GoDaddy pulls security site after MySpace complaints

A host of mailing list archives disappears after thousands of MySpace usernames and passwords are archived on the site.

[bluehole.foetry]

been their victim

See what happened to me at http://bluehole.org/2007/01/when-will-go-daddy-learn.html

[techgeek76]

1and1 Website Hosting and Domain

I would go with 1and1 they are the best. Domain costs are 5.95 a year. Their features are unbelievable. They have SEO marketing, photo galleries, plenty of space and you have more control over hosting. I am very impressed.
Here is the link.


http://www.1and1.com/?k_id=7926664

Later all.

[JoeF2]

Spammer haven

Unfortunately, 1&1 is known as spammer haven. They have a history of not terminate spammers...
See the NANAE newsgroup.

[chort0]

Treated with respect???

How is yanking a customer's domain *without a court order*,
immediately after leaving them a voicemail message "treating
them with respect"???

GoDaddy did *not* treat Fyodor with respect, they rail-roaded
his property after an abusive and over-stepping request from
NewsCorp. Companies do not have the right to sensor
individual's free speech because it may damage the company's
image. What GoDaddy did was deplorable. They actually acted
against their own customer without any legal compulsion to do
so. I cannot possibly see how that is respecting their customers.

I will be migrating my domains off of GoDaddy ASAP because I
don't want to receive the same treatment if I ever happen to
offend a large corporation.

[527nrhpd]

Wow, ever read a TOS agreement?

I guess not, since you misused "sensor" when you meant "censor." Why would I assume you can read if you cannot use a common word properly?

Regardless of how lackluster the attempt by GoDaddy.com's abuse center was in calling him, he still had illegal information on his site. It does not matter who else hosted the same information, or where it came from. The data was not legally the property of seclist.org to have on its site, and that, if I read the sample Terms of Service agreement for GoDaddy, is a reason to pull him WITHOUT A COURT ORDER...and these are the same people saying someone with a MySpace account (I do not) are stupid...

https://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?pageid=REG_SA

See section 10..."You also warrant that the domain name being registered will not be used in connection with any illegal activity." His site was violating this, and thus, he had NO rights to continue receiving the services of GoDaddy.com.

A bit further down in section 10...."Go Daddy expressly reserves the right to deny, cancel or transfer any registration that it deems necessary, in its discretion, to protect the integrity and stability of the registry, to comply with any applicable laws, government rules or requirements, requests of law enforcement, in compliance with any dispute resolution process, or to avoid any liability, civil or criminal, on the part of Go Daddy, as well as its affiliates, subsidiaries, officers, directors and employees. Go Daddy also reserves the right to freeze a domain name during resolution of a dispute." I guess if the site operator had read this before, maybe he would have moved...maybe not...it does not matter much, because I would guess that most other domain registrars are going to have a similar TOS agreement.

People, please, learn to read before you call someone else stupid or ignorant for using MySpace...like I said, I do not, but you are obviosuly not much smarter and ranting against GoDaddy.com in a manner that makes you seem a lot more ignorant than someone who has a weak password. The guy's right to host a website does not trump someone else's right to have as much of their illegally obtained and forwarded personal information removed from the Internet as soon as possible. If it was that important for the guy to have his site up, he should have answered his phone when they called him, even if it was just a token call.

[techgeek76]

I Recommend 1and1

1and1 is simply the best in my mind. I have been with them for three years and they always add new features. I am very impressed with them. Here is a link with some features.

[kjkenney2]

Im sick...

of all this crap about how 'the man' worked against the site and all that bs. the guy needs to play closer attention to his forum. its his own fault. we all know this. myspace does the same thing. Actually, as of recent they found someone spamming their site under the users names after retrieving their login info( i wonder where?). read here:

http://www.cnn.com/2007/TECH/internet/01/23/myspace.spam.ap/index.html

they held their own...why is so hard for others to do the same. if its your site, its your responsibility. case and point.

[unknown unknown]

RE

MySpace users fall for ridiculous amounts of phishing scams (see Bruce Schneier's article on MySpace and password security). As the site author points the list had been posted else where weeks before it appeared on his site so anyone wanting to abuse it certainly had ample opportunity.

Your attempt to imply the spammer in the CNN article you link to got accounts from seclist.org is completely unsupported. Indeed if you read the article it explains how he got the passwords etc.

quote from the article:
"The lawsuit claims Richter either spoofed login pages to steal usernames and passwords in a "phishing" scam or acquired a list of names and passwords from a third party.

The messages include come-ons offering free ringtones, Lacoste polo shirts or other items, the lawsuit alleges."

MySpace users aren't known for being security conscious.

[techgeek76]

I Recommend 1and1

1and1 is simply the best in my mind. I have been with them for three years and they always add new features. I am very impressed with them. Here is a link with some features.

http://www.1and1.com/?k_id=7926664

[unknown unknown]

Note to self never use GoDaddy

I haven't heard much good about GoDaddy for quite awhile. Seems like they've gotten pretty shady.

[npbcpb02]

vividhosting.com has 100% uptime

Godaddy.com has become part of the big business group, this is common when you have so many customers and you know you can replace one with the foul swipe of your hand.

[GHMURPH]

VIVIDHOSTING.COM

My site hosted by vivid was down for a day this week. They are not up 100%. They do not have a tech support telephone either. They have been a good host since they took over my account in Feb 07 but I want to be able to get in touch with tech support when I have an issue or need help. Still having email issues and waiting on their email response....did they get it??? Are they working on it??? Who knows! There is nobody there to talk to!

[wbenton]

As awful as this article describes GoDaddy...

Think about this for one minute:

What was the real problem here?

>>>a list of thousands of MySpace usernames and passwords was archived on the site<<<

If GoDaddy didn't immediately shut down that site... exposure and rip off of such a database could have had a much worse potential.

As for the first ammendment clause... (* CHUCKLE *)

Did the site or did the site NOT have a list of thousands of MySpace usernames and passwords was archived on the site?

Should they have been notified? I would presume so.

But the real question which this article doesn't even touch on is why does that site have a list of thousands of MySpace usernames and passwords was archived on it?

That's the story...

Not trying to paint the culprit to look like some 1st ammendment victim!!!

What about all of the thousands of MySpace users with their usernames and passwords available for public display? They are the true victims... not this guys site.

So now where is the story about WHY he had a list of thousands of MySpace usernames and passwords was archived on his GoDaddy site in the first place?

That's the story you shold follow!!!

fWIW

[alegr]

Shoot the messenger

The same password list is available on multiple other security maillist archives. It's better to fix a hole than to kill whoever tells you about it.

[soldidude]

Wake up and Pay attention!

For all of those out there that are saying "this is good, think about what could happen if those passwords got out" - PAY ATTENTION!

The passwords were out and had been out for some time. You can still find them all over the Internet.

I am guessing most of you making these comments are not experienced in these areas and have no idea what is going on here or what Myspace is about. Further, you have missed the fact the godaddy representative LIED as proven by the story's reference to Fyodor's log AND godaddy's lack of response.

Can someone tell me what is ILLEGAL about having user names and passwords listed on a site? User names and passwords that are all over the Internet and leaked by Myspace? And, usernames and passwords that are all over google and hosted on a special page that I won't paste in here for fear cnet my get pulled w/out notice. Wait, should google be taken down?

They were worried about personal information being exposed? Wha? Myspace members have their personal info exposed to ANYONE WHO HAS AN ACCOUNT.

No, the real story ISN'T that godaddy did a good thing. Wake up. The real story, or rather the problem, is MySpace's lack of proper security controls. Myspace constantly has this problem. And, frankly, their problem is one of being a site, I mean cesspool, of miscreants and sexual predators.

Myspace should be taken offline. Not sites that their passwords happen across.

Fyodor is a responsible Internet citizen who is a pioneer. He has been around long before those of you posting ridiculous 'in support of godaddy' responses even heard of the Internet. If godaddy had an issue and contacted him in a responsible manner, I am confident he would have acted appropriately.

[Jenny3426]

Lots of Thoughts on This

Have used Godaddy for a while with no issues. Enough said there. I agree with some of what I've read, but several of you are completely out of your tree. Congress should fix it? I think not. They have taxed us into oblivion, kissed the rear parts of big business until we stagger under prices such as gas, and utilities; created law after law that serves no purpose except as a hanger for their pet projects like the bridge that goes nowhere. And paid themselves handsomely for it. Watch your own kids. That's what being a parent is about. MySpace is a cesspool for perverts to fish in. I don't care what happens to it. The kids who use it, however, need to be protected--by MySpace. It's their duty to protect their users. Oh, yeah. Would most of you please learn to ****ing spell. A little punctuation would be nice, too.

[domainnames.private]

Congrats Go Daddy

I appluad your move.

Keep up the good work.

[WCarlS]

Go-Daddy's Story Is Full Of Holes

The original story said, repeatedly, that the site in question was NOT the original publisher of the list. Rather, it is a "backup" site used by others, many others, who have already published it. If a company is worried about security, then why focus on one particular site? Why not focus on the original publishers, or for that matter, why not fix the security holes which allowed the information to be compiled in the first place? Perhaps because that would be too costly, and perhaps because this was a "feel good, do nothing" act?

[justelite]

Scare

I'm so scare about INternet Future...

[black_lothar]

Getting paranoid about SPAM

When it comes to spam complaints, GoDaddy starts from considering you guilty until you prove yourself otherwise. The other way around than a democratic juridic system.

Here is my post with a set of problems with GoDaddy:

http://www.blackonstuff.com/2007-01-31/getting-paranoiac-about-spam/

[eddiehappy]

good to hear that..

good to hear that..


www.weknowmagic.com, buy Promotional Products & Blinky Pins at wholesale price!

[debbywu77]

just give you a suggestion

http://www.todaynic.com/index_en.net

Pricing a product too high can limit the quantity that consumers demand, but pricing a product too low may not allow for sufficient profits. As you know the competition between the various ICANN accredited registrars has been tough for quite some time. If you are hesitated about becoming our reseller, all you need to do is look at the pricing being offered:

.CN Domain (first year: $0.13) -----Surprise Price
.WS $14.11
.SH/AC/IO $61.64
-TM $ 157.53
.US $16.24
.HK $24.66 (first year: $12.47)
.COM $6.85
.INFO $7.67
.NAME $8.63
.WS $14.11
.TW $30.14
.TV $40.55
.CC $35.34
.MOBI $15.48
.TRAVEL $177.53

[Casowsky]

Hang on a minute... I'll create a brief story to help underline my point - you walk into your house, to be confronted with the scene of a madman holding a friend/family member at gunpoint. The madman claims to have injected said victim with poison. So you do your kung-fu and take down the dude in a flash, hoping that you might save the victim from being hurt further, only to find that it was all a joke, and the masked man was indeed your best mate Fred. Sure, it was already apparent that it could probably be curtains no matter what for the victim thanks to the poison, but you just wanted to be sure of that.

See what I'm trying to say? Granted, there were probably a gazillion different, more efficient ways MySpace could have handled this situation, as everyone here has pointed out anyway in some way or form, but, I don't know if I'm missing something here, but I thought this was the right thing to do. Even if those credentials had fallen into the wrong hands (remember the poison) of which the chance of that happening would be very likely, I personally would have removed such material immediately. GoDaddy did so, by taking down the site (for seven bloody hours might I add - relax. It's not like it was the online equivalent of 911 or anything).

" Jones pointed out that GoDaddy's terms of service say the company "reserves the right to terminate your access to the services at any time, without notice, for any reason whatsoever." "

If the guy has his domain with GoDaddy, part of the process of signing up for ANYTHING is making sure you agree to any terms and conditions. I believe there is an example here. If this was agreed to, what is all the whining about? I acknowledge the fact that GoDaddy is the most affordable or whatnot(this is just what I have gathered from all the discussion, I don't know much about this sort of stuff), but why should we take pity on those who cannot afford a 'friendlier' service? So what if they can't do anything about it - they'll just have to bite the bullet if they go along with their desicion.

This is just my opinion. I know there is probably a lot more than meets the eye at first, an example being where GoDaddy refused to answer questions etc. etc. which does lead one to believe there is embarassment to hide, but I think the nature of the action that GoDaddy took was completely justfied, with the bottom line being that it's just better to be safe than sorry. Again, forgive me if I'm missing something. Please do tell.