ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Re: [Politech] Jim Davidson on MySpace, GoDaddy, free speech; another GoDaddy story [fs]

  • To: Declan McCullagh <declan@xxxxxxxx>, General Assembly of the DNSO <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] Re: [Politech] Jim Davidson on MySpace, GoDaddy, free speech; another GoDaddy story [fs]
  • From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
  • Date: Tue, 30 Jan 2007 04:29:37 -0800
  • Cc: Kathy Smith <KSMITH@xxxxxxxxxxxx>, icann board address <icann-board@xxxxxxxxx>, essential ecom <ecommerce@xxxxxxxxxxxxxxxxxxx>
  • Organization: INEGroup Spokesman
  • References: <45BEEFBE.8010909@well.com>
  • Sender: owner-ga@xxxxxxxxxxxxxx

Declan and all,

  Mr. Butler's response is inane as it in no way addresses SecLists.org
content in any way.  Where he is coming from baffles me in regards
to SecLists.org.  GoDaddy seems to be operating it's business in a
irresponsible manner and/or at the behest of others with false claims
and ill will.

Declan McCullagh wrote:

> We've seen a bunch of critical messages about GoDaddy go over the list
> in the last few days. I'm happy to extend an invitation to someone at
> the company if they want to reply. The closest we've seen so far is this:
>
> http://news.com.com/5208-1025_3-0.html?forumID=1&threadID=24518&messageID=232062
> "I am Ben Butler, the Director of Network Abuse at Go Daddy and I want
> to personally address your posts regarding SecLists.org... An important
> issue I would ask you to consider is one that is a top priority for us
> at Go Daddy ? child exploitation or even the potential for it... I don't
> know of any parent who wouldn't want their child?s username and password
> protected."
>
> Previous Politech message:
> http://www.politechbot.com/2007/01/29/response-to-godaddys/
>
> -Declan
>
> -------- Original Message --------
> Subject: Re: [Politech] More experiences with GoDaddy, free speech, and
> domain deletion [fs]
> Date: Fri, 26 Jan 2007 10:52:28 -0800
> From: Tom Collins <tom@xxxxxxxxxxxx>
> To: Declan McCullagh <declan@xxxxxxxx>
> References: <45BA335B.2030306@xxxxxxxx>
>
> Declan,
>
> A good friend ran into a serious problem with GoDaddy.  He had a
> dedicated server with them, and when he confronted his sysadmin about
> using the server to host sites for other people, the sysadmin freaked
> out.  Since the sysadmin had access to the GoDaddy account, he was
> able to renew the domain registration with his credit card, change
> the password and change the Registrant info.  As a result, my friend
> has lost complete control over the domain.  Since the sysadmin made
> the last payment on the account, he now "owns" it.
>
> My friend lives in Scottsdale, where GoDaddy headquarters is located,
> but there isn't a physical office you can visit (no surprise there).
> To regain control of the domain, he needs to sue the sysadmin and get
> a court order to force GoDaddy to hand the domain back.
>
> As a result, he's registered a new domain name for their company
> (using Dotster) and I'm hosting the site and email for them.  What a
> mess.
>
> -Tom
>
> -------- Original Message --------
> Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security
> domain name without warning [fs]
> Date: Mon, 29 Jan 2007 23:33:53 -0500
> From: Jim Davidson <davidson@xxxxxxxx>
> Reply-To: davidson@xxxxxxxx
> To: Declan McCullagh <declan@xxxxxxxx>
> References: <45B9C4BE.9060301@xxxxxxxx>
>
> Dear Declan,
>
> Your comments are completely appropriate throughout.
>
> MySpace has terrible log-in security.  There is no way to get an SSL
> link to log in securely.
>
> As I understand it, all MySpace passwords are user generated, so many
> of them are undoubtedly words found in the dictionary.  Many users
> have fairly obvious e-mail addresses, too, which is what passes for a
> user name.  So, learn a user's e-mail address (often by simply looking
> at their MySpace page or a web link from their MySpace page) and then
> their password may be one encrypted dictionary away.
>
> If MySpace is serious about security, it can take a number of steps.
> Adding https connections, at least as an option, lets those who have
> decent passwords keep them private.  MySpace could add server generated
> usernames or passwords, or at least offer replacement passwords that
> are reasonably strong server-generated random character strings.
>
> Another very frequent problem I've encountered is bot-generated pages
> on MySpace.  Many of these pages come up with a covering image that
> asserts the content is protected and for adults only, click on the
> image to get special log in instructions.  Endless phishing goes on
> with MySpace log-in look-alike pages.
>
> It is a minefield trying to keep a MySpace page secure.  I see many
> of my friends lose their passwords and then the bulletin board gets
> loaded with spam apparently from their hijacked account.  One friend
> clicked on a MySpace message he received, found an offer for a nude
> video of Britney Spears, clicked that, his MySpace session was suddenly
> "lost" and he found himself at a screen requesting login.  So, of
> course, he logged in to a phishing site.
>
> Yahoo mail and other sites such as Google don't have these apparent
> difficulties.  What do they do differently?  I used to have to click
> a particular link to get to Yahoo's SSL login, but now it seems to be
> the default.  Gmail has always had SSL login screens.  Given user
> selected usernames and passwords, SSL seems essential, to me.
>
> MySpace seems to be run by amateurs, so it is not surprising that
> they didn't bother to go to the site's owner before going to the
> registrar demanding the plug be pulled.
>
> As for GoDaddy, I find their attitude idiotic.  Most of the people
> I know are moving toward Tucows registrars (WontonGold is a good
> one) or other alternatives.
>
> Yes, GoDaddy can act as judge, jury, and executioner.  But should
> they?  And, if they are going to sit in judgement, doesn't the
> accused have rights?  Right to present evidence in his defense, to
> confront witnesses against him, to confront their testimony, to
> take corrective action before having his domain eliminated?
>
> Assuming these rights are not present in the GoDaddy contract,
> then only a fool would register with GoDaddy.  Or perhaps a
> prospective litigant.
>
> The principles of liberty embodied in the constitution are not
> just a bunch of complex ideas.  They are the distillation of
> hundreds of years of common law and thousands of years of
> mercantile law.  Treating the accused with respect for certain
> rights is better for everyone, not just the accused.  It makes
> for better results, a greater chance that justice prevails, it
> reduces the potential for miscarriage of justice, for hard
> feelings, and for bitterness.
>
> Heavy handed brutality and torture may appeal to the socialists,
> but they are wrong.  They've always been wrong.  Private property
> and individual liberty make for a better society.
>
> Regards,
>
> Jim
>   http://indomitus.net/
>
> _______________________________________________
> Politech mailing list
> Archived at http://www.politechbot.com/
> Moderated by Declan McCullagh (http://www.mccullagh.org/)

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827





<<< Chronological Index >>>    <<< Thread Index >>>