Friday, January 26, 2007

MySpace, GoDaddy, nmap and snails

I woke up a bit early this morning and began my usual routine of feeding while I checked email, read various news bits, etc. I ran into an article on reddit about GoDaddy having to shut down a site after myspace.com complained. This alone didn't catch my attention as this sort of thing happens probably hundreds of times per day.

As the caffeine started to flow, I read further into the article. I saw that the site that got shutdown was seclists.org. That site rang a bell. I read further and realized that seclists is owned by Fyodor, the author of nmap, which is arguably one of the most important utilities in a security geek's arsenal. I nearly choked on my granola when everything finally clicked.

I don't use GoDaddy, but it made me realize that I should probably avoid GoDaddy in the future, and that many people in similarly edgy shoes will probably do the same.

What gets me most about this whole fiasco is not the fact that MySpace can throw its weight around and get a site axed, nor the fact that it happened to a fairly well-known individual. Its the fact that the data in question was first made public on another site over a week ago. My cat, who is barely 10 months old, has ADHD, is a vicious killer, and knows nothing other than how to sleep, eat, shit, cause trouble and get attention, could've addressed a security issue like this quicker than MySpace did. We aren't talking about a few passwords here, either. We are talking about over 56,000 myspace credentials and a password stealing scheme that was extremely effective.

The security staff (if any :P) at myspace should be ashamed.

No comments: