Via 27B Stroke 6 -
Computer security guru Fyodor reports waking up yesterday to find his website SecLists.org essentially removed from the web by his domain registrar, GoDaddy. After a bunch of phone calls to GoDaddy, he eventually got them to explain why: Because MySpace asked them too.
SecLists provides public archives of over a dozen computer security mailing lists, including BugTraq and Full Disclosure. MySpace was apparently unhappy with a post that crossed Full Disclosure earlier this month, in which the author attached the spoils of a phishing attack against MySpace users, consisting of 56,000 user names and passwords.
These lists have surfaced in the security community before, allowing the white hats to see the data that the black hats have swindled out of unsuspecting users. Bruce Schneier did a fascinating analysis of an earlier MySpace password list in his Wired News column last month. But MySpace has apparently decided to take a blunt instrument to this one.
------------------------------------------------------
The sad truth is that even if Fydor would have removed the file right after it was posted...it still would be sitting in the e-mail inboxes of people around the world. Thousands of people have the file. Those people gave it to other people.....
I am SURE that the file is sitting in my Gmail mailing list inbox right now. Will Myspace ask Google to delete all my e-mail?
Myspace should bit the bullet and at the very least, force a password change for those exposed accounts. This should have happened as soon as Myspace knew that information was leaked. Why doesn't Myspace force users to reset their passwords once in a while anyways?
They talk about being secure and protecting minors....but they rather shutdown a security mailing list site which is used by security people all over the world to protect things which are much more important.
You know things like...credit cards, banks accounts, nuclear plants, and airport systems.....little things known as national infrastructure.
This isn't the first leak of MySpace information and it won't be the last, so MySpace should stop attempting to hide from its problems and deal with them.
You want to have a site full of minors...then you deal with the outcome. Phishing isn't going to stop and bad people aren't going away. Corporations spend tons of money attempting to educate the public and their employees on the threat of phishing. Does Myspace really think that it can just side-step this threat so easily?
Myspace's knee jerk reaction is just plain silly....
No comments:
Post a Comment