The last thing a geek sees before his house fills with feds.

Fyodor has started NoDaddy.com in response to last week's shutdown of seclists.org...

I created this site to document instances of customer abuse at GoDaddy. The goal is for GoDaddy to either improve their policies and customer service, or suffer continued loss of market share to their customer-focused competition.

While I gave this site its bare skeleton, I'm hoping it becomes more of a community effort. If you have been frustrated by GoDaddy's behavior, please see our call for volunteers and join in.

But it turns out GoDaddy has defenders! I found this article linked off of Google News!

Screw Seclists.com, you should higher an internet security employee from MySpace to make sure you don't post our personal, highly secure information on your website. Obviously you aren't capable or maybe you just don't understand internet law.

Talk about Comedy Gold! The layers of irony in that passage are so thick its like a work of art!

NoDaddy.Com - Exposing the Many Reasons Not to Trust GoDaddy with Your Domain Names

This is truly upsetting. I am seriously considering pulling all my domains from GoDaddy unless they reverse their stance on this.

Update: 27BStroke6 has an audio recording of the voicemail Fyodor received as well as clear evidence that GoDaddy just doesn't get it:

I think the fact that we gave him notice at all was pretty generous.

Jesus. I think the fact that I'm going to contact them formally before pulling my domains is pretty generous.

Here is my original post:

This was extremely irresponsible! GoDaddy shoots first and asks questions in 1 to 2 business days!

A popular computer security Web site was abruptly yanked offline this week by MySpace.com and GoDaddy, the world's largest domain name registrar, raising questions about free speech and Internet governance.

Fyodor says in his post:

I woke up yesterday morning to find a voice message from my domain
registrar (GoDaddy) saying they were suspending the domain
SecLists.org. One minute later I received an email saying that
SecLists.org has "been suspended for violation of the GoDaddy.com
Abuse Policy". And also "if the domain name(s) listed above are
private, your Domains By Proxy(R) account has also been suspended."
WTF??! Neither the email nor voicemail gave a phone number to reach
them at, nor did they feel it was worth the effort to explain what the
supposed violation was. They changed my domain nameserver to
"NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM". Cute, eh?

I called GoDaddy several times, and all three support people I spoke
with (Craig, Ricky, then Wael) said that the abuse department doesn't
take calls. They said I had email abuse_at_godaddy.com (which I had
already done 3 times) and that I could then expect a response "within
1 or two business days".

1. This website is a major nexus for communication in the computer security industry. Having it down for an extended period of time likely had a greater negative impact on Internet security on the whole than the disclosure of a list of MySpace passwords that are already known to spammers.

2. It is totally inappropriate to shut down an entire site based on such a brief attempt to contact the owner and it is totally inappropriate to have a 1 to 2 day turn around time on review of decisions of this magnitude.

3. Godaddy has created a new denial of service attack that can be employed to shut down any website that allows public posting and employs them for DNS services:
Step one: Post objectionable material.
Step two: File complaint with GoDaddy.
Step three: Website goes down.

4. They have the audacity to defend this decision!

GoDaddy's Jones said that "we're not knee-jerk--we try to be responsible about verifying complaints." There's a broad spectrum of policies among domain name registrars, she acknowledged, with GoDaddy "probably the most aggressive."

When asked if GoDaddy would remove the registration for a news site like CNET News.com, if a reader posted illegal information in a discussion forum and editors could not be immediately reached over a holiday, Jones replied: "I don't know...It's a case-by-case basis."

You DON'T KNOW if you'd shut down NEWS.COM based on a single complain with no prior notification!?!# Fyodor says:

Needless to say, I'm in the market for a new registrar.

If GoDaddy doesn't do something to address their policies I'll be in the same boat. What a major pain in the ass!

GoDaddy pulls security site after MySpace complaints | Tech News on ZDNet

Rick Wesson, left, is chief executive of the data-gathering company Support Intelligence; Adam Waters is chief operating officer. “We are losing this war badly,” Mr. Wesson said of the growing threat from botnets.

Awesome! I have not spoken to Adam in years. It's a real trip to see him pop up in the NYT.

Attack of the Zombie Computers Is a Growing Threat, Experts Say - New York Times

RSnake is a fucking genius. Using a file:/// URL pointed at the manual PDF installed with Acrobat, you can execute JavaScript in the local zone. Oh yeah, local file access, program execution, completely uncrippled XmlHttpRequest.

This is not good.

Ladies and gentlemen, the Internet has left the building...

UK security experts have cracked the sooper sekure new UK biometric passports. It took 48 hours. With 174 worth of sniffer hardware, attackers can read all the personal information off of any of the three million new UK passports in circulation

Boing Boing: UK RFID passports cracked

Here's video of Clint Curtis, a former programmer for Yang Enterprises (YEI) in Florida, testifying under oath that Representative Tom Feeney asked him to write a voting machine program to rig elections.

I'm not exactly sure what the deal is here, but this rabbit hole seems very, very deep, and I find it strange that I haven't heard any of this before given all of the drama about voting machines. This is either a crazy partisan conspiracy theory or its one of the worst corruption stories in this country's history. I haven't found any details that are, one their face, disprovable. On the other hand, the main story is being carried by blogs that seem a bit sensational and partisan. As they say, a broken clock is right twice a day... Anyone got any good information on this?

Update: Apparently Bev Harris isn't impressed. I don't think she understands the technical issues. However, her observation that there is no evidence is correct.

Boing Boing: Video testimony of vote machine whistleblower

"It has become clear that Internet access in itself is a vulnerability that we cannot mitigate. We have tried incremental steps and they have proven insufficient." - Undersecretary of Commerce Mark Foulon

Computer System Under Attack - washingtonpost.com

It describes how to monitor who's voting for what via RF emissions.

Voting machine chess - Hack A Day

"I met my wife on your captcha!!!" -- Steve, from New York

This captcha is based on pictures from Hotornot. You have to pick three hot people in order to prove you are not a robot. Possibly the most innovative security solution of 2006...

Captcha Mashup