Recently in Blogging Category
Ben Tribbett and the 'Macaca' Machine caught with their proverbial pants down.
It's interesting on more than one level, and I am only dealing here with the meta-level. If you want the background, go read all of that post, related posts, related links, and various corresponding links.
The upshot is GoDaddy has a huge hole in its supposed "private registration" program. If you want to find who owns a particular domain managed under GoDaddy, you can follow the steps outlined in that post to get the root of the e-mail address of whoever owns the domain.
For years, Domains by Proxy has been the major "anonymous" domain ownership service which allowed you to own a domain and not have your identity publicly available through a whois.sc lookup - which unveils all the information about the people behind every Web site.
So if, for example, someone had a Web site about a certain prophet of a certain religion, the ownership of which could expose one to intimidation or possible beheading, Domains by Proxy allowed ownership without the usual public listing.
Now, with the advent of the GoDaddy behemoth domain-and-Web-hosting-majordomo, you can bring all of your domains and private registrations under one, very easy to manage roof.
Downside: there is a hole in that roof.
If anyone in the world wants to know who owns a domain managed under GoDaddy, they can simply type in the domain name at the GoDaddy Account Retrieval page and receive most of the e-mail address of the owner.
GoDaddy's nifty database search program returns the root e-mail address of every domain owner via a public lookup. Everyone who thought they had "private registration" through Domains by Proxy, and is unfortunate enough to have the management thereof under GoDaddy, is no longer private unless they have an anonymous e-mail contact set up with GoDaddy.
Lesson One: GoDaddy has a serious flaw in their database lookup.
Lesson Two: If the above item is not fixed immediately by GoDaddy, then everyone who has a private registration managed by GoDaddy - and wishes to remain anonymous - had better change their GoDaddy account information pronto if it does not have an unidentifiable e-mail address as the primary contact info.
(You can get an anonymous e-mail in various places, including mail.com).
Congrats to the Daily Whackjob crew for ferreting out this massive security breach at GoDaddy.
Apparently, Ben Tribbett is claiming that other bloggers are cutting into his monopoly on the baseless attack market and is preparing to fight back.
Hopefully, I can start thinking of some stuff that Ben will want to get indignant about and start sending us his crazy liberal traffic to go along with our Equality NoVA loony tunes.
UPDATE: VA Virtucon responds.
UPDATE #2: I need to get firstname.lastname@example.org added to the email list.