Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead.
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs why reward the lowlifes who are squatting the name? It's not entirely dissimilar to paying ransomware. Instead, put up the site on a new domain and do a search and replace in the NVD. It doesn't fix all the other dead links out there, but it's better than paying a rentier.
-
I thought squatting was prohibited? They need to enforce the policy and release the name.
Having laws, policies or rules that aren’t enforced wastes people’s time.
@HopelessDemigod domain squatting is against the rules. Speculation, on the other hand, is perfectly fair and reasonable.
-
@HopelessDemigod domain squatting is against the rules. Speculation, on the other hand, is perfectly fair and reasonable.
@womble @HopelessDemigod
How? -
@the_moep bad people squat domains, savvy businesspeople speculate.
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs It would be way better for "security nerds" to register securityfocus.is or whatever.eu and supply the non nerd community with `s/securityfocus.com/whatever.eu/` solution.
Were times better the ACPA and pro bono lawyers would be enough.
-
R relay@relay.an.exchange shared this topic
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs
Nah, not paying for thieves and opportunistic bags of shite. 175k for a domain? Hell no. -
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs The whole vulnerability publication lifecycle is such a shit show. Vulnerability management tools are now handling their own CVE databases and enriching data without waiting for NISTs bottleneck.
-
I thought squatting was prohibited? They need to enforce the policy and release the name.
Having laws, policies or rules that aren’t enforced wastes people’s time.
@HopelessDemigod @briankrebs maybe someone could escalate the problem to ICANN?
Symantec is awesome at breaking down things... it almost feels like it's their mission.
Let's buy this awesome product. And ruin it.
-
@HopelessDemigod @briankrebs maybe someone could escalate the problem to ICANN?
Symantec is awesome at breaking down things... it almost feels like it's their mission.
Let's buy this awesome product. And ruin it.
@en3py @HopelessDemigod @briankrebs
This is nothing that ICANN really has anything to do with. Unless an ICANN contracted party did something wrong or if this would fall under DNS abuse, but even then the registrar would be the one investigating. I don't think this is a case of either.
And as others already said, domain squatting is only the case if it infringes on the rights of others and us abusive. Selling domains itself does not constitute squatting.
-
@briankrebs publicly declaring a campaign to buy the domain back seems like a great way to make the price go up.
Yeah I think it might have been better to try to reach out to the owners first. According to archive org, it looks like Accenture had control over the domain already in 2023, unless the subdomain redirect messed up the archives somehow.
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
“Lets reward domain squatting instead of running a search/replace” -
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs
What am I missing here? Getting the domain back does not restore the information the links point to. Is someone saying there is a backup somewhere to restore?Restore it (old target website) anywhere (to a new host), I've downloaded the (NVD) database for local processing many times in my life... In your own copy, search and replace the domain reference to a new host...
If this is important enough to the community at large, work on getting the NVD data itself to be updated. It is all text (once upon a time, XML, now I think JSON)
Edit: clarified 'it' as "(old target website)...(to a new host)"; and 'database' as "(NVD)"
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs
Why in the hell would you pay a squatter for a domain? Fuck that guy -
Yeah I think it might have been better to try to reach out to the owners first. According to archive org, it looks like Accenture had control over the domain already in 2023, unless the subdomain redirect messed up the archives somehow.
@poing @fancysandwiches @briankrebs
Why not just fix the links and automatically point them to pages at archive org ?
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs Accenture. Of fucking course.
-
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs fuck that, sed -i all the links in the NVD to point at archive.org and donate the 175k to them. Getting the domain won't restore the content anyways.
-
@briankrebs fuck that, sed -i all the links in the NVD to point at archive.org and donate the 175k to them. Getting the domain won't restore the content anyways.
-
@franga2000 @briankrebs
Also this is the kinda thing a scammy group of crypto bro indians in a telegram channel would do. Buy a domain, then pretend to be concerned group of internet denizens and start a gofundme to buy the domain that they now own, trick of bunch of well meaning idiots into raising the money, and profit.
I see stupid ops like this purpetrated by indians go down all time around crypto spaces. -
Security nerds have launched a Gofundme to buy back securityfocus.com, a domain that hosted the Bugtraq site and more than 120,000 links from the National Vulnerability Database that are now dead. Whoops.
"Symantec killed Bugtraq in 2020 and let the domain lapse. Now it's squatted for $175k," writes Jonathan Brossard. "The NVD has 120,000+ broken links pointing there. The security community's memory is being held hostage."
Donate to Restore SecurityFocus & Bugtraq, organized by Jonathan Brossard
Hi, I'm endrazine — a cybersecurity researcher, and author of security tools used by… Jonathan Brossard needs your support for Restore SecurityFocus & Bugtraq
gofundme.com (www.gofundme.com)
Not sure if this matters, but DomainTools says the domain was transferred to Accenture.com, Accenture Global Services Limited in Ireland.
@briankrebs sounds like something a big consulting firm or whatever they are would typically do for the planet.
-
@poing @fancysandwiches @briankrebs
Why not just fix the links and automatically point them to pages at archive org ?
@johnlogic
Also a good idea, but likely a logistical nightmare as it involves many many different site owners/webmasters.(hmm, do we still use that term? Feels like I haven't used it in a long time.)
