Shoemoney Gets The Boot

28 comments

Fellow TW editor Shoemoney™ has been Banned From MyBlogLog

I have been banned from MyBlogLog… Since last night every page I visit on there site results in 403 error code. I have asked others and nobody else seems to get the error but me.

Seems the folks over at mybloglog didn't like him exposing vulnerabilities in public. Now I know Jeremy and I can tell you he's no hacker. I might be inclined to take a high profile person who happens to have a background in security for a major financial institution and get him to consult and help straighten things out, rather than ostracize him and ban him from the community.

Update
Looks Like Andy over at Marketing Pilgrim started a MyBlogLog protest hell hath no fury like a blogger scorned, eh ...

Update2 Looks like ShoeMoney has a last post on the subject (for him anyway) and also points to a story over 1 month ago which revealed much more user info yet the user is not banned. Shoe also quotes one of mybloglogs founders who say they "hope to be able to stop SEO-types from gaming there system"

Comments

But can you blame them?

I actually thought it was cool that he exposed the vulnerability... until he listed user ids (yeah, I know, anyone could look those up). But, I gotta agree with Eric on this:

We banned him for publishing other people’s data on the site and urging readers to spoof them. On what planet is that not a bannable offense?

I ask, to all of those here whose sites were hacked by that lame Pirate Dude (not that I'm calling what Shoemoney did a hacking), what if instead of hacking your blogs he had posted how to hack your blogs and gave the addresses of your blogs, would that have made it any less offensive?

Flawed Logic

I could tell you how to shoot someone, but it doesn't mean your going to pick up a gun and do it now does it?

Oprah used to show videos of common tactics criminals used to trick and kidnap children, nobody said she should be yanked off the air for doing that.

All true GW

But Oprah also didn't want rappers on her show because she didn't like the lifestyle they potrayed. And she can decide who to have on her show and who not to, because it is her show... much the same way MBL can decide whose membership they can revoke.

Community

True enough but banning a highly visible person in an extremely active and vocal community, may not have been the best plan of action.

Don't Shoot

The messenger...

I think this would have had a different outcome

if Shoe had alerted them first. Boy their new Community Manager is gonna have their hands full :).

bleh..

I would have banned him to. Its not like he was going to start being all sweet on them and he was just being a pita. Granted they need to fix their stuff but thats a seperate issue.

hate to say it, but

ida nuked his ass in a heartbeat. great linkbait, too.

Different Outcome

Hey Jeremy

Hi my name is ____________ and I'm in charge of security over on MyBlogLog. We noticed you posted a few security holes in our system on your site. We're working on fixing them as quickly as possible, but could you do us a favor and give us a heads up before posting anything new. We're going through some growing pains since joining yahoo and adding so many new members. Here's my direct office number (555) 555-1212 ext 1234 please feel free to contact me any time you have a problem. By the way are you going to SES in New York, if you are I'd love to sit down and buy you dinner and hear any other ideas or concerns you have about how we can make our service better. Thanks again.

_______________
MyBlogLog Security Team

Remember firefighters don't fight fire with fire they use water instead ...

So, Did he give them

"a heads up before posting anything new"?

Firefighters

fight fire with fire all the time. They call them burn zones. Something to do with removing part of the fire triangle. Oh yeah, the fuel part... ; )

Its not even close to the

Its not even close to the same thing as what pirate asswipe did. That had monetary consequences. This is just a stupid vanity widget. They should have just let it go.

cynic that I am...

sorry, michael, but i still see it as rib-poking (cue that leopard video!) with a big dose of win/win for shoe in the linkbait game.

@Kirby

I wasn't saying it was in the same league. Definitely not - not even in the same universe. I was just using that as an example.

MBL/Yahoo! has an interest in protecting themselves

"True enough but banning a highly visible person in an extremely active and vocal community, may not have been the best plan of action."

I have toyed around with it a little and think it will do quite well without active or vocal SEO/SEM bloggers talking it up OR down. Like Flickr when it first began it's growing organically, not relying on the influencial set.
I believe it's going to be gigantic. Once I noticed MySpace blogs linked it became very clear how big it will get.

It'll do great in digg &

It'll do great in digg & myspace, no doubt about it.

From Andy's comments:

"The flaw he pointed out was fixed within 45 minutes of Shoe originally posting the story, and we posted this on Shoe's comments."

Seems like a reasonable response time.

A lesson to learn about

Something odd about Shoemoney: he's human. Without doing research, I can see he is pretty predictable about his crticial review. He blogs a mild bit first or a "I doubt" or "doesn't seem true" post, blogs again about the response (if there was one) or implications (if there is interest), and then if it's interesting, he digs in with detail (he's a curious guy). If the details are important (further info on those early implications blog posts... correcting them or supporting them) he then chooses to blog (maybe for the links, probably to entertain his readership -- "this is AMAZING"). You can see he prefaces his first "exploit" post with a specific reason for postng it.

So the clue to be learned is: reputation management is not so much trying to fix what's been done, but PAYING FREAKIN' ATTENTION along the way. MBL had plenty of opportunity to join the conversation and influence Shoemoney. Maybe they tired, maybe not. They failed, and are now one one side of a fence they probably didn't want erected between them and part of the market. Quite a different story than some exploit publisher turning your world upside down out of the blue.

I would have banned me too.

Scott Raffer has my cellphone, Email, And other ways to get ahold of me. We had worked on some issues together in the past before Yahoo took over.

Basically once JZ tried to call out beal as a spammer for something THEY WERE IN ON ... it was on.

I would have banned me too. lets move on ;)

Their reason for the ban is

Their reason for the ban is damn ridicules. "publishing other people’s data".. Seriously any person with little technical understanding could find the information he posted - ever heard of "right click > view source"..? Username and userid are both available on a members profile page.

And in regards to their interest in knowing about security exploits before they get posted on blogs - if they'd take it more serious I'd understand. But back in the start of January they've been alerted about several security exploits and possible future abuse methods. Never heard back from them and none got fixed...

Yawn

Someone bans a blogger.

So?

Wake me up when there's news.

Wow, this is big news!

Will we get reports on Shoemoney's toilet habits too?

OK so banning a troll that

OK so banning a troll that is harming your organization by disseminating exploits is wrong? Pardon me while I put on my waiders the bullshits getting deeper by the minute!

Funny, I thought we did reach out to you last week

"Scott Raffer has my cellphone, Email, And other ways to get ahold of me. We had worked on some issues together in the past before Yahoo took over."

Come on, Shoe. Rafer *did* email you last week. How much clearer can you get that "Whether you want to remain pissed at Jeremy Zawodny is your call, but we've had a good relationship in the past and would love a head's up if you're going to post anything in the future."

Heads up?

I'll give you a heads up: Hire better programmers and web designers, do code review, some QA testing probably wouldn't kill ya, and maybe a security expert to check your site for vulnerabilities and then Shoe wouldn't be posting exploits in the first place.

People always want to blame others for their own shortcomings...

Hmm

My friend drives to the bar and leaves his door unlocked, do I say

A.Hey dude, you left your door unlocked, might want to lock that up in this part of town.

Or

B. Go in to the bar, have a few drinks and quietly tell everyone in the bar that my friend doesn't lock his car door? Oh, and by the way, he just bought a new Alpine system that kicks ass... Damn he's dumb eh?

No, it's more like

your friend goes into a bar and, while he's looking to hookup, instead of giving him a private heads up, you yell across the room, "Hey Joe, your fly's open".

Nothing Shoe did caused any monetary harm, just some public humiliation.

Well...

he could buy another stereo...

Epilogue

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.