Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Tinkering With Yahoo Stories

Posted by ryuzaki0 on from the thats-pretty-scary-stuff dept.

Lifter writes "A hacker named Adrian Lamo had access for three weeks to the web-based content control system for Yahoo!'s news section, according to a story at SecurityFocus. He tinkered with a couple of stories without anyone noticing, then edited an August Reuters story about Dmitry Sklyarov, so that it said that Dmitry's program raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope." He also added a quote by John Ashcroft,"They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law." Funny stuff in itself, but the SecurityFocus story explores the harm that could come from a trusted news site being easily hacked in these times."

7 of 387 comments (clear)

  1. Other Adrian Lamo "Exploits" by jea6 · · Score: 2, Interesting

    Hacker plugs huge hole for Excite@Home

    AIM users prone to name hijacks

    --

    sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
  2. Re:We need more people like this by ScuzzMonkey · · Score: 3, Interesting

    Heh. Yeah, I'm not sure that intentionally introduced errors in news stories are much worse than the un-intentional ones that are routinely there anyway. I've been personally close to enough stories that make the paper to realize how horrible the quality of most daily reporting truly is in this country (and don't even get me started on the amateur outfits like indymedia).

    I have to see something several different places (which are not obviously merely copying one another) before I'll start to seriously give it much consideration as fact--and even then, realize that large parts of the story will be missing or incorrect for other reasons.

    One of the best things about last week, though, was that in the middle of all the chaos and speculation, there were a lot of private individuals who just took some time out and posted up pictures they had taken or things they had seen with their own eyes. Put enough of those things together, and you have a far more accurate story than what a single reporter can do in the same amount of time.

    --
    No relation to Happy Monkey
  3. I have met this fine man on several occations. by ConsumedByTV · · Score: 4, Interesting

    You can learn more about some of his other hacks here: http://www.terrorists.net/
    Hes an amazingly brilliant guy. I have spent a few 2600 meetings in SF with him. I hope that nothing comes of this type of "cracking" satire. However I would like to say that Adrian is a true hacker. One conversation with him and you will come to this understanding. True hacking can transend computers and into social aspects like Adrian has aparently done.

    Hes cute too :)

    --


    "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
  4. Re:And for your daily flamebait.. by John+Murdoch · · Score: 3, Interesting

    Hi!

    Yeah, but...

    Ten years ago you were considered to be unusually well-informed if you subscribed to two newspapers--even if those newspapers mostly regurgitated national content from the Associated Press wire. Nowadays it is a trivial exercise to cross-reference stories in "new media" news sites (CNet, ZDNet) with traditional American print media (N.Y. Times, Wall St. Journal, Washington Post) as well as sites from overseas.

    Lightbulb!

    Here's a thought: how about a website, like SlashDot or Kuro5hin, that provides links to a variety of different angles on a given story. Pick a story or two per day and provide links (with a modicum of commentary) to coverage from a variety of sources.

    Hmmm... A splendid idea to contemplate, and thus a good reason to procrastinate.

  5. "Trusted News Site" is an Oxymoron by dbCooper0 · · Score: 2, Interesting
    Even in America, we are human, and I for one have always taken the news with a shaker of salt! (which keeps me thirsty [metaphorically] for updates and corrections) These have become a "standard" in today's media. Journalistic integrity (oxymoric in certain contexts) has given way to impetuous needs for the media equivalent of /.'s "First Post!"

    This applies to all forms of media - not just the web. I's gotten worse, IMHO, starting with Desert Storm and the O.J. trial - CNN, in its zeal to feed info in bulk form with the emphasis on expediance instead of accuracy, is a case in point. The world, not just U.S., has been "spoiled" by the byproducts of the Information Age. So has journalism.

    In fairness, I was up way too late two nights ago, and quickly submitted a report to /. regarding "Taliban Delares Holy War on U.S." that was on CNN (TV) prominently displayed. In this case I'm glad it was rejected. Fifteen minutes later, there was a rephrased "Taliban Warns of Possible Holy War" or something to that effect. MSNBC followed suit and misreported, then "lightened up". This also occurred on the respective websites.

    So, the obvious point here is that we can trust most of what we can see, hear, and (hopefully) touch. On topic, it is a concern that Yahoo's "security through obscurity" was so vulnerable. Sure wish I could read the Security Focus article - still /.'ed - but I did read a post with the text here earlier.

    I think of more concern would be the vulnerabilities of news services like AP and Reuters - the compromise of them could be a propagandist's dream come true. Hey, Wow, I just thought of something! Why don't we hack into the news "services" of our enemies? We could win the whole damn thing just by convincing the radical factions that they are already with Allah, and all is well. They can just relax and go back to making hashish, and whatever...

    There was a interesting discussion of this on NPR's "Talk of the Nation" program a while back, but I can't seem to find it.

    --
    db
    Cig:
    ôô
    /`
  6. Misinformation by Anonymous Coward · · Score: 1, Interesting

    I find it humorous that the article should focus so heavily on the propogation of misinformation by hackers as if hackers, not the media, we're the normal controls of "information" to people at large. While I do agree that changing a news report might spread "misinformation", it would seem to be that the real thing at stake would be the reputation of the news source as reliable and non-tamper prone. Misinformation occurs every day to some extent or another, and it in itself is not much of a problem to media sources. The media is just worried about protecting its reputation, not giving consumers an unbiased view of what is going on.

  7. Re:so how is that a hack? by tauntalum · · Score: 2, Interesting

    From the article (which you might consider reading...)



    Proxy problems
    Yahoo! declined to comment on the specifics of the hack, but as described by Lamo, modifying the portal's
    news stories didn't require much hacking. He made the changes using an ordinary web browser, and didn't
    need to do so much as enter a password.

    The culprit in this case was a trio of proxy web servers that bridged Yahoo!'s internal corporate network to the
    public Internet. By configuring a web browser to go through one of the proxies, anyone on the Internet could
    masquerade as a Yahoo! insider, says Lamo, winning instant trust from the company's web-based content
    management system.