Slashdot Mirror
Fox News' FTP Password Anyone?
An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.
That password would've been satisfactory if it was kept better.
Clinton believed they were there, because at the time Saddam was refusing to let UN inspectors do their job. By the time Bush had invaded, the UN inspectors had already been in and found nothing.
the usual call to RTFA ... this is from the lame "the DoD are after me for using vista" site, who approved it ffs? read the article they link to (and link directly next time, stop paying them in ads!), its an account to grab files from zdnet, not an account into fox news, does it even have write access? dont let the facts get in the way of alarmist bs tho
Actually, as of this post, the ftp server can still be accessed with the same username and password from the script.
Current "dictionary crackers" already take care of "leet speak". I.e. they do contain "words" like h8, sk8er and so on. And of course they do try single character replacements like 1 for I and 2 for Z and so on.
In other words, yes, this password was prone to be dict'ed.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After Operation Desert Fox in 1998, Hussein's remaining WMD programs were finished off.
It's rather disengenuous to cite quotes from 1998 when he did have WMD programs to justify actions taken in 2003 when he did not have any WMD programs.
Ooops. I meant:
u 8r/overture.xml
And, as soon as you look deeper in the site structure you find better passwords, like:
ftp://Altavista_1:H1S!uwro@ftp.g.ziffdavis.com/2p
(And a host of others...)
Not defending Bush, I didn't vote for him, but I am tired of this WMD crap also.
I'm guessing that this is an excuse to rag on Fox and bitch about the war and Dubya some more.
At least the story had "ftp" in it, making it slightly more "for nerds".
Peter
PS. I was against the war, I'm against Bush and I think Fox sucks, but even so (and as the parent post points out), this is a bit tenuous.
"Even CLINTON believed they were there."
Yep. In 1998. Then we invaded, destroyed stockpiles, and ushered in the inspection teams.
What that has to do with GWB's claims in 2003 I don't know, but I'm sure that completely unbiased and non-partisan site you linked to has an answer.
Well, the main problem with using "T1meOut" is it's very easily attacked by a weighted dictionary attack. All dictionary attacks take care of common numerical replacements and capitalization. The next issue is weight of the words. Time and out are rather common words in the english language, and even more common when used together. In the case of a full random password, or a word password with randomness interjected, it'd be a lot less crackable than "T1meOut". A much better password would be something like "t&iM-eoUt3". In that case, the words are still there, you just have to memorize the capitalization and non-word components, which honestly isn't hard, people just think it is.
http://www.mhall119.com
The US is in the process of destroying its remaining chemical and biological weapons, and would be done with it were it not for environmentalist lawsuits. One of the project sites completed its work years ago, and the others should be finished in a few years. The Russians are far behind their own obligations, but are slowly making progress.
You can never go home again... but I guess you can shop there.
It also bears pointing out that we *did* find evidence that suggested a number scientists were pretending to be running a weapons program and pocketing the cash. That would indicate that Saddam was seeking some level of WMD capabilities and was being conned out of his money. It would also create a substantial paper trail and conversations that would be interpreted to mean Iraq had a weapons program.
There was a lot of bad information in the days before the invasion. The problem was compounded by the fact that the intelligence community seemed to be largely composed of yes men who were looking to tell the president what he wanted to hear. I honestly believe the president simply didn't have all the facts at hand because he was so keen on invading Iraq and none of his advisors wanted to tell him it was a bad idea.
120 characters for a sig? That's bloody useless.
Once again, we get a horrible computer/car analogy submitted by a buffoon.
Cars are private property. The laws are quite clear that you can't simply take one just because you found a way to start it. Or even if it is sitting in front of a house or store with the engine running and doors open.
Cyberspace is different. A web site is a public space, with the implied permission to wander around it, and look at various items. A good analogy here would be if someone was shopping in a large store and found a "secret place" that the store owner didn't want anyone to see. But all the customer had done was follow the hallway beyond the restrooms, made a right turn, and stumbled upon the secret place. Not exactly the sort of thing to shoot a man over.
It is cowardly, and a betrayal of whatever it means to be a Jew, to act as a white man
-James Baldwin
I have never heard that before. Do you have any evidence of this? If so, I would like to look into it. I have no problem with people proving me wrong... but I prefer proof. The proff that people in Washington believed there were WMD's is what I was pointing to, regardless as to the veracity of the belief.
As a side note - do you mean that since the program's were finished, that the items made from those programs also were gone?
Several quotes are much more current than 1998, which is why I included that link. As I said in one of my other replies, the belief they were there was "common knowledge" among the people in Washington - but "common" is not equal to "Correct"
Hillary believed they were still there in 2002.
:-)
"In the four years since the inspectors left, intelligence reports show that Saddam Hussein has worked to rebuild his chemical and biological weapons stock, his missile delivery capability, and his nuclear program. He has also given aid, comfort, and sanctuary to terrorists, including Al Qaeda members, though there is apparently no evidence of his involvement in the terrible events of September 11, 2001. It is clear, however, that if left unchecked, Saddam Hussein will continue to increase his capacity to wage biological and chemical warfare, and will keep trying to develop nuclear weapons. Should he succeed in that endeavor, he could alter the political and security landscape of the Middle East, which as we know all too well affects American security." -- Hillary Clinton, October 10, 2002"
Maybe they're not speaking to each other these days?
Nice try, though.
A bit of advice: Bush isn't going to be running in 2008. Less dullwitted conspiracy theory screeching about Bush, more effort on scraping up a viable Democratic candidate would seem to be the best strategy here. Hint: try to find someone who isn't a senile hippie this time.
I'm not sure what "then we invaded and destroyed stockpiles" means -- we didn't invade Iraq until 2003. Are you trolling, or just stupid?
Yep. In 1998. Then we invaded, destroyed stockpiles, and ushered in the inspection teams.
What that has to do with GWB's claims in 2003 I don't know, but I'm sure that completely unbiased and non-partisan site you linked to has an answer. You didn't read the linked article, obviously. The site he linked to is a snopes-like rumor debunking site. It's quite true that the quotes listed (between 1998 and 2003) are all true. The congress really did believe that WMDs would be found in Iraq. The question is: why did they think that? The answer is that the CIA was used as a tool to make the case for war. Tenet's book has made that pretty clear. He was somewhat complicit, and the CIA certainly did get some things wrong, but it's clear that the Bush administration was eager to go to War, and eager to convince the Congress and U.N. that there was a valid reason to do so, even if that was questionable.
On July 11, 2007, the posted an article that talked about FTP and why it's bad. But they were concerned about anonymous access. Doh.
Actually the US did find small stock piles of gas agents and one centrifuge that is used to enrich uranium. Not the massive infrastructure that was claimed to be sure but that statement that NO WMD where found is also false. The claim is that the gas agents where miss placed when the Iraqis where destroying them under UN supervision.
I know that I will get flamed for this but it is the truth.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Saddam was fronting a bogus WMD program to scare off his neighbors. All of this was easily discredited by the pre-War UN inspections. Citing these kinds of reports without context was a part of the cherry picking that the administration used to legitimize the War.
I no longer subscribe to the "Bush as Mr. Magoo" story line. There's too much evidence that they wanted invade Iraq from day 1.
I swear to God...I swear to God! That is NOT how you treat your human!
All you have to do is try to view a directory in a browser. If you get an index, you know it's on. If not, you know it's off or there's an index file. Examples: http://www.foxnews.com/story/ and http://www.foxnews.com/i/.
I wonder if I use bold in my signature, people will notice my posts.
We did find WMDs on multiple occassions... they were pretty much all small caches of old shells filled with mustard or sarin and which were probably were no longer effective, but it is a bit disingenuous for the pollster to take those answers and then arbitrarily say "oh, well those don't count... so Fox News viewers are dumb!". If the question was simply "Has the US found Iraqi WMDs?" then the Fox News viewers appear to be the only ones who were properly informed of those developments.
:-)
And, of course, there were also incidents where the insurgent groups got ahold of some lingering chemical weapons (mustard gas, I think) and tried to make bombs out of them--luckily, that also was old and non-effective. Those were widely reported at the time.
In other words, get off your uninformed, sanctimonious high-horse.
If you honestly believe that you're going to brute force that password in 5-20 seconds by using the ftp server to authenticate, I think it may be you who is the most naive computer user with a /. account. There is no way a dictionary attack will get that password in 20 seconds, much less 20 minutes. You probably could over some length of time, but not that quickly.
We did find WMDs on multiple occasions... they were pretty much all small caches of old shells filled with mustard or sarin and which were probably were no longer effective,
So, if there was fissile material in a bomb configuration that was in a missile-like object, would that be a WMD even if the priming charge was bad, the fissile material had decayed to the point where critical mass could not be achieved and the missile would have exploded on the pad if someone would have tried to launch it?
Simply saying "we found canisters marked 'sarin' which appeared to be good at one time and of unknown status now" to indicate that actual WMDs were found is not logical. Were the chemicals found still at full strength? Was there an available delivery method? Did the government have records of them and the ability to deploy them?
Of course Saddam would lie about WMDs. He thought that there would be no uprisings if people thought he had them, and he thought there'd be no invasion if people had them. So he wanted everyone to think he had them in large quantities with his finger on the button. For some reason, the same people (Fox News watchers) who claim that all politicians are liars, seem to think that Saddam should have been believed when he implied that he still had them.
And, of course, there were also incidents where the insurgent groups got ahold of some lingering chemical weapons (mustard gas, I think) and tried to make bombs out of them--luckily, that also was old and non-effective. Those were widely reported at the time.
Again, confirmed reports of non-WMDs, further confirming that anything that he had laying around was useless and that there were no functioning WMDs in Iraq at the time of the invasion.
Learn to love Alaska
You'd feel safer in AR then. When I took my CCW testing there, I learned that it was perfectly legal to shoot someone you saw in the act of committing arson. Seriously, the law is on the books there.
I never was 'lucky' enough to catch someone in the 'act'....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I don't understand how many war critics can't stop mentioning the fact that not finding WMDs would take away all the "legitimacy" of the invasion. The reason Iraq was invaded was definitely NOT that they had WMDs and much less that they threatened the US with using it; that was just a turkey and everyone with a few brain cells knows it.
The reason why it was used and repeated over and over while the troops were assembling in the Gulf was that it was actually a rather safe bet (since it was the US itself that provided him with those!) and that you could scare uninformed folks to death by exaggerating what the evil guy from half way around the globe could to to them.
The invasion was wrong not because Saddam had no WMDs, but (among so many other reasons) because the hawks in Washington used their power and the gullibility of the people (the same people that actually empower them by paying taxes, building stuff, working, inventing... - those same people that actually carry the US forward) to bring war to a country that did not deserve it. Their motive was to intimidate by displaying military strength, to establish control on an oil rich region and ultimately to fill their own bank accounts (if you don't believe this I suggest you read up on privately funded mercenaries "working" in Iraq, e.g. Blackwater and about the huge profits companies like Halliburton are making through Iraq in a war funded by tax dollars while no end or even an improvement of the situation is in sight (intentionally?); there's also a documentary about this).
And when you gaze long enough into the code, the code will also gaze into you.
"I'm sick of lies and lying liars. I'm sick of people who rewrite the facts to justify doing something and then rewrite history to protect themselves from that fuckup."
Get used to it. Whomever wins (Democrat or Republican) the whitehouse will
1. Blame the previous administration for anything that goes wrong domestic or foreign for I predict at least 2 years and probably 3.
2. Spin Spin Spin until you puke like riding that thing that kids ride at parks.
3. Probably keep 90 to 95% of every executive order that Bush signed to use for their own political advantage.