Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fox News' FTP Password Anyone?

Posted by CmdrTaco on from the fair-and-balanced dept.

An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.

14 of 611 comments (clear)

  1. Re:Wasted chance by mwvdlee · · Score: 4, Insightful

    Because now we know; it was just some hacker prank.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  2. what's wrong with T1me Out by wheretheicegrows · · Score: 5, Insightful

    I'm not that much into security, so I hope I don't sound "pathetic", but I was wondering what's wrong with the 'T1me Out' password. I'd say all company passwords I've ever had were no harder than that, and none of them had a space in it. And honestly how many of you guys use a password like YwMCU07D?

    1. Re:what's wrong with T1me Out by TodMinuit · · Score: 4, Insightful

      Seriously, though, that's the form you should be using for passwords, especially critical ones or ones that are public-facing. Get yourself a good password manager (TealSafe, SplashID) and just keep generating new passwords for all your systems. I think it's a moot point. Here, the password wasn't the failure. It could have been d41d8cd98f00b204e9800998ecf8427e and it wouldn't have made a difference.
      --
      I wonder if I use bold in my signature, people will notice my posts.
    2. Re:what's wrong with T1me Out by ndixon · · Score: 5, Insightful

      There's nothing really wrong with the password (though a smart dictionary-based search could discover it).

      There is something very wrong with writing the password down, in plain text, on a public-facing server and assuming that no-one will be able to see it.

      --
      Oh, how convenient: a theory about God that doesn't involve looking through a telescope.
    3. Re:what's wrong with T1me Out by Legion303 · · Score: 4, Insightful

      "And honestly how many of you guys use a password like YwMCU07D?"

      Great--now you've got 8 people making the same joke.

  3. Let's see here by Anonymous Coward · · Score: 4, Insightful

    Random corporation has bad security: Brief blurb about how corporations should take better care of their security infrastructure in order to make sure that leaks/intrusions don't happen. Perhaps even a person or two giving advice in the form of which files to edit and what to change.

    Corporation that people don't like has bad security: Note after note about how evil the company is and that they're idiots in the highest sense.

  4. Ridiculous summary by the+computer+guy+nex · · Score: 5, Insightful

    1) The password has probably been around for awhile with no one guessing it. What exactly was wrong with it? Uppercase/lowercase/numbers, combination of multiple words, it is at least moderately strong.

    2) Why the hell are you blaming Fox? You think the entire company sat in a conference room and decided on a security scheme and a password?

    3) Why did this deserve front page news? Exploits like this are found on a daily basis, and ones much more humorous/interesting/newsworthy.

  5. 4chan by stick-boy · · Score: 4, Insightful

    this originated on 4chan.org's /b/ late last night (NSFW.) the shell script was a small script for uploading to a ziff-davis ftp server, it wasn't actually a fox ftp password (look at the directory name the shell script was found in, and i'm sure z-d appreciates this too.) also, there was an image directory that had directory listing turned on too. i didn't stick around long enough to see if any /b/tards found anything interesting in there, but i know an image dump was being made.

  6. Re:Wasted chance by dcollins · · Score: 5, Insightful

    This isn't about believing in WMDs before the invasion. This is about believing that we found WMDs AFTER the invasion. In an October 2003 poll, for example, 7 months after the invasion, 33% of Fox viewers said that the U.S. had actually physically found WMDs in the course of the invasion. That's 10% higher than the next most confused media viewership. This is what some of us would really love to see explained by you "nothing to see here" apologists. Or else, it sounds like you still maintain that's a reasonable belief today?

    http://www.americanassembler.com/issues/media/docs /Media_10_02_03_Report.pdf

    Weapons of Mass Destruction
    As discussed, when respondents were asked whether the US has "found Iraqi weapons of mass destruction" since the war had ended, 22% of all respondents over June-September mistakenly thought this had happened. Once again, Fox viewers were the highest with 33% having this belief. A lower 19-23% of viewers who watch ABC, NBC, CBS, and CNN had the perception that the US has found WMD. Seventeen percent of those who primarily get their news from print sources had the misperception, while only 11% of those who watch PBS or listen to NPR had it.
    --
    We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
  7. Re:Wasted chance by jollyreaper · · Score: 5, Insightful

    Fox news definately has some perspective issues - but WMD's isn't one of them. Even CLINTON believed they were there. Not trying to start a war - I am just sick of hearing about WMD's, when we all thought they were there. Iraq as the cause for 9/11 though - that's a crazy concept. No, you colossal boob, not everyone thought there were WMD's. First, don't lump chemical and biological with nuclear. Yes, I know analysts do it but I think it unfairly magnifies the threat level of the BC in NBC.

    The specific charge Bush used to get our panties in a wad was nuclear weapons. "We don't want the smoking gun to be in the form of a mushroom cloud." Yellow cake uranium, lie. Aluminum tubes, lie. The CIA was giving Bush solid intel but he and his team refused to accept it. Cheney and his cronies cherry-picked raw intel for the most sensationalistic shit they could find, regardless of whether it was true or not.

    When you say "most people assumed Saddam had WMD" you really mean "Most people assumed he had some leftover chemical or biological shit", not that he had nukes ready to strike the west in 45 minutes. The consensus before 9-11, a consensus backed by Powell, was that the US policy of Iraqi containment was working.

    I'm sick of lies and lying liars. I'm sick of people who rewrite the facts to justify doing something and then rewrite history to protect themselves from that fuckup.
    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
  8. Re:Wasted chance by Don853 · · Score: 4, Insightful

    But I don't expect you to learn any life lessons from this. People like stories with comic book villains and if seeing Saddam as evil, omnipotent, and omniscient makes your universe make sense, whatever. [Here's where I make some insulting generalization about you, but even I have too much good taste for that.]

    Idle curiosity: Do you think a smart-assed remark about how you, unlike the other guy, are too good for personal attacks is something other than a personal attack?

  9. Re:Wasted chance by PFI_Optix · · Score: 4, Insightful

    Did the president pick the joint chiefs and the top-level CIA people? (serious question, I don't know off the top of my head).

    Not everyone who has the president's ear is appointed by him. He showed some bad judgment prior to the invasion and obviously some of his appointees were poor picks given our post-9/11 hindsight. My point is that there wasn't a crystal-clear picture either way prior to invasion, and Bush's vision was even more filtered because those he most trusted were unwilling or unable to tell him the whole story.

    Iraq was big stupid mess from day one, no doubt about that. But let's not try to paint the whole administration as malicious warmongering tyrants when in all reality they're just inept shoot-from-the-hip bureaucrats.

    The sad thing is, I really don't believe we'd have been much better with either of our presidential alternatives: I think Gore would have found a completely different way to bungle things after 9/11 and make someone miserable (probably us) and Kerry would probably have really fouled up the occupation...yes, even more than Bush.

    --
    120 characters for a sig? That's bloody useless.
  10. Re:Wasted chance by CodeBuster · · Score: 4, Insightful

    33% of Fox viewers said that the U.S. had actually physically found WMDs in the course of the invasion

    Unfortunately, the issue is not as black and white as the pundits on either side would like you to believe. There is, unfortunately, some wiggle room that gets used to support either one side or the other depending upon the speaker. The problem lies in the strictness of one's definition of WMDs and the categorization by some people of certain chemical weapons as WMDs despite the fact that such weapons are orders or magnitude less destructive than say the nuclear weapons that they are grouped with. Now, having said that it *is* true that US forces in Iraq have, from time to time, come across the odd Artillery shell filled with mustard or even a binary form of sarin in one case (used as a roadside bomb and a couple of US soldiers experienced minor symptoms, but no deaths). At best one could say that such finds are execeedingly rare and do not in and of themselves constitute evidence of a vast and active program on the part of Saddam to develop and use these weapons in the years immediately prior to the invasion. However, proof is proof and if even one shell is found then the number of "WMDs" was not zero and that is why the pundits continue arguing the points. This is splitting hairs maybe but if one argues that there were absolutely *no* WMDs in Iraq prior to the invasion then strictly speaking that person would be wrong. The problem lies in the use of absolutes in argumentation where even one counter-example disproves the argument.

  11. North Korea by number6x · · Score: 4, Insightful

    You make a very good point.

    North Korea is also part of the "Axis of Evil". However they have WMD's and some pretty nasty long range missiles. They may not be able to strike The US, but they could devastate South Korea, Japan and Taiwan. We keep begging North Korea to please, pretty please, come to the negotiating table. No talk of invasion there.

    Sadam complied with the U.N. inspections we demanded. Grudgingly but he complied. He ended his weapons programs and allowed us and our allies to control two thirds of his air space. (All of this had to be forced on him, but he complied).

    So the moral of the story?

    If you are an evil dictatorship, do not comply with The US and its allies. Build up your arsenal and become as powerfull and as dangerous as possible. The US only invades weaklings. The US begs for negotiations with the dangerous crackpots.

    I believe Iran watched all of this unfold. The way Sadam and Iraq complied, and were rewarded with invasion. The way North Korea refused to comply and became more dangerous, and gets more and more aid on its terms.

    This is why Iran has restarted its nuclear program.

    Pretty good foreign policy we have, huh?