Slashdot Mirror
Fox News' FTP Password Anyone?
An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.
Either that, or we need to begin teaching nubile drunken 22-year-olds to hack.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
In all fairness (do they even deserve it?), the password listed in the script is for ZDNet's FTP, not Fox. Still pretty embarrassing, but it's not going to hurt Fox at all (I imagine it could have hurt CNet/ZDNet). And it definitely could've hurt the relationship between both corporations' IT departments.
There seems to be a string of these lately between content aggregators. About a month ago there was that page on MS's site endorsing Linux. Turns out the content was from another site (I think, actually, CNet).
Not to say I'm not totally surprised. In this day when about 50% of someone's site is content from somebody else, it's not surprising there's snafus. I'm just waiting for the day when one of the sites leaves up SSH logins for another.
... And when they get hacked, they can get ton's of free publicity telling the whole world of the dangers of hackers... They would probably be only too happy to get hacked, for all the extra free news coverage it would get them on other networks.
There are 10 kinds of people in the world... those who understand binary and those who don't.
I'm not that much into security, so I hope I don't sound "pathetic", but I was wondering what's wrong with the 'T1me Out' password. I'd say all company passwords I've ever had were no harder than that, and none of them had a space in it.
Yeah, no kidding. At one of my previous employers (double checking that I have ticked "Post anonymously"....check), which we might call "Chinese national insurance" (I am not Chinese, nor have I ever worked at a insurance company), Linux root or Windows admin password for all computers were either "Chinese" or "national insurance". When asking the senior sysadmin if that was a good idea, he said "we have a lot of firewalls, so it's fine".
Yeah, but if you were a total dick (like Fox News) then I might move it to another level of the parking garage to teach you a lesson.
I sig, therefore I am.
There was over 4GB of employee data on the FTP, including username, name, email, password, address, etc.
There was a recent podcast from This American Life (hardly the bastion of conservative thought) where a (former) teenager whose job it was to spread propaganda from Saddam's government said he was afraid about what would happen when the war started because he wasn't sure whether or not his government had chemical weapons, etc. Yes, there's a difference between some teenager (even if he and his father worked for the government) and our intelligence community. Yes, fundamental flaws exist/existed in our intelligence community, partly no doubt due to our administration's tendencies to promote "yes men". Yes, there's a difference between thinking they're there and declaring that you know exactly where they are. However, I'm still going with Hanlon's razor on this one.
Ben Hocking
Need a professional organizer?
YwMCU07D?
Wimp. Real men use
dd if=/dev/random bs=1024 count=1 | passwd --stdin
So the president surrounds himself with people who only tell him what he wants to hear, then you excuse his mistakes because he was surrounded by people who only told him what he wanted to hear? Here is a suggestion, maybe the president should take responsibility for surrounding himself with people who tell him the truth. Maybe people who tell something he doesn't want to hear shouldn't have been gagged, ignored etc. You reckon he didn't notice when every shred of evidence they presented to the UN was shredded within days that maybe, just maybe, they had it wrong?
You do realise that most of the insurgents in Iraq are natives? It is surprising how pissed off one can get at the people who come in and knock your country back to stone age and pretend it's for your own good. Not to mention the more personal effect of having family members killed/tortured/raped by the invaders.
My memory may be faulty and I can't be bothered to search for a citation, but didn't it come out before the war started that all of those intelligence agencies were basing their information on a single, discredited source?
I was once visiting the offices of a design firm that was doing some work for Disney. As far as I remember, the procedure for adding new content was:
- Email the admins (with password), requesting an upload opportunity giving detail of content and approval reference
- Admins create FTP account on a purpose-built server
- Admins send back time-sensitive FTP details
- Design company uploads to FTP server
- Committees review content, send authorization to admins
- Admins upload content.
And this was for already-approved work. Kinda puts this level of security to shame...
-1 not first post
It is simply fact that every intelligence agency on the planet thought Saddam had WMDs. The questions only concerned the state of his nuclear program. Go read Hans Blix's report to the UNSC in February, right before the invasion. Inform yourself.
And, contrary to popular myth, the evidence still supports the notion that Saddam was seeking uranium in Niger... Joe Wilson's own report said that the former Nigerian PM interpreted Iraqi overtures to "expand business relations" as a desire to purchase uranium, and the British intelligence still stands by their own independent determination to that effect--indeed, their government investigated it after the whole Wilson debacle and concluded that the claims were "well founded". In other words, simply claiming that it was "a lie", like some uber-partisan cartoon, doesn't win you any points here.
The real question about the uranium is this: Why would Iraq be looking for uranium from Niger when we found 500 tons of yellowcake that they already had laying around?
My memory may be faulty and I can't be bothered to search for a citation, but didn't it come out before the war started that all of those intelligence agencies were basing their information on a single, discredited source?
Yeah, I'm not sure either but I have a similar memory. I mean the point that proves they were wrong the most is simply that nothing has been found in Iraq. I definitely wasn't trying to say that they were right... only that several of the world's intelligence agencies believed the same thing.
I lived through it all, read as many sides of the arguments as I could find, and let me tell you, Bush lied. He and his administration lied bold faced and with full knowledge of what they were doing. I see that it pretty much breaks down as follows:
1. There are the double talking scheming lying bastards who run the current US administration, and those who support them
2. There are the voices of reason and logic
3. There are the confused masses in between
Finally, there is a rather uncomfortable addition for those in category #1, namely, the facts. The facts as the were and the facts as they are. None of them supporting anything camp 1 proclaims largely because they spend most of the time touting their "alternate interpretation of reality" theory.
This is the worst bunch of cronies to land in government in my life time. And I lived through Contra Gate and S&L. And really this is the same group as they were all tied to the two aforementioned scandals as well. These guys should be arrested, tried and exiled.
Kind Regards
"A few great minds are enough to endow humanity with monstrous power, but a few great hearts are not enough to make us w
I suspect that Kerry would at least have supported our own troops, rather than sending the off to battle without weapons and defenses. And would have prevented them from being fed slop while the contractors charged for restaurant grade meals.
I wish that I could disagree with you on other fronts...but I think we were set up, and not by the Iraqis. The evidence seems to point to a plot internal to the government. (Look at how quickly the PATRIOT bill was presented and passed. Notice where the anthrax came from, and who the targets were...and contemplate that the ineptitude in it's delivery may have been intentional. That may have been a public warning. Notice that the target has since died. [Damn...my memory's spotty here. I haven't been paying attention because there wasn't anything I could do and it just depresses me. What was his name? Did he die of "natural causes" or an airplane crash?])
I think we've pushed this "anyone can grow up to be president" thing too far.
What makes you think keeping order is Bush's goal? If the country is in order, it might turn against him. A chaotic country is an unthreatening one.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Has anyone looked at the development of Dubai over the past 10 years? or the wealth of the royal family in Saudi Arabia? Money is flowing to someone from somewhere over there that is for sure.
Now I'm not saying that Saudi's or UAE citizens are evil by default, simply that there has been absolutely 0 backlash against these regions while the US uses 9/11 to justify everything else it has been doing everywhere else.
Wheres the puzzled slightly-tilted looks of hwhaaa?
Ice Cream has no bones.
I don't understand how many war critics can't stop mentioning the fact that not finding WMDs would take away all the "legitimacy" of the invasion.
Because that was our only legal basis for the war and it goes back to the Iraqi invasion of Kuwait. That invasion gave us a legal basis to invade in 1991 and the terms of the surrender called for the elimination of WMD. This was a minor provision at the time, but it was enough for us to use as an excuse to go in this time. This is all very important for people to consider because we won't have this excuse if we invade Iran. A violation of the Nuclear Non-Proliferation Treaty is not a valid basis for war. There will have to be a 'pretext' for Iran, let's hope they don't find one.
I think Gore would have found a completely different way to bungle things after 9/11
With Gore, 9/11 wouldn't have happened, because Gore would have read his Presidential Daily Briefings, and wouldn't have ignored Richard Clark for 9 months while he was jumping up and down about Al Qaeda.
How is this comment not modded off-topic in a story about FTP passwords?
I don't click on stories about network security to read peoples daily kos blog.