Slashdot Mirror
Facebook Master Password Was "Chuck Norris"
I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."
If you read the article, the "master password" wasn't really a master password. It only worked if you were in the Facebook offices on one of their computers. And if you had access to that, you almost certainly had access to the database too.
The default password only worked from the Facebook office on the Facebook ISP.
There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.
Despite what the summary and title say, the password was not "Chuck Norris". The password was a combination of uppercase letters, lowercase letters, numbers, and symbols that essentially spelled "Chuck Norris". In other words, probably something like "(hu(|<N0rr15". Also, it only worked from within the Facebook office, and was only known to certain individuals. It's not like you or I could have used the password from home to enter anyone's account.
There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.
It's pretty normal for support personnel to have access to production systems in order to provide support.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
RTFA. Firstly, it wasn't just "Chuck Norris", the interviewee didn't reveal the actual password, but suggested it included numbers and symbols. And secondly, it only worked within Facebook's internal network.
True, but you guys also may be allowed the odd pint with lunch. Not so here in the United States of Amerika.
I am Bennett Haselton! I am Bennett Haselton!
Inquiry, how do you know this? You from facebook?
No, I used a novel new approach to acquiring information — I read the article.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
Norris was defeated in his first two tournaments, dropping decisions to Joe Lewis and Allen Steen and three matches at the International Karate Championships to Tony Tulleners. By 1967 Norris had improved enough that he scored victories over the likes of Lewis, Skipper Mullins, Arnold Urquidez, Victor Moore, Ron Marchini, and Steve Sanders. In early 1968, Norris suffered the tenth and last loss of his career, losing an upset decision to Louis Delgado.
From http://en.wikipedia.org/wiki/Chuck_Norris
Worse still, he typed an upper case letter for the first time in a decade! Foolish circletimessquare, you should have disabled your shift key.
If you use firefox, there's a greasefire script called Moderatrix that adds a confirmation button to the /. moderating system.
Our culture doesn't get smarter, it just finds new ways of being retarded.
The summary is incorrect. He says the password used symbols etc and looked like Chuck Norris, but was not exactly "Chuck Norris". Also this password only worked if you were at the facebook office.
Both. Chuck Norris is the most interesting man in the world.
The world is how you make it