Slashdot Mirror
Facebook Master Password Was "Chuck Norris"
I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."
doesn't need a password.
Once I was a four stone apology. Now I am two separate gorillas.
It's not Facebook's fault: it's not like they actually set the master password to "Chuck Norris".
The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
Like you need another reason?
Nearly everything you've ever done on the site is recorded into a database
Considering nearly everything you ever do on Facebook is made public to either your friends or everybody - thats not shocking at all. The entire system is basically built around informing everybody of everything you do. You can't even perform an action without some app or another prompting you "Do you want to post this on your profile? YES/NO".
And for those of you wondering, it's obvious what the new password is;
The only man to have ever beaten Chuck Norris? Bruce Lee.
There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.
There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.
So this guy shot Chuck Norris in the face with a shotgun, and then he ended up in prison, because murder is illegal.
Nerd rage is the funniest rage.
Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?
Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.
This is rubbish, isn't it?
I've just typed "a" into the search box and it comes up with an alphabetical list of contacts. The first one happens to be someone whos profile I don't think I've ever clicked on.
I think you meant because suicide is illegal.
Chuck Norris doesn't leave a room.
He lingers like a curry fart.
Sent from your iPad.
Well ... I found my new password.
...can actually type ******** into any system and login successfully.
You never expect irony, do you?
Want to be a professional wrestler? Visit www.iyfwrestling.com
@iyfwrestling
I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?
In Soviet Washington the swamp drains you.
At least the master password wasn't something weak like "Rick Moranis." By using Chuck Norris, you can tell Facebook was taking security seriously.
or else!
in fact, a little known subplot in the whole drama last week over china hacking into google email servers is that chinese intel knew the master password for gmail was "chuck norris"
problem was, when the chinese spies typed chuck norris into the human rights activists' email logins, the password itself would jump off the computer screen, hit the spy with five roundhouse kicks to the face, then smash their keyboard into dust just by giving it a hard stare
so the chinese government had no other choice but to hire hackers to break into the accounts. because even when they hired seven of the greatest kung fu masters and the most proficient in the eighteen arms of wushu in all of china to stand by while the spy logged in, plus jet li, plus jackie chan, and plus the reanimated cyborg admantium zombie of bruce lee, the chuck norris password still roundhouse kicked all of them into submission
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
that prison's name was Chuck Norris
are you the Gatekeeper?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Actually, as it is, it's the best joke ever.
It's a shame the summary doesn't somehow provide you with access to more detailed information on the topic, like an article or something. If it did, you could read that and find out that there is no longer a master password (or at least, so they claim), as they've replaced that concept with a newer admin tool.
However, I disagree; in the context of FB, the idea of a master password is not scary.
Read the article. They replaced it with a system where developers click a widget and fill in the justification for the access.
Nerd rage is the funniest rage.
something lame like "root".
Best Slashdot Co
I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?
Obama
I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less.
Sounds like it was obscure enough to me. If a user just happened to be using that password they would have never known it was magic unless they thought to try it on another user id.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
doesn't sleep.... he stalks your facebook photos
Jason-Palmer.com
They tried to change it, but once a password's been set to Chuck Norris, password changes just get fucked up.
'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
Nearly everything you've ever done on [insert any social network] is recorded into a database!
--
Nineteen frigging 80 called, it wants to apologize for foisting David Spade on us.
Sent from your iPad.
The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
But it only works for Chuck Norris.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So this guy shot Chuck Norris in the face with a shotgun, and then he ended up in prison, because murder is illegal.
I'm cracking up over this one. Please, please, noone fix it.
I'd tell a UDP joke, but you may not get it. I'd tell a TCP joke, but I'd have to keep repeating it until you got it.
Come on, it's not Bruce Lee. Bruce Lee is dead. The new password MUST be Jack Bauer.
Close but no cigar.
"Jack Bauer" might work for physical access. But for password access to databases and encrypted files it's "Chloe O'Brian".
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Really? Because I just Googled you on Facebook and found all kinds of images. Check. Mate.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
J03 pisC0p0
Like anyone's ever going to admit to using *that* as a password.
Non impediti ratione cogitationus.
What company would decide not to employ you for having a drink at a party in your own time? Seriously, here in the UK when we talk about what we did on the weekend at the office more than one of my bosses has to going out and getting absolutely hammered. If they saw that picture, it would only prove that your friend is a sociable person that likes to have fun; i.e. someone that will also have a sense of humour around the office. What's wrong with that?
If I have nothing to hide, you have no reason to search me
... Paris Hilton. So anyone can get in.
Have gnu, will travel.
That's the same password I have on my luggage!
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?
Obama
No, they had to change it.
[signature]
True, but you guys also may be allowed the odd pint with lunch. Not so here in the United States of Amerika.
I am Bennett Haselton! I am Bennett Haselton!
Norris was defeated in his first two tournaments, dropping decisions to Joe Lewis and Allen Steen and three matches at the International Karate Championships to Tony Tulleners. By 1967 Norris had improved enough that he scored victories over the likes of Lewis, Skipper Mullins, Arnold Urquidez, Victor Moore, Ron Marchini, and Steve Sanders. In early 1968, Norris suffered the tenth and last loss of his career, losing an upset decision to Louis Delgado.
From http://en.wikipedia.org/wiki/Chuck_Norris
Wow, I just figured out a new feature on Slashdot! You can type in, "U:username and P:password," and it will replace your password with stars.
Example:
U:JetreL
P:*******
See! That to cool what will they think of next!
If it isn't broke, tinker with it till it is!
Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.
Seriously, I expect this kind of idiocy from the AP, but I thought slashdot editors were supposed to be technical. Nearly every goddamn site stores user data in a database, and in nearly all these cases there are employees with the master passwords that allow them to see every damn thing. (Except, if you're lucky, the password.)
The cake is a pie
Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it.
I've worked for a call centre under a few contracts. That's pretty much the standard everywhere. First thing we were told before getting access to the CS tools was that yes, you could access pretty much anyone's account info you wanted, and that if you did so for any reason other than it being necessary for your work you would be fired on the spot. Only information such as passwords, credit card numbers and bank account numbers was not readily available. On one contract, we could log into anyone's account on the website and take any actions with it the user could (and then some), though this was done very rarely.
Honestly, it doesn't stress me out all that much; I put nothing on Facebook that I wouldn't want getting into others' hands. I expect that the things I set to "friends only" won't be available to the average Joe who happens by my profile, but at the same time it doesn't surprise or annoy me that Facebook employees can see it. Of course they can.
Employee: See, the thing is — and I don’t know how much you know about it — it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand..
Is this a cover of "Duh" magazine??? This holds true for just about every content / banking / email / ....ANY website ever created!! Does this guy know how websites work??? Did his uncle get him a job there???
...*ghasp*.... database!
Indeed, this very message...its now been persisted to a
Chuck Norris! Chuck Norris! ITS NOT WORKING!!!
Hopefully people realize that I owe Stephen Wright an apology (rather than not understanding the form of the typical Chuck Norris jokes).
Nerd rage is the funniest rage.
Yeah? Well Chuck Norris says he's keeping it.
What are you talking about? You've clearly never been on a 'working' lunch. People get sloshed.
I don't think there's any question that Stanford is the number one CS department in the world.
Wow, there's so much question, it's ridiculous. According to US News and World Reports 2008 (the most recent I could find), it was tied with Berkeley and MIT for #1, and even that is being generous. For a while, it was Carnegie and MIT alternating between 1 and 2 every year. Perhaps she meant "the best entrepreneurial CS program".
School teachers can and do get reprimanded if not fired for engaging in activities that, while acceptable for adults, are "corrupting" for children.
It's not about whether it's legal, or a detriment to their job performance. It's about the example they're setting for those poor, impressionable children.
If pictures of a drunk teacher found their way to the wrong parent, they'd definitely be in trouble.
True, but you guys also may be allowed the odd pint with lunch. Not so here in the United States of Amerika.
Why not?
Nowhere I've worked has had any sort of (enforced) policy on the issue. The one time I worked near a pub I would regularly have my lunch there*; officially I wasn't allowed to drink any alcohol (I think), and usually I'd order a soft drink but no one ever checked up on me. A glass of wine, or a vodka-red bull, passed my lips on more than one occasion. I can testify that I once saw my manager having a drink there at lunch time as well. As long as you don't get drunk, and work just as hard after lunch as before, what's the problem?
*It was a choice of that, an over priced cafe or Subway. The pub did great food.
If I have nothing to hide, you have no reason to search me
Indeed. Heck I was on call for New Years Eve and I flat out told my boss that if I was called I'd have to have someone else drive me in and possibly tote me to a keyboard, but I'd be there if they needed me :). She just laughed.
I'm not sure that I'd want to work somewhere that they were so uptight that they would fire you for having a shot or two (or 8) in your off time.
"People who think they know everything are very annoying to those of us who do."-Mark Twain
True Chuck Moore facts:
Chuck Moore wrote his own VLSI chip design system. In Forth.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
I was under the impression that, thanks to teacher's unions, a teacher pretty much can't get fired unless (s)he has sex with a student or something (and even then they just get suspended from active teaching while some committee "reviews" their actions). Or are you not from the US?
$ make available
School teachers can and do get reprimanded if not fired for engaging in activities that, while acceptable for adults, are "corrupting" for children.
It's not about whether it's legal, or a detriment to their job performance. It's about the example they're setting for those poor, impressionable children.
If pictures of a drunk teacher found their way to the wrong parent, they'd definitely be in trouble.
That's a ludicrous state of affairs. I work in an FE college we get kids from 14 all the way to 19. My employer hasn't once queried what I do in my own time as long it's within the law as I'm not seen to be representing them. As the drinking age here is 18 al lot of the students are doing worse themselves anyway; even the younger ones will probably be having a drink somehow anyway (underage drinking is a problem here).
I even know a couple of tutors who got drunk on college time in the presence of their line manager and other staff (it was some Jisc awards evening to do with e-learning; they won a prize) apart from cracking a couple of jokes about it, no one batted an eyelid.
Seriously people drink in their own time, that makes them normal, balanced individuals. Not devious corrupting influences out to steal babies.
If I have nothing to hide, you have no reason to search me
What state do you live in? I bet it's south of Dixie!
Buckle your ROFL belt, we're in for some LOLs.
Fuckin Chuck Norris...
In the beginning, there was null.
I am and my wife is a teacher. They don't get fired for doing a bad job. They get fired for being immoral.
Depends on the industry. I'm a doctor; the last dinner meeting (i.e., after hours) I went to, not a single person had more than three (small) glasses of wine. For lawyers, that would be the minimum at lunch.
it's all about the rules man, are you crazy! personal judgement is like a four letter word these days, under no circumstances should anyone be allowed to use their brain. even if the rules are horrifyingly stupid, they must be obeyed or we will have sauce on ice cream and cats and dogs living together!
If you mod me down, I will become more powerful than you can imagine....
Yes, it is ludicrous. That said, it's not a frequent occurrence fortunately, but definitely cause for concern. It was enough for my wife, who teaches elementary school, to make sure she deleted all of her photos of our trip to Germany a few years back. I don't think there was a single picture in that entire album where we weren't holding beer mugs as big as our heads :)
I'm not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out 'Chuck Norris,' more or less.
Lemme guess:
(|-|U(| |\|0RR15
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
The forementioned master password seems to work only on my account...
1 Earth is warming, 2 It's us, 3 it's royally bad, 4 we need to take action NOW
In the UK and Europe, drinking is much, much more socially acceptable than it is in significant parts of the US. There are still a fair number of places in the US where you can't buy alcohol at all, and most states have some degree of bizarre regulation around alcohol (who may sell it, during what hours, etc.). Being inebriated in public is a major no-no in most of the US. (Exceptions apply, of course.)
I just say, 'Custodian, show me every single facebook password.'
Theres a "Remove Tag" button under your pictures in face book. Click it and the tag is removed.
Also you can comment on your friends photos, make a brief explanation at the bottom. It will make the ribbing worse, but her future employment with the AA won't be hampered.
I'm sorry is all that too easy? Lets ban cameras from places with alcohol or facebook that'll do it.
It's pretty normal for support personnel to have access to production systems in order to provide support.
On Facebook? What support?
Please help metamoderate.
It depends on the job. I worked at a gun range and we were allowed a beer over lunch, but no one wanted to risk the lawsuit if something happened after lunch. My boss told me specifically that one beer was allowed, but highly discouraged. If you have a CDL, no drinks for eight hours before your shift.
So says the Anonymous Coward! But then, Chuck Norris will still find you and give you the roundhouse kick of death!
Similar to the upcoming US election results
Theres a "Remove Tag" button under your pictures in face book. Click it and the tag is removed.
Also you can comment on your friends photos, make a brief explanation at the bottom. It will make the ribbing worse, but her future employment with the AA won't be hampered.
I'm sorry is all that too easy? Lets ban cameras from places with alcohol or facebook that'll do it.
The article clearly states that the information - six copies of the photo - remain in Facebook's system forever. But this being /. you didn't read TFA.
This statement just released by a facebook representative:"It is sad that facebook has learned that their master password is in the wild , So we have elected to institute a new master password which will be 'roundhouse' this password will be guarded with all the technology we have available!"
FragHARD or don't frag at all
Chuck Norris is the perfect password it is impossible to hack or brute force; but it can also beat the crap out of any other password out there; he is the Irresistible Force and the Immovable Object.
The article clearly states that the information - six copies of the photo - remain in Facebook's system forever. But this being /. you didn't read TFA.
Only 20% of microfleems are subradiante! Did you know that? This being ./ your not very well read.
And that "Remove Tag" button just marks the tag as removed in the database. The tag is still sitting there for them to mine, you just can't see it anymore.
Yes, if facebook sells your deleted information to future emplyers that photo will be an embarrassment, but this photo will be tiny in comparison to the problems that will create.
This guy seems to be worried about a photo tagged without permission, which is easy to take care of on facebook, but near impossible on say flickr, or an enemies personal site.
Yeah, but the UK is filled with a bunch of piss-pots. At least according to such British television shows as Relocation, Relocation.
Not only is the local pub often just as important as the quality of the house someone is looking to buy, but almost every episode involves getting a drink. Such excuses are:
* Finding out what the house-hunters want.
* Talking about a house they've just visited.
* Talking about making an offer for a house.
* Waiting to find out if the offer has been accepted or rejected.
* Celebrating getting a house.
* Having a drink because the offer for the house was just rejected.
Now it may be that the hosts of the show are simply alcoholics, but it seems many of the guests are as well.
So I have to be on facebook to stop my friends/enemies/frenemies from tagging me in photos?
GP (modded 5 insightful) says there is no problem, just abstain from facebook and you'll be fine. Then the parent story shows that friends or others will upload photos of you, tag and discuss those photos whether or not you allow them to. Now you are in facebook's databases _forever_ even if you abstained from getting an account.
They do have Donald Knuth, so that's saying something.
Beware of bugs in the above code; I have only proved it correct, not tried it.
Bruce Campbell
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
Aww, did I piss off a moderator? You're probably the guy that forwards all the Chuck Norris jokes and thinks repeating Simpsons and Monty Python quotes verbatim is hilarious. Congradulations, you're a dickhole!
(-1, Raw and Uncut is the only way to read)
Administrators of websites can access your accounts. Oh my word!
I just wasted your mod points! HA!
Well, if slashdot posted something new, we'd have to read the article wouldn't we?
We Australians are also pretty much the people in Neighbours.
Yes. GG.
I thought about this after reading it last night. I'm pretty sure it's fake. What the guy says about PHP sounds a bit like someone who knows nothing about coding at all commenting on it yet trying to sound like they do.
I think it sounds a bit too casual and there's too much swearing for someone who is already risking his job by talking. Making it appear as if a company is full of immature jerks (however true it is) won't go down well with your employer.
br/
The pub is just a central point of British culture.
Try getting directions from a Brit without them referring to various pubs along the route.
Ask a Brit to meet you in town and see if they don't involve a pub in it somehow.
The pub to the Brit is like a café to your continental European. It's not just to go and get sloshed, it's just a major social area.
As for having a pint at lunch time, what's wrong with that? A good pint of ale with some lunch is hardly a sign of alcholism and anyone who says otherwise is over-exciting the issue.
Now there's one hoopy frood who really knows where his towel is!
Everyone knows that Chuck does not need a surname.
Free, as in your money being freed from the confines of your account.
I understand why you hope he isn't, but I don't understand why you also hope his wife isn't.
Anyway, if you are so nitpicky, don't you miss "an" before the "English teacher"? (I am not quite sure, English is not my first language.)
I don't see the problem here.
Q: What is the strongest pasword in the world?
A: "Chuck Norris"
I lost my sig.
There is no privacy. In a great many cases every URL you visit is recorded by your ISP and sold to third party companies that mine it and create spurious interpretations of it to sell their front end to marketing departments. This is nothing different. Every site records activity. It's just the personal nature of the activity that makes the idea of Facebook doing it so discomforting.
Yeah, but the UK is filled with a bunch of piss-pots.
Piss-heads; a piss-pot is exactly what it sounds like - a pot to piss into.
It's official. Most of you are morons.
What does Chuck has more that we don't have ?
Don't tell me "Karma" because I'm having plenty of that left.. It must be something else! Something biometric ..
oh probably Chuck Norris doesn't need biometrics to enter something ..
I'm sleeptyping again!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
will cause nearby monsters to flee.
And the odd tits too ;-)
He asked if I'm from the US. I am.
> I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?
Actually, it's Tokugawa Mujahibamidad Prolszinoczewski Cohen now. They wanted to be more culturally inclusive.
Cut that out, or I will ship you to Norilsk in a box.
If you're not on Facebook your tags won't be grouped - you'll be named with no link and no way to view other photos of you. Meaning the people who see your tag have already found the photo by other means. Making the tag pretty much useless.
Another commentator pointed out that if they get your name right, people can group your photos, for example by googling you:
http://images.google.com/images?imgtbs=s&hl=en&rlz=1C1GGLS_enUS354US354&um=1&sa=1&q=%22Mathias+Smith%22+site:facebook.com&aq=f&oq=&aqi=&start=0
Not as easy as friending you and clicking on "view photos of Mathias", but worrying, especially considering that that data is there forever and better data mining may be applied in the future.