Facebook Master Password Was "Chuck Norris"

← Back to Stories (view on slashdot.org)

Facebook Master Password Was "Chuck Norris"

Posted by samzenpus on Thursday January 21, 2010 @07:56AM from the ad-nauseum-roundhouse dept.

I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."

36 of 319 comments (clear)

Chuck Norris... by thewils · 2010-01-21 07:57 · Score: 4, Insightful

doesn't need a password.

--
Once I was a four stone apology. Now I am two separate gorillas.
1. Re:Chuck Norris... by Anonymous Coward · 2010-01-21 07:59 · Score: 5, Funny
  
  Will he brute force his way in?
2. Re:Chuck Norris... by Em+Emalb · 2010-01-21 08:00 · Score: 5, Funny
  
  In Soviet Russia, passwords ask for Chuck Norris.
  
  --
  Sent from your iPad.
3. Re:Chuck Norris... by Anonymous Coward · 2010-01-21 08:01 · Score: 5, Funny
  
  Chuck Norris types in his name as the Username and a program never has the chance to ask for a Password.
4. Re:Chuck Norris... by Zarf · 2010-01-21 08:03 · Score: 4, Funny
  
  Chuck Norris doesn't need a password, he just round-house kicks the keyboard into submission.
  
  --
  [signature]
5. Re:Chuck Norris... by electricbern · 2010-01-21 08:22 · Score: 4, Insightful
  
  That joke is so clever you get modded insightful for calling it clever. It had to be about Chuck Norris.
  
  --
  alias possession='chmod 666 satan && ls /dev > il && tail daemon.log'
6. Re:Chuck Norris... by Eric52902 · 2010-01-21 08:40 · Score: 5, Funny
  
  ^ Chuck Norris must have gotten to him
7. Re:Chuck Norris... by skelterjohn · 2010-01-21 10:22 · Score: 4, Insightful
  
  The joke is so clever that you get modded insightful for talking about how someone got modded insightful for calling it clever.
  Hopefully we'll see some recursion here...
8. Re:Chuck Norris... by ImprovOmega · 2010-01-21 10:46 · Score: 5, Funny
  
  Can Chuck Norris create a password SO strong that he, himself, cannot crack it?????
  Yes.
  And then he can crack it.
Not the master password by DoofusOfDeath · 2010-01-21 08:00 · Score: 5, Funny

It's not Facebook's fault: it's not like they actually set the master password to "Chuck Norris".
The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
1. Re:Not the master password by hansamurai · 2010-01-21 08:05 · Score: 3, Insightful
  
  My pants...
  this is idle, right?
  
  --
  Reviewing just the first hour of video games.
2. Re:Not the master password by zig007 · 2010-01-21 10:07 · Score: 5, Funny
  
  Try this when attempting to enter a club. When the bouncer denies you entry
  "Attempting"....Not "if" but "when"....
  Make no mistake, this is definitely Slashdot. :-)
  
  --
  Baboons are cute.
Reason #2378238 not to be on Facebook by Anonymous Coward · 2010-01-21 08:01 · Score: 5, Insightful

Like you need another reason?
SHOCKER by Monkeedude1212 · 2010-01-21 08:01 · Score: 4, Insightful

Nearly everything you've ever done on the site is recorded into a database
Considering nearly everything you ever do on Facebook is made public to either your friends or everybody - thats not shocking at all. The entire system is basically built around informing everybody of everything you do. You can't even perform an action without some app or another prompting you "Do you want to post this on your profile? YES/NO".
And for those of you wondering, it's obvious what the new password is;
The only man to have ever beaten Chuck Norris? Bruce Lee.
1. Re:SHOCKER by JeffSpudrinski · 2010-01-21 09:35 · Score: 5, Funny
  
  If 24 starred Chuck Norris, it would have been called "1".
  And most of that time would have been Chuck just taking his time to get there...
  -JJS
There's funny... by DeadPixels · 2010-01-21 08:03 · Score: 3, Insightful

There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.

There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.
1. Re:There's funny... by coastal984 · 2010-01-21 08:12 · Score: 5, Insightful
  
  There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet. But Facebook WAS a couple of teenagers running a web server (He was 19 when FB launched)... and it grew. Not that I don't disagree with it being irresponsible, I'm just saying...
2. Re:There's funny... by carvell · 2010-01-21 08:16 · Score: 5, Informative
  
  The default password only worked from the Facebook office on the Facebook ISP.
3. Re:There's funny... by Rary · 2010-01-21 08:17 · Score: 5, Informative
  
  There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.
  Despite what the summary and title say, the password was not "Chuck Norris". The password was a combination of uppercase letters, lowercase letters, numbers, and symbols that essentially spelled "Chuck Norris". In other words, probably something like "(hu(|<N0rr15". Also, it only worked from within the Facebook office, and was only known to certain individuals. It's not like you or I could have used the password from home to enter anyone's account.
  
  There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.
  It's pretty normal for support personnel to have access to production systems in order to provide support.
  
  --
  "You cannot simultaneously prevent and prepare for war." -- Albert Einstein
4. Re:There's funny... by Ma8thew · 2010-01-21 08:17 · Score: 4, Informative
  
  RTFA. Firstly, it wasn't just "Chuck Norris", the interviewee didn't reveal the actual password, but suggested it included numbers and symbols. And secondly, it only worked within Facebook's internal network.
5. Re:There's funny... by kevinNCSU · 2010-01-21 08:19 · Score: 3, Interesting
  
  It's probably worth noting that it could only be used from Facebook's internal network. Not that it wasn't still a risk to privacy, but not quite as bad as it sounds at first pass.
6. Re:There's funny... by Rary · 2010-01-21 09:11 · Score: 5, Informative
  
  Inquiry, how do you know this? You from facebook?
  No, I used a novel new approach to acquiring information — I read the article.
  
  --
  "You cannot simultaneously prevent and prepare for war." -- Albert Einstein
7. Re:There's funny... by shutdown+-p+now · 2010-01-21 10:08 · Score: 5, Funny
  
  No, I used a novel new approach to acquiring information — I read the article.
  I'll go fetch the torches, guys.
Re:Chuck Norris Jokes by maxume · 2010-01-21 08:09 · Score: 4, Funny

So this guy shot Chuck Norris in the face with a shotgun, and then he ended up in prison, because murder is illegal.

--
Nerd rage is the funniest rage.
TFA accuracy? by carvell · 2010-01-21 08:11 · Score: 4, Insightful

Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?

Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.

This is rubbish, isn't it?

I've just typed "a" into the search box and it comes up with an alphabetical list of contacts. The first one happens to be someone whos profile I don't think I've ever clicked on.
1. Re:TFA accuracy? by Anonymous Coward · 2010-01-21 08:18 · Score: 5, Funny
  
  You don't have any friends.
Re:Chuck Norris Jokes by Anonymous Coward · 2010-01-21 08:12 · Score: 5, Funny

I think you meant because suicide is illegal.
Chuck Norris... by SoundGuyNoise · 2010-01-21 08:14 · Score: 4, Funny

...can actually type ******** into any system and login successfully.

--
You never expect irony, do you?
Want to be a professional wrestler? Visit www.iyfwrestling.com
@iyfwrestling
The very idea of a "master password" seems scary.. by mi · 2010-01-21 08:15 · Score: 5, Funny

I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?

--
In Soviet Washington the swamp drains you.
Chuck Norris is good security by nilbog · 2010-01-21 08:15 · Score: 5, Funny

At least the master password wasn't something weak like "Rick Moranis." By using Chuck Norris, you can tell Facebook was taking security seriously.

--
or else!
google has a similar set up by circletimessquare · 2010-01-21 08:18 · Score: 5, Funny

in fact, a little known subplot in the whole drama last week over china hacking into google email servers is that chinese intel knew the master password for gmail was "chuck norris"
problem was, when the chinese spies typed chuck norris into the human rights activists' email logins, the password itself would jump off the computer screen, hit the spy with five roundhouse kicks to the face, then smash their keyboard into dust just by giving it a hard stare
so the chinese government had no other choice but to hire hackers to break into the accounts. because even when they hired seven of the greatest kung fu masters and the most proficient in the eighteen arms of wushu in all of china to stand by while the spy logged in, plus jet li, plus jackie chan, and plus the reanimated cyborg admantium zombie of bruce lee, the chuck norris password still roundhouse kicked all of them into submission

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
We Have A "Magic" Password Too by TheNinjaroach · 2010-01-21 08:35 · Score: 3, Insightful

We have a "magic" password for our internal website as well as our customer website. It's highly obscure and serves as a great tool for walking our customers through issues they have with the website, since it changes quite a bit depending on who they are. So I'm not really surprised Facebook has (had) a "magic" password, but I was pretty disappointed to read in the summary it was something as simple as "Chuck Norris." Then I read this:

I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less.
Sounds like it was obscure enough to me. If a user just happened to be using that password they would have never known it was magic unless they thought to try it on another user id.

--
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
But it only works ... by Ungrounded+Lightning · 2010-01-21 08:52 · Score: 3, Insightful

The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
But it only works for Chuck Norris.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Now its ... by PPH · 2010-01-21 09:01 · Score: 5, Funny

... Paris Hilton. So anyone can get in.

--
Have gnu, will travel.
Stores in a database by ucblockhead · 2010-01-21 09:21 · Score: 3, Insightful

Nearly everything you've ever done on the site is recorded into a database.
Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.
Seriously, I expect this kind of idiocy from the AP, but I thought slashdot editors were supposed to be technical. Nearly every goddamn site stores user data in a database, and in nearly all these cases there are employees with the master passwords that allow them to see every damn thing. (Except, if you're lucky, the password.)

--
The cake is a pie
Re:i am the Keymaster by BobMcD · 2010-01-21 09:22 · Score: 3, Funny

Don't look now, but you just propositioned a dude for sex...