Fox News' FTP Password Anyone?

An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.

Re:Great all we need.

[Red Flayer]

and finally Hackers gone wild at Spring break.

If that video is similar to any of the other Spring break videos I've "heard about", I do not want to see it.

Either that, or we need to begin teaching nubile drunken 22-year-olds to hack.

Not really going to harm Fox

[SilentChris]

In all fairness (do they even deserve it?), the password listed in the script is for ZDNet's FTP, not Fox. Still pretty embarrassing, but it's not going to hurt Fox at all (I imagine it could have hurt CNet/ZDNet). And it definitely could've hurt the relationship between both corporations' IT departments.

There seems to be a string of these lately between content aggregators. About a month ago there was that page on MS's site endorsing Linux. Turns out the content was from another site (I think, actually, CNet).

Not to say I'm not totally surprised. In this day when about 50% of someone's site is content from somebody else, it's not surprising there's snafus. I'm just waiting for the day when one of the sites leaves up SSH logins for another.

Re:Wasted chance

[MindKata]

... And when they get hacked, they can get ton's of free publicity telling the whole world of the dangers of hackers... They would probably be only too happy to get hacked, for all the extra free news coverage it would get them on other networks.

Re:what's wrong with T1me Out

[Anonymous Coward]

I'm not that much into security, so I hope I don't sound "pathetic", but I was wondering what's wrong with the 'T1me Out' password. I'd say all company passwords I've ever had were no harder than that, and none of them had a space in it.

Yeah, no kidding. At one of my previous employers (double checking that I have ticked "Post anonymously"....check), which we might call "Chinese national insurance" (I am not Chinese, nor have I ever worked at a insurance company), Linux root or Windows admin password for all computers were either "Chinese" or "national insurance". When asking the senior sysadmin if that was a good idea, he said "we have a lot of firewalls, so it's fine".

Re:I'm no lawyer, but...

[vulgrin]

Yeah, but if you were a total dick (like Fox News) then I might move it to another level of the parking garage to teach you a lesson.

Employee information leaked

[Anonymous Coward]

There was over 4GB of employee data on the FTP, including username, name, email, password, address, etc.

Ditto on all accounts

[benhocking]

There was a recent podcast [thislife.org] from This American Life (hardly the bastion of conservative thought) where a (former) teenager whose job it was to spread propaganda from Saddam's government said he was afraid about what would happen when the war started because he wasn't sure whether or not his government had chemical weapons, etc. Yes, there's a difference between some teenager (even if he and his father worked for the government) and our intelligence community. Yes, fundamental flaws exist/existed in our intelligence community, partly no doubt due to our administration's tendencies to promote "yes men". Yes, there's a difference between thinking they're there and declaring that you know exactly where they are. However, I'm still going with Hanlon's razor [wikipedia.org] on this one.

Re:what's wrong with T1me Out

[eth1]

YwMCU07D?

Wimp. Real men use
dd if=/dev/random bs=1024 count=1 | passwd --stdin

Re:Wasted chance

[Anonymous Coward]

There was a lot of bad information in the days before the invasion. The problem was compounded by the fact that the intelligence community seemed to be largely composed of yes men who were looking to tell the president what he wanted to hear. I honestly believe the president simply didn't have all the facts at hand because he was so keen on invading Iraq and none of his advisors wanted to tell him it was a bad idea.

So the president surrounds himself with people who only tell him what he wants to hear, then you excuse his mistakes because he was surrounded by people who only told him what he wanted to hear? Here is a suggestion, maybe the president should take responsibility for surrounding himself with people who tell him the truth. Maybe people who tell something he doesn't want to hear shouldn't have been gagged, ignored etc. You reckon he didn't notice when every shred of evidence they presented to the UN was shredded within days that maybe, just maybe, they had it wrong?

Re:Wasted chance

[Anonymous Coward]

You do realise that most of the insurgents in Iraq are natives? It is surprising how pissed off one can get at the people who come in and knock your country back to stone age and pretend it's for your own good. Not to mention the more personal effect of having family members killed/tortured/raped by the invaders.

Re:Wasted chance

[jimicus]

My memory may be faulty and I can't be bothered to search for a citation, but didn't it come out before the war started that all of those intelligence agencies were basing their information on a single, discredited source?

Disney's website Security

[youthoftoday]

I was once visiting the offices of a design firm that was doing some work for Disney. As far as I remember, the procedure for adding new content was:

- Email the admins (with password), requesting an upload opportunity giving detail of content and approval reference
- Admins create FTP account on a purpose-built server
- Admins send back time-sensitive FTP details
- Design company uploads to FTP server
- Committees review content, send authorization to admins
- Admins upload content.

And this was for already-approved work. Kinda puts this level of security to shame...

Speaking of "rewriting history"...

[smitth1276]

It is simply fact that every intelligence agency on the planet thought Saddam had WMDs. The questions only concerned the state of his nuclear program. Go read Hans Blix's report to the UNSC in February, right before the invasion. Inform yourself.

And, contrary to popular myth, the evidence still supports the notion that Saddam was seeking uranium in Niger... Joe Wilson's own report said that the former Nigerian PM interpreted Iraqi overtures to "expand business relations" as a desire to purchase uranium, and the British intelligence still stands by their own independent determination to that effect--indeed, their government investigated it after the whole Wilson debacle and concluded that the claims were "well founded". In other words, simply claiming that it was "a lie", like some uber-partisan cartoon, doesn't win you any points here.

The real question about the uranium is this: Why would Iraq be looking for uranium from Niger when we found 500 tons of yellowcake [signonsandiego.com] that they already had laying around?

Re:Wasted chance

[GrayCalx]

My memory may be faulty and I can't be bothered to search for a citation, but didn't it come out before the war started that all of those intelligence agencies were basing their information on a single, discredited source?

Yeah, I'm not sure either but I have a similar memory. I mean the point that proves they were wrong the most is simply that nothing has been found in Iraq. I definitely wasn't trying to say that they were right... only that several of the world's intelligence agencies believed the same thing.

Re:Wasted chance

[xeno-cat]

I lived through it all, read as many sides of the arguments as I could find, and let me tell you, Bush lied. He and his administration lied bold faced and with full knowledge of what they were doing. I see that it pretty much breaks down as follows:

1. There are the double talking scheming lying bastards who run the current US administration, and those who support them

2. There are the voices of reason and logic

3. There are the confused masses in between

Finally, there is a rather uncomfortable addition for those in category #1, namely, the facts. The facts as the were and the facts as they are. None of them supporting anything camp 1 proclaims largely because they spend most of the time touting their "alternate interpretation of reality" theory.

This is the worst bunch of cronies to land in government in my life time. And I lived through Contra Gate and S&L. And really this is the same group as they were all tied to the two aforementioned scandals as well. These guys should be arrested, tried and exiled.

Kind Regards

Re:Wasted chance

[HiThere]

I suspect that Kerry would at least have supported our own troops, rather than sending the off to battle without weapons and defenses. And would have prevented them from being fed slop while the contractors charged for restaurant grade meals.

I wish that I could disagree with you on other fronts...but I think we were set up, and not by the Iraqis. The evidence seems to point to a plot internal to the government. (Look at how quickly the PATRIOT bill was presented and passed. Notice where the anthrax came from, and who the targets were...and contemplate that the ineptitude in it's delivery may have been intentional. That may have been a public warning. Notice that the target has since died. [Damn...my memory's spotty here. I haven't been paying attention because there wasn't anything I could do and it just depresses me. What was his name? Did he die of "natural causes" or an airplane crash?])

Re:Wasted chance

[MartinG]

What makes you think keeping order is Bush's goal? If the country is in order, it might turn against him. A chaotic country is an unthreatening one.

Re:Wasted chance

[Adambomb]

I minor detail, but the 9/11 hijackers were not shiite muslims.

This is one question I wish was asked more often, despite knowing the answer, is why Saudi Arabia has been untouched by agression when the largest percentage of the hijackers were Saudi. In fact the hijackers were ALL from countries with which the oil companies...er....the US is friendly with (with Egypt being the longest stretch by that definition), primarily Saudia Arabia and the UAE [wikipedia.org].

Has anyone looked at the development of Dubai over the past 10 years? or the wealth of the royal family in Saudi Arabia? Money is flowing to someone from somewhere over there that is for sure.

Now I'm not saying that Saudi's or UAE citizens are evil by default, simply that there has been absolutely 0 backlash against these regions while the US uses 9/11 to justify everything else it has been doing everywhere else.

Wheres the puzzled slightly-tilted looks of hwhaaa?

Re:Wasted chance

[Maltheus]

I don't understand how many war critics can't stop mentioning the fact that not finding WMDs would take away all the "legitimacy" of the invasion.

Because that was our only legal basis for the war and it goes back to the Iraqi invasion of Kuwait. That invasion gave us a legal basis to invade in 1991 and the terms of the surrender called for the elimination of WMD. This was a minor provision at the time, but it was enough for us to use as an excuse to go in this time. This is all very important for people to consider because we won't have this excuse if we invade Iran. A violation of the Nuclear Non-Proliferation Treaty is not a valid basis for war. There will have to be a 'pretext' for Iran, let's hope they don't find one.

Re:Wasted chance

[volpe]

I think Gore would have found a completely different way to bungle things after 9/11

With Gore, 9/11 wouldn't have happened, because Gore would have read his Presidential Daily Briefings, and wouldn't have ignored Richard Clark for 9 months while he was jumping up and down about Al Qaeda.

Re:North Korea

[I'll Provide The War]

How is this comment not modded off-topic in a story about FTP passwords?

I don't click on stories about network security to read peoples daily kos blog.