Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fox News' FTP Password Anyone?

CmdrTaco posted more than 7 years ago | from the fair-and-balanced dept.

Security 611

An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.

cancel ×

611 comments

Sorry! There are no comments related to the filter you selected.

Wasted chance (5, Funny)

Mark_in_Brazil (537925) | more than 7 years ago | (#19954783)

Dude, why didn't you look around for the bug that makes them misreport the news so horribly that a majority of FOX News viewers still believes Iraq was responsible for 9/11 and Saddam had WMDs when the US invaded?

Re:Wasted chance (4, Insightful)

mwvdlee (775178) | more than 7 years ago | (#19954833)

Because now we know; it was just some hacker prank.

Re:Wasted chance (2, Interesting)

MindKata (957167) | more than 7 years ago | (#19954959)

... And when they get hacked, they can get ton's of free publicity telling the whole world of the dangers of hackers... They would probably be only too happy to get hacked, for all the extra free news coverage it would get them on other networks.

Re:Wasted chance (5, Funny)

niceone (992278) | more than 7 years ago | (#19954839)

Hey, that's not a bug - it's a feature.

Re:Wasted chance (1, Insightful)

Cryophallion (1129715) | more than 7 years ago | (#19954951)

Fox news definately has some perspective issues - but WMD's isn't one of them. Even CLINTON believed they were there. Not trying to start a war - I am just sick of hearing about WMD's, when we all thought they were there. Iraq as the cause for 9/11 though - that's a crazy concept.

http://www.truthorfiction.com/rumors/b/bushlied. htm

Re:Wasted chance (3, Informative)

jrumney (197329) | more than 7 years ago | (#19954973)

Clinton believed they were there, because at the time Saddam was refusing to let UN inspectors do their job. By the time Bush had invaded, the UN inspectors had already been in and found nothing.

Re:Wasted chance (-1, Troll)

ednopantz (467288) | more than 7 years ago | (#19955207)

Absence of evidence....

Actually, weapons inspector reports were the main source of the "Saddam had WMDs" data since the Iraqis systematically lied to them so many times they lost track of the actual truth.

But people like simple stories with comic book villains and if seeing GW Bush as evil, omnipotent, and omniscient makes your universe make sense, whatever. Enjoy your Chomsky and bong hits kid.

Re:Wasted chance (3, Insightful)

Rakshasa Taisab (244699) | more than 7 years ago | (#19955217)

There's also a difference between 'believing they're there' and 'going to war cause you know they're there, no matter what others think about your plans'.

Re:Wasted chance (3, Informative)

mh1997 (1065630) | more than 7 years ago | (#19955235)

Clinton believed they were there, because at the time Saddam was refusing to let UN inspectors do their job. By the time Bush had invaded, the UN inspectors had already been in and found nothing.
Actually, Clinton and Bush both new that Saddam had chemical and biological weapons because the USA sold them to him (http://www.commondreams.org/headlines02/0908-08.h tm). However, what they did not know is if he still had them at the time of the invasion (although best guess is Bush did know that Saddam did not have them anymore), where they were, and if they were degraded to the point that they were no longer weaponizable.

Not defending Bush, I didn't vote for him, but I am tired of this WMD crap also.

Re:Wasted chance (3, Informative)

Aexia (517457) | more than 7 years ago | (#19955173)

After Operation Desert Fox in 1998, Hussein's remaining WMD programs were finished off.

It's rather disengenuous to cite quotes from 1998 when he did have WMD programs to justify actions taken in 2003 when he did not have any WMD programs.

Re:Wasted chance (1)

World.Pop(MPAA) (998700) | more than 7 years ago | (#19955219)

I even heard Iran and North Korea had them too! You know what's even crazier???? None of the 9-11 hijackers had any connection to Iraq, and Saddam didn't care for radical Shiite Islamic Fundamentalism! Why is it only certain countries have the explicit right to own/maintain WMD? If America wants to encourage countries not to proliferate, would it not make sense to disband our own arsenal? Who are we going to use it on anyway?

Re:Wasted chance (0)

Anonymous Coward | more than 7 years ago | (#19955231)

"I am just sick of hearing about WMD's, when we all thought they were there"

I didn't - and neither did millions of others across the globe; but then we don't get Fox news...

Re:Wasted chance (1)

LurkerXXX (667952) | more than 7 years ago | (#19955287)

*we* all thought they where there? Bullshit. I didn't. The U.N. inspectors told us they weren't there. Yes, Saddam occasionally would kick the U.N. inspectors out for a few weeks, but they'd keep going right back in. In fact, we had to specifically order the inspectors OUT, so they wouldn't get killed during the invasion.

Re:Wasted chance (1)

okinawa_hdr (1062664) | more than 7 years ago | (#19955301)

I didn't think they were there, but then again, I require something called "proof".

Re:Wasted chance (3, Informative)

Legion303 (97901) | more than 7 years ago | (#19955333)

"Even CLINTON believed they were there."

Yep. In 1998. Then we invaded, destroyed stockpiles, and ushered in the inspection teams.

What that has to do with GWB's claims in 2003 I don't know, but I'm sure that completely unbiased and non-partisan site you linked to has an answer.

Re:Wasted chance (5, Insightful)

dcollins (135727) | more than 7 years ago | (#19955425)

This isn't about believing in WMDs before the invasion. This is about believing that we found WMDs AFTER the invasion. In an October 2003 poll, for example, 7 months after the invasion, 33% of Fox viewers said that the U.S. had actually physically found WMDs in the course of the invasion. That's 10% higher than the next most confused media viewership. This is what some of us would really love to see explained by you "nothing to see here" apologists. Or else, it sounds like you still maintain that's a reasonable belief today?

http://www.americanassembler.com/issues/media/docs /Media_10_02_03_Report.pdf [americanassembler.com]

Weapons of Mass Destruction
As discussed, when respondents were asked whether the US has "found Iraqi weapons of mass destruction" since the war had ended, 22% of all respondents over June-September mistakenly thought this had happened. Once again, Fox viewers were the highest with 33% having this belief. A lower 19-23% of viewers who watch ABC, NBC, CBS, and CNN had the perception that the US has found WMD. Seventeen percent of those who primarily get their news from print sources had the misperception, while only 11% of those who watch PBS or listen to NPR had it.

Re:Wasted chance (0)

Anonymous Coward | more than 7 years ago | (#19955429)

"We all thought they were there"? Sorry, but you must be so deep in it you can't smell it anymore. Following international news at this time, from outside the US should I add, it was blatant that it was complete FUD. You may want to reajust your tinfoil hat, it's leaking.

Re:Wasted chance (2, Funny)

Anonymous Coward | more than 7 years ago | (#19954965)

"T1me Out"... that's the kind of password an idiot would use on his luggage!

Re:Wasted chance (1)

slimshadow (231789) | more than 7 years ago | (#19955139)

remind me to change the password on my luggage!

Re:Wasted chance (5, Informative)

include($dysmas) (729935) | more than 7 years ago | (#19954987)

the usual call to RTFA ... this is from the lame "the DoD are after me for using vista" site, who approved it ffs? read the article they link to (and link directly next time, stop paying them in ads!), its an account to grab files from zdnet, not an account into fox news, does it even have write access? dont let the facts get in the way of alarmist bs tho

Re:Wasted chance (1)

N8F8 (4562) | more than 7 years ago | (#19955165)

Or the brainwash program over at CNN that convinced 2/3 of the country the reason we invaded Iraq the second time was WMD. Can we say staw man?

Re:Wasted chance (1)

thethibs (882667) | more than 7 years ago | (#19955305)

Damn, I'd love to have the tinfoil franchise for Slashdot.

Another Example of /.'s Political Bias (0, Offtopic)

dammy (131759) | more than 7 years ago | (#19955319)

This story is worthy of /. news? What was I expecting this morning, more tech reports/stories on technology? Silly me, instead I get some silly liberal biased non-story instead.

Dammy

HaHa (5, Funny)

Anonymous Coward | more than 7 years ago | (#19954787)

You're going to jail and slashdot is getting shut down. It's a federal offense to interfere with an official government propaganda outlet.

Re:HaHa (1)

The_Fire_Horse (552422) | more than 7 years ago | (#19954877)

So Fox news leaves their front door key under the welcome mat and someone walks into the house:
illegal trespass - perhaps
break and enter - doubtful
OMFG TERRORIST - get bent

Re:HaHa (0)

Anonymous Coward | more than 7 years ago | (#19954985)

I'm just waiting for Fox News to run a story revealing Slashdot server admin passwords.

PMITA-prison galore (0)

Anonymous Coward | more than 7 years ago | (#19955053)

"News from people fucked in the ass on a regular basis and who fear showers" jailhouse-title no different than that of today.

Nice... (5, Funny)

x3rc3s (954149) | more than 7 years ago | (#19954801)

Enjoy your stay in gitmo!

Okay (0, Redundant)

elrous0 (869638) | more than 7 years ago | (#19954815)

Somehow I doubt the FBI will find it amusing.

No doubt they will not (0)

Anonymous Coward | more than 7 years ago | (#19955279)

FOX is nothing but their mouthpiece as it is ran by republicans.

Linux Ver Security hole, fox stupidity, or both? (0, Redundant)

muindaur (925372) | more than 7 years ago | (#19954821)

I wonder if they used ubuntus defaults for apache, too bad they didn't use gentoo, the default install turns off that directory tree. Anyone know if this is the default setting for ubuntu, the lnux os listed by apache in the directory tree.

Re:Linux Ver Security hole, fox stupidity, or both (4, Funny)

Anonymous Coward | more than 7 years ago | (#19954871)

Oh shut the fuck up, you Gentoo fanboi. If they used Gentoo, the server would still be recompiling from a kernel update six months ago. Take your Genntoo, and jam it up your ass sideways and backwards. It's 0.038% more optimized for that.

Re:Linux Ver Security hole, fox stupidity, or both (-1, Offtopic)

ceeam (39911) | more than 7 years ago | (#19954967)

Take your Genntoo, and jam it up your ass sideways and backwards. It's 0.038% more optimized for that.

Brilliant. Somebody mod him up!

UP UP UP (0, Offtopic)

newr00tic (471568) | more than 7 years ago | (#19955091)

way up!

Re:Linux Ver Security hole, fox stupidity, or both (1)

muindaur (925372) | more than 7 years ago | (#19955055)

I'm asking if that truly is Ubuntus default or if the fuckheads at Fox changed it. I'm not saying that Gentoo is superior I'm just saying that its default is to turn it off to establish a basis of comparison since that is the Linux version I am most familiar with. Each person has their own flavor and I'm just curious if this is a security hole since I feel that if the directory tree is on by default that is a major security hole because I wouldn't want others to browse the site tree with files such as the one mentioned in the article.

Re:Linux Ver Security hole, fox stupidity, or both (0, Offtopic)

228e2 (934443) | more than 7 years ago | (#19955177)

this is too funny for troll . . . c'mon mods!

Re:Linux Ver Security hole, fox stupidity, or both (1)

BHearsum (325814) | more than 7 years ago | (#19954949)

NOT +1 interesting. The FTP service is "Microsoft FTP Service".

Re:Linux Ver Security hole, fox stupidity, or both (2)

muindaur (925372) | more than 7 years ago | (#19955185)

http://www.foxnews.com/admin/xml_parser/zdnet/ [foxnews.com] Apache/2.2.3 (Ubuntu) PHP/5.2.1 Server at www.foxnews.com Port 80 This is the page the author of the article said he accessed to get the shell script which he would not have gotten if the settings had the directory tree turned off and I feel is the authors point.

Re:Linux Ver Security hole, fox stupidity, or both (1)

pete.com (741064) | more than 7 years ago | (#19955393)

that's just what they want us to think

oblig SpaceBalls (0, Funny)

Anonymous Coward | more than 7 years ago | (#19954831)

That's the same password to my locker!

Changed by whom? (5, Funny)

Anonymous Coward | more than 7 years ago | (#19954835)

Now the question is, was it changed by Fox or someone else.

Great all we need. (5, Funny)

forgotten_my_nick (802929) | more than 7 years ago | (#19954861)

That is all we need, months of stories how "evil hackers got into Fox network"

Followed up with "Hackers: Evil and must be stopped?" to linking hacking to Obama, a danger to your kids and finally Hackers gone wild at Spring break.

Re:Great all we need. (1)

hoggoth (414195) | more than 7 years ago | (#19954909)

Chris Hanson is moving to FOX to host Dateline: To Catch A Hacker.

Re:Great all we need. (2, Interesting)

Red Flayer (890720) | more than 7 years ago | (#19954919)

and finally Hackers gone wild at Spring break.
If that video is similar to any of the other Spring break videos I've "heard about", I do not want to see it.

Either that, or we need to begin teaching nubile drunken 22-year-olds to hack.

Re:Great all we need. (2, Funny)

sammy baby (14909) | more than 7 years ago | (#19954995)

You missed another possibility: that we'll be throwing beads at pasty, flabby geeks to get them to put their clothes back on.

Re:Great all we need. (0)

Anonymous Coward | more than 7 years ago | (#19955093)

Those are some titties I dont wanna see!

Full Disclosure? (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#19954865)

I will join you on the bandwagon -
right after waking up... I took a dump today. It was solid.

There you go. Breaking news.

Re:Full Disclosure? (1)

tgatliff (311583) | more than 7 years ago | (#19955233)

Talk about a crappy news day...

what's wrong with T1me Out (5, Insightful)

wheretheicegrows (996432) | more than 7 years ago | (#19954867)

I'm not that much into security, so I hope I don't sound "pathetic", but I was wondering what's wrong with the 'T1me Out' password. I'd say all company passwords I've ever had were no harder than that, and none of them had a space in it. And honestly how many of you guys use a password like YwMCU07D?

Re:what's wrong with T1me Out (5, Funny)

AlHunt (982887) | more than 7 years ago | (#19954925)

>And honestly how many of you guys use a password like YwMCU07D?

Great - now I have to go change all my passwords.

Re:what's wrong with T1me Out (2, Funny)

tehcyder (746570) | more than 7 years ago | (#19955389)

>And honestly how many of you guys use a password like YwMCU07D?
Great - now I have to go change all my passwords.
Me too!

Re:what's wrong with T1me Out (1)

Enry (630) | more than 7 years ago | (#19954927)

> And honestly how many of you guys use a password like YwMCU07D?

<joke>That's on my luggage.</joke>

Seriously, though, that's the form you should be using for passwords, especially critical ones or ones that are public-facing. Get yourself a good password manager (TealSafe, SplashID) and just keep generating new passwords for all your systems.

Re:what's wrong with T1me Out (4, Insightful)

TodMinuit (1026042) | more than 7 years ago | (#19955023)

Seriously, though, that's the form you should be using for passwords, especially critical ones or ones that are public-facing. Get yourself a good password manager (TealSafe, SplashID) and just keep generating new passwords for all your systems.
I think it's a moot point. Here, the password wasn't the failure. It could have been d41d8cd98f00b204e9800998ecf8427e and it wouldn't have made a difference.

Re:what's wrong with T1me Out (1)

screeble (664005) | more than 7 years ago | (#19955283)

Great, now I have to change my OS.

Re:what's wrong with T1me Out (1)

Anne_Nonymous (313852) | more than 7 years ago | (#19954929)

>> how many of you guys use a password like YwMCU07D

Thanks, jerk. Now I have to go change the combination on my luggage.

Re:what's wrong with T1me Out (0)

Anonymous Coward | more than 7 years ago | (#19954945)

And honestly how many of you guys use a password like YwMCU07D?

Dammit! Now I have to change it!

Re:what's wrong with T1me Out (1)

realkiwi (23584) | more than 7 years ago | (#19954947)

And honestly how many of you guys use a password like YwMCU07D?
Me. You realize you can't use that password anymore?

Re:what's wrong with T1me Out (1)

Errtu76 (776778) | more than 7 years ago | (#19954955)

I do; caps/numbers/special chars. But i agree, 'T1me Out' would be a good choice. Even Microsoft's own Password checker [microsoft.com] thinks it's a pretty good choice ;)

Re:what's wrong with T1me Out (0)

Anonymous Coward | more than 7 years ago | (#19954977)

Dictionary words with letters replaced by numbers: not enough entropy. In this case however, not even a completely random password would have saved them.

Completely random password, whatever! (3, Insightful)

morgan_greywolf (835522) | more than 7 years ago | (#19955047)

Dictionary words with letters replaced by numbers: not enough entropy. In this case however, not even a completely random password would have saved them.


Bingo! Never, ever, ever! NEVER store a password in plaintext in a script. Not ever. That's always a huge security issue, because you never know who is going to read the file. If you need unattended logins, there's SSH, Kerberos/GSSAPI, whatever.

Re:what's wrong with T1me Out (1, Funny)

Anonymous Coward | more than 7 years ago | (#19955007)

> And honestly how many of you guys use a password like YwMCU07D?

My account passwords are nothing like that and my root passwords are > 24 chars.

At the very least create a random string of 4-8 chars and use it as a (pre|post)-fix to your standard passwords.

Here's some for the lazy...

tVx1x%65
T9uOL0;{
]3HUk2:w
SWg7E1K*

Re:what's wrong with T1me Out (4, Funny)

asliarun (636603) | more than 7 years ago | (#19955035)

I agree, and my personal experience with corporate passwords has been the same. I'm sure this would disturb security geeks at various levels (or get them salivating!), but I don't see this as a *huge* loophole since most of the systems are inside the corporate firewall anyway. IMHO, this is about as big a security threat as an employee or a contractor copying sensitive data (which the password is protecting) and trying to profit from it illegally.

A system that I was managing once started crashing, and further investigation revealed that the password of an upstream system had been changed. When we contacted the admin team of the offending application, they informed us that they had upgraded the password from 123 to the "highly secure" (in their words) 234.

Re:what's wrong with T1me Out (5, Insightful)

ndixon (184723) | more than 7 years ago | (#19955099)

There's nothing really wrong with the password (though a smart dictionary-based search could discover it).

There is something very wrong with writing the password down, in plain text, on a public-facing server and assuming that no-one will be able to see it.

Re:what's wrong with T1me Out (1)

Paulrothrock (685079) | more than 7 years ago | (#19955111)

I use my own password generator [movetoiceland.com] (source code [movetoiceland.com] ) to generate secure and easy to remember passwords. It's really handy because I have accounts on a bunch of machines at work and I can't use passwords that are too hard to remember in case I need to scp from one machine to another.

Re:what's wrong with T1me Out (0)

Anonymous Coward | more than 7 years ago | (#19955125)

And, as soon as you look deeper in the site structure you find better passwords, like:

                ftp://ftp.g.ziffdavis.com/2pu8r/overture.xml [ziffdavis.com]

(And a host of others...)

Re:what's wrong with T1me Out (1, Informative)

Anonymous Coward | more than 7 years ago | (#19955215)

Ooops. I meant:

And, as soon as you look deeper in the site structure you find better passwords, like:

                ftp://Altavista_1:H1S!uwro@ftp.g.ziffdavis.com/2pu 8r/overture.xml

(And a host of others...)

Re:what's wrong with T1me Out (1)

akkarin (1117245) | more than 7 years ago | (#19955137)

Wha.. but.. how the hell did you know my password!?!

*Rushes to change password*

Re:what's wrong with T1me Out (2, Informative)

Opportunist (166417) | more than 7 years ago | (#19955171)

Current "dictionary crackers" already take care of "leet speak". I.e. they do contain "words" like h8, sk8er and so on. And of course they do try single character replacements like 1 for I and 2 for Z and so on.

In other words, yes, this password was prone to be dict'ed.

Re:what's wrong with T1me Out (1, Interesting)

Anonymous Coward | more than 7 years ago | (#19955199)

I'm not that much into security, so I hope I don't sound "pathetic", but I was wondering what's wrong with the 'T1me Out' password. I'd say all company passwords I've ever had were no harder than that, and none of them had a space in it.

Yeah, no kidding. At one of my previous employers (double checking that I have ticked "Post anonymously"....check), which we might call "Chinese national insurance" (I am not Chinese, nor have I ever worked at a insurance company), Linux root or Windows admin password for all computers were either "Chinese" or "national insurance". When asking the senior sysadmin if that was a good idea, he said "we have a lot of firewalls, so it's fine".

Re:what's wrong with T1me Out (0)

Anonymous Coward | more than 7 years ago | (#19955205)

>>And honestly how many of you guys use a password like YwMCU07D?
Look what you went and did!

I have to change all my root passwords now...

Re:what's wrong with T1me Out (0)

Anonymous Coward | more than 7 years ago | (#19955227)

'T1me Out' is a stupid password, because it's a cinch to remember, even if you only see it once. You're not going to remember something like 'AHM3E&IR' unless you have a while memorise it. pwgen is a fantastic utility for generating passwords like this.

Passwords like this are not that hard to memorise once you've been doing it for a while.

Re:what's wrong with T1me Out (4, Insightful)

Legion303 (97901) | more than 7 years ago | (#19955261)

"And honestly how many of you guys use a password like YwMCU07D?"

Great--now you've got 8 people making the same joke.

OMG that's my password!!!1!oneone!eleventy!!1! (0)

Anonymous Coward | more than 7 years ago | (#19955361)

Ha Ha fooled you. MY KEYBoARD IS sTuCk ON AWESOMES!

Re:what's wrong with T1me Out (2, Informative)

mewyn (663989) | more than 7 years ago | (#19955407)

Well, the main problem with using "T1meOut" is it's very easily attacked by a weighted dictionary attack. All dictionary attacks take care of common numerical replacements and capitalization. The next issue is weight of the words. Time and out are rather common words in the english language, and even more common when used together. In the case of a full random password, or a word password with randomness interjected, it'd be a lot less crackable than "T1meOut". A much better password would be something like "t&iM-eoUt3". In that case, the words are still there, you just have to memorize the capitalization and non-word components, which honestly isn't hard, people just think it is.

My Password Guess was.... (-1, Flamebait)

Proudrooster (580120) | more than 7 years ago | (#19954873)

My password guess for FOX would have been "Fair and Balanced" or "All Hail Dick Cheney".

My guess (1)

coren2000 (788204) | more than 7 years ago | (#19955259)

531g h41l

What can they do to you? (0)

Anonymous Coward | more than 7 years ago | (#19954911)

What can Fox or the police do? Will this guy be charged with some sort of crime? The password and username were freely available to anyone that actually went to the site. What are the laws in a situation like this?

I'm no lawyer, but... (2, Insightful)

TodMinuit (1026042) | more than 7 years ago | (#19954993)

Just because you find the key to my car lying on the street doesn't mean you can go for a joy ride.

Re:I'm no lawyer, but... (2, Interesting)

vulgrin (70725) | more than 7 years ago | (#19955337)

Yeah, but if you were a total dick (like Fox News) then I might move it to another level of the parking garage to teach you a lesson.

Not a horrible password (3, Informative)

BHearsum (325814) | more than 7 years ago | (#19954915)

That password would've been satisfactory if it was kept better.

Not really going to harm Fox (4, Interesting)

SilentChris (452960) | more than 7 years ago | (#19954935)

In all fairness (do they even deserve it?), the password listed in the script is for ZDNet's FTP, not Fox. Still pretty embarrassing, but it's not going to hurt Fox at all (I imagine it could have hurt CNet/ZDNet). And it definitely could've hurt the relationship between both corporations' IT departments.

There seems to be a string of these lately between content aggregators. About a month ago there was that page on MS's site endorsing Linux. Turns out the content was from another site (I think, actually, CNet).

Not to say I'm not totally surprised. In this day when about 50% of someone's site is content from somebody else, it's not surprising there's snafus. I'm just waiting for the day when one of the sites leaves up SSH logins for another.

You have performed an illegal operation (-1, Flamebait)

Junior J. Junior III (192702) | more than 7 years ago | (#19954961)

Remain where you are, illegal enemy combatant. Agents from Halliburton Force Delta are being dispatched to your location for extraordinary rendition and eventual re-education. Your cooperation will be rewarded by extra meal rations and exercise yard time. Thank you for reporting this bug.

I would love to make my own headline (1)

koan (80826) | more than 7 years ago | (#19954979)

I spent my morning wondering what my headline would be if I had access to change FOX's web page...impeach...hours of fun thanks for the post.

It Works (2, Informative)

Eddi3 (1046882) | more than 7 years ago | (#19955015)

Actually, as of this post, the ftp server can still be accessed with the same username and password from the script.

Let's see here (4, Insightful)

Anonymous Coward | more than 7 years ago | (#19955017)

Random corporation has bad security: Brief blurb about how corporations should take better care of their security infrastructure in order to make sure that leaks/intrusions don't happen. Perhaps even a person or two giving advice in the form of which files to edit and what to change.

Corporation that people don't like has bad security: Note after note about how evil the company is and that they're idiots in the highest sense.

Ridiculous summary (5, Insightful)

the computer guy nex (916959) | more than 7 years ago | (#19955021)

1) The password has probably been around for awhile with no one guessing it. What exactly was wrong with it? Uppercase/lowercase/numbers, combination of multiple words, it is at least moderately strong.

2) Why the hell are you blaming Fox? You think the entire company sat in a conference room and decided on a security scheme and a password?

3) Why did this deserve front page news? Exploits like this are found on a daily basis, and ones much more humorous/interesting/newsworthy.

Re:Ridiculous summary (0)

Anonymous Coward | more than 7 years ago | (#19955129)

"3) Why did this deserve front page news?"

Because it serves as a catalyst for political rhetoric spewing slash-drones -- anything remotely negative, stupid, etc. about the administration (or links there to) as a means to post rambling, incoherent, nazi-comparing critiques.

Re:Ridiculous summary (4, Informative)

pzs (857406) | more than 7 years ago | (#19955247)

I'm guessing that this is an excuse to rag on Fox and bitch about the war and Dubya some more.

At least the story had "ftp" in it, making it slightly more "for nerds".

Peter

PS. I was against the war, I'm against Bush and I think Fox sucks, but even so (and as the parent post points out), this is a bit tenuous.

The info still works.... (1)

Setral (1027762) | more than 7 years ago | (#19955045)

If it hasn't been mentioned already, it still works, but I wouldn't recommend using it.

Re:The info still works.... (1)

Capt James McCarthy (860294) | more than 7 years ago | (#19955369)

The question is, are you or the original poster able to determine if it's a honey pot or not?

Lern an Gramur (0)

Anonymous Coward | more than 7 years ago | (#19955087)

"Fox News'" is incorrect pluralization. Bastards think they're Jesus.

4chan (4, Insightful)

stick-boy (73731) | more than 7 years ago | (#19955095)

this originated on 4chan.org's /b/ late last night (NSFW.) the shell script was a small script for uploading to a ziff-davis ftp server, it wasn't actually a fox ftp password (look at the directory name the shell script was found in, and i'm sure z-d appreciates this too.) also, there was an image directory that had directory listing turned on too. i didn't stick around long enough to see if any /b/tards found anything interesting in there, but i know an image dump was being made.

OHHHHH SHIT! (0, Redundant)

thatskinnyguy (1129515) | more than 7 years ago | (#19955113)

PWND!

T1me Out Isn't Bad (1)

Bryan_W (649785) | more than 7 years ago | (#19955121)

What's wrong with using T1me Out as a password? It has everything that qualifies it to be strong: upper case, lower case, numerics, and even a special charater (space). The only possible thing I could see wrong is that it does contain a dictionary word, but other than that, it's solid.

Re:T1me Out Isn't Bad (0)

Anonymous Coward | more than 7 years ago | (#19955193)

It's also a common phrase, and is l337ified. Many brute-force password crackers will do l337ified variations on words in the dictionary to get passwords just like this one.

Re:T1me Out Isn't Bad (0)

Anonymous Coward | more than 7 years ago | (#19955363)

because that one trait would make a dictionary attack tool crack it in minutes. But, as had been said before, the choice of password pales compared to having it readable in a file.

Fox news runs Ubuntu (0, Flamebait)

xgr3gx (1068984) | more than 7 years ago | (#19955127)

They're running Ubuntu Linux.
That's kind of ironic. HA!

Apache/2.2.3 (Ubuntu) PHP/5.2.1 Server at www.foxnews.com Port 80

Pity or natural selection (1)

Opportunist (166417) | more than 7 years ago | (#19955189)

I dunno... should I feel pity for their webmaster or consider it natural selection that he will most likely get a "you won't find a job in this country anymore" letter?

This is the closest Fox News will ever get... (4, Funny)

TheReallyMadScientis (1131215) | more than 7 years ago | (#19955237)

...to doing 'fair and balanced' journalism.

Something like this? (0)

Anonymous Coward | more than 7 years ago | (#19955255)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>