Fox News' FTP Password Anyone?

An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.

Wasted chance

Dude, why didn't you look around for the bug that makes them misreport the news so horribly that a majority of FOX News viewers still believes Iraq was responsible for 9/11 and Saddam had WMDs when the US invaded?

Re:Wasted chance

Because now we know; it was just some hacker prank.

Re:Wasted chance

they can get ton's of free publicity

Now, is that "ton is of free publicity", or does Mr. Ton have a lot of "of free publicity" that he could potentially give to you?

Re:Wasted chance

Hey, that's not a bug - it's a feature.

North Korea

You make a very good point.

North Korea is also part of the "Axis of Evil". However they have WMD's and some pretty nasty long range missiles. They may not be able to strike The US, but they could devastate South Korea, Japan and Taiwan. We keep begging North Korea to please, pretty please, come to the negotiating table. No talk of invasion there.

Sadam complied with the U.N. inspections we demanded. Grudgingly but he complied. He ended his weapons programs and allowed us and our allies to control two thirds of his air space. (All of this had to be forced on him, but he complied).

So the moral of the story?

If you are an evil dictatorship, do not comply with The US and its allies. Build up your arsenal and become as powerfull and as dangerous as possible. The US only invades weaklings. The US begs for negotiations with the dangerous crackpots.

I believe Iran watched all of this unfold. The way Sadam and Iraq complied, and were rewarded with invasion. The way North Korea refused to comply and became more dangerous, and gets more and more aid on its terms.

This is why Iran has restarted its nuclear program.

Pretty good foreign policy we have, huh?

Ditto on all accounts

There was a recent podcast [thislife.org] from This American Life (hardly the bastion of conservative thought) where a (former) teenager whose job it was to spread propaganda from Saddam's government said he was afraid about what would happen when the war started because he wasn't sure whether or not his government had chemical weapons, etc. Yes, there's a difference between some teenager (even if he and his father worked for the government) and our intelligence community. Yes, fundamental flaws exist/existed in our intelligence community, partly no doubt due to our administration's tendencies to promote "yes men". Yes, there's a difference between thinking they're there and declaring that you know exactly where they are. However, I'm still going with Hanlon's razor [wikipedia.org] on this one.

Re:Wasted chance

Did the president pick the joint chiefs and the top-level CIA people? (serious question, I don't know off the top of my head).

Not everyone who has the president's ear is appointed by him. He showed some bad judgment prior to the invasion and obviously some of his appointees were poor picks given our post-9/11 hindsight. My point is that there wasn't a crystal-clear picture either way prior to invasion, and Bush's vision was even more filtered because those he most trusted were unwilling or unable to tell him the whole story.

Iraq was big stupid mess from day one, no doubt about that. But let's not try to paint the whole administration as malicious warmongering tyrants when in all reality they're just inept shoot-from-the-hip bureaucrats.

The sad thing is, I really don't believe we'd have been much better with either of our presidential alternatives: I think Gore would have found a completely different way to bungle things after 9/11 and make someone miserable (probably us) and Kerry would probably have really fouled up the occupation...yes, even more than Bush.

Re:Wasted chance

But I don't expect you to learn any life lessons from this. People like stories with comic book villains and if seeing Saddam as evil, omnipotent, and omniscient makes your universe make sense, whatever. [Here's where I make some insulting generalization about you, but even I have too much good taste for that.]

Idle curiosity: Do you think a smart-assed remark about how you, unlike the other guy, are too good for personal attacks is something other than a personal attack?

Re:Wasted chance

None of the 9-11 hijackers had any connection to Iraq, and Saddam didn't care for radical Shiite Islamic Fundamentalism!

I minor detail, but the 9/11 hijackers were not shiite muslims.

If America wants to encourage countries not to proliferate, would it not make sense to disband our own arsenal?

Absolutely not! One of the best tools we have to stopping proliferation is saying the USA will use its arsenal as a deterrent force so those countries will not need their own. That is why most European countries do not have their own nuclear weapons program, because during the Cold War we used our arsenal to extend the MAD principle to protect them.

Re:Wasted chance

I minor detail, but the 9/11 hijackers were not shiite muslims.

This is one question I wish was asked more often, despite knowing the answer, is why Saudi Arabia has been untouched by agression when the largest percentage of the hijackers were Saudi. In fact the hijackers were ALL from countries with which the oil companies...er....the US is friendly with (with Egypt being the longest stretch by that definition), primarily Saudia Arabia and the UAE [wikipedia.org].

Has anyone looked at the development of Dubai over the past 10 years? or the wealth of the royal family in Saudi Arabia? Money is flowing to someone from somewhere over there that is for sure.

Now I'm not saying that Saudi's or UAE citizens are evil by default, simply that there has been absolutely 0 backlash against these regions while the US uses 9/11 to justify everything else it has been doing everywhere else.

Wheres the puzzled slightly-tilted looks of hwhaaa?

Re:Wasted chance

Yes, Saddam occasionally would kick the U.N. inspectors out for a few weeks

Actually that isn't true. Saddam never expelled the UN inspectors. UNSCOM was expelled from Iraq in 1998, but it was Clinton who kicked them out, not Saddam. Iraq did temporarily expel American [acronym.org.uk] inspectors in 1997 after they learned that CIA infiltrators in UNSCOM had passed intelligence which the US used to facilitate a coup attempt. In response, UNSCOM chief Richard Butler withdrew all his teams to Kuwait. But the crisis was short lived and everyone was back to work in a week. Inspections limped along until December 1998, when Clinton decided his purposes were better served by bombing. [cnn.com] The US then told UNSCOM they needed to evacuate for safety reasons and Director Richard Butler happily obliged. Go back and read the news reports of the day and you will see no mention of Saddam expelling non-American UNSCOM members. That factoid developed later. Several UNSCOM officials, including director Rolf Ekeus and David Kaye, have admitted that the US illegally used the inspection program for espionage.

"As time went on, some countries, especially the US, wanted to learn more about other parts of Iraq's capacity." The US even tried to find information about the whereabouts of Saddam Hussein. [Rolf Ekeus, Director of UNSCOM 1991-1997, Financial Times, 7/29/03]

Re:Wasted chance

This isn't about believing in WMDs before the invasion. This is about believing that we found WMDs AFTER the invasion. In an October 2003 poll, for example, 7 months after the invasion, 33% of Fox viewers said that the U.S. had actually physically found WMDs in the course of the invasion. That's 10% higher than the next most confused media viewership. This is what some of us would really love to see explained by you "nothing to see here" apologists. Or else, it sounds like you still maintain that's a reasonable belief today?

http://www.americanassembler.com/issues/media/docs /Media_10_02_03_Report.pdf [americanassembler.com]

Weapons of Mass Destruction
As discussed, when respondents were asked whether the US has "found Iraqi weapons of mass destruction" since the war had ended, 22% of all respondents over June-September mistakenly thought this had happened. Once again, Fox viewers were the highest with 33% having this belief. A lower 19-23% of viewers who watch ABC, NBC, CBS, and CNN had the perception that the US has found WMD. Seventeen percent of those who primarily get their news from print sources had the misperception, while only 11% of those who watch PBS or listen to NPR had it.

Re:Wasted chance

Actually the US did find small stock piles of gas agents and one centrifuge that is used to enrich uranium. Not the massive infrastructure that was claimed to be sure but that statement that NO WMD where found is also false. The claim is that the gas agents where miss placed when the Iraqis where destroying them under UN supervision.
I know that I will get flamed for this but it is the truth.

Re:Wasted chance

We did find WMDs [breitbart.com] on multiple occassions... they were pretty much all small caches of old shells filled with mustard or sarin and which were probably were no longer effective, but it is a bit disingenuous for the pollster to take those answers and then arbitrarily say "oh, well those don't count... so Fox News viewers are dumb!". If the question was simply "Has the US found Iraqi WMDs?" then the Fox News viewers appear to be the only ones who were properly informed of those developments.

And, of course, there were also incidents where the insurgent groups got ahold of some lingering chemical weapons (mustard gas, I think) and tried to make bombs out of them--luckily, that also was old and non-effective. Those were widely reported at the time.

In other words, get off your uninformed, sanctimonious high-horse. :-)

Re:Wasted chance

33% of Fox viewers said that the U.S. had actually physically found WMDs in the course of the invasion

Unfortunately, the issue is not as black and white as the pundits on either side would like you to believe. There is, unfortunately, some wiggle room that gets used to support either one side or the other depending upon the speaker. The problem lies in the strictness of one's definition of WMDs and the categorization by some people of certain chemical weapons as WMDs despite the fact that such weapons are orders or magnitude less destructive than say the nuclear weapons that they are grouped with. Now, having said that it *is* true that US forces in Iraq have, from time to time, come across the odd Artillery shell filled with mustard or even a binary form of sarin in one case (used as a roadside bomb and a couple of US soldiers experienced minor symptoms, but no deaths). At best one could say that such finds are execeedingly rare and do not in and of themselves constitute evidence of a vast and active program on the part of Saddam to develop and use these weapons in the years immediately prior to the invasion. However, proof is proof and if even one shell is found then the number of "WMDs" was not zero and that is why the pundits continue arguing the points. This is splitting hairs maybe but if one argues that there were absolutely *no* WMDs in Iraq prior to the invasion then strictly speaking that person would be wrong. The problem lies in the use of absolutes in argumentation where even one counter-example disproves the argument.

Re:Wasted chance

Fox news definately has some perspective issues - but WMD's isn't one of them. Even CLINTON believed they were there. Not trying to start a war - I am just sick of hearing about WMD's, when we all thought they were there. Iraq as the cause for 9/11 though - that's a crazy concept.

No, you colossal boob, not everyone thought there were WMD's. First, don't lump chemical and biological with nuclear. Yes, I know analysts do it but I think it unfairly magnifies the threat level of the BC in NBC.

The specific charge Bush used to get our panties in a wad was nuclear weapons. "We don't want the smoking gun to be in the form of a mushroom cloud." Yellow cake uranium, lie. Aluminum tubes, lie. The CIA was giving Bush solid intel but he and his team refused to accept it. Cheney and his cronies cherry-picked raw intel for the most sensationalistic shit they could find, regardless of whether it was true or not.

When you say "most people assumed Saddam had WMD" you really mean "Most people assumed he had some leftover chemical or biological shit", not that he had nukes ready to strike the west in 45 minutes. The consensus before 9-11, a consensus backed by Powell, was that the US policy of Iraqi containment was working.

I'm sick of lies and lying liars. I'm sick of people who rewrite the facts to justify doing something and then rewrite history to protect themselves from that fuckup.

Re:Wasted chance

the usual call to RTFA ... this is from the lame "the DoD are after me for using vista" site, who approved it ffs? read the article they link to (and link directly next time, stop paying them in ads!), its an account to grab files from zdnet, not an account into fox news, does it even have write access? dont let the facts get in the way of alarmist bs tho

HaHa

You're going to jail and slashdot is getting shut down. It's a federal offense to interfere with an official government propaganda outlet.

Nice...

Enjoy your stay in gitmo!

Okay

Somehow I doubt the FBI will find it amusing.

Changed by whom?

Now the question is, was it changed by Fox or someone else.

Great all we need.

That is all we need, months of stories how "evil hackers got into Fox network"

Followed up with "Hackers: Evil and must be stopped?" to linking hacking to Obama, a danger to your kids and finally Hackers gone wild at Spring break.

what's wrong with T1me Out

I'm not that much into security, so I hope I don't sound "pathetic", but I was wondering what's wrong with the 'T1me Out' password. I'd say all company passwords I've ever had were no harder than that, and none of them had a space in it. And honestly how many of you guys use a password like YwMCU07D?

Re:what's wrong with T1me Out

>And honestly how many of you guys use a password like YwMCU07D?

Great - now I have to go change all my passwords.

Re:what's wrong with T1me Out

>>And honestly how many of you guys use a password like YwMCU07D?

>Great - now I have to go change all my passwords.

Don't feel bad, I had the same combination on my luggage.

Re:what's wrong with T1me Out

> Great - now I have to go change all my passwords.

Don't worry about it. I just did it for you.

Re:what's wrong with T1me Out

Seriously, though, that's the form you should be using for passwords, especially critical ones or ones that are public-facing. Get yourself a good password manager (TealSafe, SplashID) and just keep generating new passwords for all your systems.

I think it's a moot point. Here, the password wasn't the failure. It could have been d41d8cd98f00b204e9800998ecf8427e and it wouldn't have made a difference.

Re:what's wrong with T1me Out

I agree, and my personal experience with corporate passwords has been the same. I'm sure this would disturb security geeks at various levels (or get them salivating!), but I don't see this as a *huge* loophole since most of the systems are inside the corporate firewall anyway. IMHO, this is about as big a security threat as an employee or a contractor copying sensitive data (which the password is protecting) and trying to profit from it illegally.

A system that I was managing once started crashing, and further investigation revealed that the password of an upstream system had been changed. When we contacted the admin team of the offending application, they informed us that they had upgraded the password from 123 to the "highly secure" (in their words) 234.

Re:what's wrong with T1me Out

There's nothing really wrong with the password (though a smart dictionary-based search could discover it).

There is something very wrong with writing the password down, in plain text, on a public-facing server and assuming that no-one will be able to see it.

Re:what's wrong with T1me Out

"And honestly how many of you guys use a password like YwMCU07D?"

Great--now you've got 8 people making the same joke.

Not a horrible password

That password would've been satisfactory if it was kept better.

Not really going to harm Fox

In all fairness (do they even deserve it?), the password listed in the script is for ZDNet's FTP, not Fox. Still pretty embarrassing, but it's not going to hurt Fox at all (I imagine it could have hurt CNet/ZDNet). And it definitely could've hurt the relationship between both corporations' IT departments.

There seems to be a string of these lately between content aggregators. About a month ago there was that page on MS's site endorsing Linux. Turns out the content was from another site (I think, actually, CNet).

Not to say I'm not totally surprised. In this day when about 50% of someone's site is content from somebody else, it's not surprising there's snafus. I'm just waiting for the day when one of the sites leaves up SSH logins for another.

I would love to make my own headline

I spent my morning wondering what my headline would be if I had access to change FOX's web page...impeach...hours of fun thanks for the post.

It Works

Actually, as of this post, the ftp server can still be accessed with the same username and password from the script.

Let's see here

Random corporation has bad security: Brief blurb about how corporations should take better care of their security infrastructure in order to make sure that leaks/intrusions don't happen. Perhaps even a person or two giving advice in the form of which files to edit and what to change.

Corporation that people don't like has bad security: Note after note about how evil the company is and that they're idiots in the highest sense.

Ridiculous summary

1) The password has probably been around for awhile with no one guessing it. What exactly was wrong with it? Uppercase/lowercase/numbers, combination of multiple words, it is at least moderately strong.

2) Why the hell are you blaming Fox? You think the entire company sat in a conference room and decided on a security scheme and a password?

3) Why did this deserve front page news? Exploits like this are found on a daily basis, and ones much more humorous/interesting/newsworthy.

Re:Ridiculous summary

I'm guessing that this is an excuse to rag on Fox and bitch about the war and Dubya some more.

At least the story had "ftp" in it, making it slightly more "for nerds".

Peter

PS. I was against the war, I'm against Bush and I think Fox sucks, but even so (and as the parent post points out), this is a bit tenuous.

NEWS FLASH: Left-Wing Fascists mod parent off-topc

A post on the newsworthiness of the main article is not off-topic. Should be modded back up.

The info still works....

If it hasn't been mentioned already, it still works, but I wouldn't recommend using it.

4chan

this originated on 4chan.org's /b/ late last night (NSFW.) the shell script was a small script for uploading to a ziff-davis ftp server, it wasn't actually a fox ftp password (look at the directory name the shell script was found in, and i'm sure z-d appreciates this too.) also, there was an image directory that had directory listing turned on too. i didn't stick around long enough to see if any /b/tards found anything interesting in there, but i know an image dump was being made.

T1me Out Isn't Bad

What's wrong with using T1me Out as a password? It has everything that qualifies it to be strong: upper case, lower case, numerics, and even a special charater (space). The only possible thing I could see wrong is that it does contain a dictionary word, but other than that, it's solid.

Pity or natural selection

I dunno... should I feel pity for their webmaster or consider it natural selection that he will most likely get a "you won't find a job in this country anymore" letter?

This is the closest Fox News will ever get...

...to doing 'fair and balanced' journalism.

Password

"And seriously, what kind of password is T1me Out. This is just pathetic."

What's wrong with it? Uppercase, lowercase and numbers. Looks safe to me. If you had a thousand years to figure it out on your own, would have succeeded?

I would say it's safer than 'xXsa425Vff', because 'T1me Out' is easy to remember. That way, you don't have to ask your co-workers what it is in case you forget it. Plus, I'm sure they're changing the password from time to time. It's unlikely 'T2me Out', however. :)

From the same people who ruined finger

Aw, crap. Now there'll be another round of armchair security experts saying "You should turn off directory indexes!" and easily-led sysadmins actually doing it, and we'll have that many fewer sites where you can bypass the broken navigation to actually find things through the directory indexes.

Directory indexes, on a properly-run site, are a Good Thing and should be encouraged. They are and should be turned on by default in real httpd software. Anything secret that's accessible through a directory index would also be accessible by guessing the URL - so security has to be enforced by 403 Forbidden, not by "nobody will know the URL," anyway. Don't disable directory indexes unless you have a really good reason - and if you think you have a really good reason, especially if you think it has something to do with some kind of "security," then you're probably wrong.

Employee information leaked

There was over 4GB of employee data on the FTP, including username, name, email, password, address, etc.

so much for that blog

Tit's up - and outa there!

"mysql_pconnect() [function.mysql-pconnect]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111) in /home/linuxin/public_html/site/admin/db.php on line 50
Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/linuxin/public_html/site/admin/db.php on line 50
Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)"

We have meltdown - I repeat we have meltdown. Now someone get that pile of circuts and goo off the rack and get a new one in here pronto.

Congratulations!

You've won an all-expenses-paid trip to a federal PMITA prison! You'll be enjoying a 1,825 night stay at an all-inclusive resort featuring a mattress, a metal toilet with a sink in it, and evening turn-down service provided by your own personal bellhop named Scar. Travel and accommodations courtesy of the US Federal Bureau of Prisons.

Where he can see DirectoryIndex is on ?

"While browsing around the Fox News website, I found that directory indexes are turned on"...I browse Fox website everyday but I cannot find it out. Was he really reading the news or hacking the site ?

Fox News has no excuse

On July 11, 2007, the posted an article [foxnews.com] that talked about FTP and why it's bad. But they were concerned about anonymous access. Doh.

Flamebait!

Yawn... just another opportunity to feed the flames for all the liberals on /. Reading through all the replies that have nothing to do with the original article and just focus on bashing conservatives and the content of the stories run by the network proves my point. It's getting old guys/gals... really old.

Disney's website Security

I was once visiting the offices of a design firm that was doing some work for Disney. As far as I remember, the procedure for adding new content was:

- Email the admins (with password), requesting an upload opportunity giving detail of content and approval reference
- Admins create FTP account on a purpose-built server
- Admins send back time-sensitive FTP details
- Design company uploads to FTP server
- Committees review content, send authorization to admins
- Admins upload content.

And this was for already-approved work. Kinda puts this level of security to shame...

this type of human error can only be fixed with...

training.

Every employee that works at the site needs to have proper training in information security and social engineering counter-measures.
These sound complex and technical but they are not.
what is sensitive information?
You do not store any sensitive information in any place that's not explicitly secure.

you complement your training program with mandatory password restrictions.
Linux already has these restrictions for users.
password is too short, password is based on a dictionary word, password must contain numbers and letters.

Only YOU can prevent social engineering!

Okay....

So where's the pr0n?

look on the bright side

If you are married with kids, you have some things to look forward to that you might not have had in a while...

Good square meals 3 times a day, and sex again on a regular basis.
Course that also comes with all the paperbacks you can read and a cell-mate likely named bubba.

Illegal, at least in Kansas.

I'm not saying I've never done anything like this, but I certainly wouldn't advertise the fact. I'm in Kansas, and I can tell you that Computer Trespass here is:

intentionally, and without authorization accessing or attempting to access any computer, computer system, computer network or computer software, program, documentation, data or property contained in any computer, computer system or computer network. Computer trespass is a class A nonperson misdemeanor.

I think he's got that covered squarely. He may qualify for Computer Crime, which is:

Intentionally and without authorization accessing and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property; ...

I'm just saying I wouldn't advertise.

okay, but

why is this on slashdot (outside of someone's journal)? some of us have been doing this every day for years. I mean it's not like the old alta vista/hot bot "WS_FTP.LOG" or whatever is anything new.

Asshole! People like you are ruining the Internet.

Directory listing was once a delightful part of web browsing. There is no more efficient way of finding files.

But now, one after one, sites which do not restrict directory listing are disappearing forever.

Why? Because of snotty punk assholes like "anonymous reader", who stumble upon some quasi-personal file (the same file six dozen other individuals saw but then respectfully moved on from before him) then BITCH and BLATHER about it repeatedly until everybody is made to know just how pathetically COOL HE IS for having found it.

Nice detective work

Now we finally know who's behind the campaign of deliberate misinformation that's being fed through FOX news.

Damn conservative hacker kids.

Off-Topic - Somebody explain this to me

When there are ten pages of comments here, and I read page one, then click on page two - why the hell do I get page one all over again?

And this goes on for pages two, three, four, maybe. At some point I get a new page.

What the hell is going on with this interface?

I'm finally irritated enough to ask WHY.

Slashdotted

This event has also been WikiNews'd [wikinews.org] , as "Fox News security hole exposes 1.5 million users' personal information".

FARK.com [slashdot.org] also reported on WikiNews's article.

Fox Searchlight

There are a bunch of problems with Fox's other sites as well. Check out Fox Searchlight. Similar issues. But you can see free pre-screenings if you figure it out. If you don't... Shame on you.

Heh...

Anyone for a Fox news wiki?

Ftp & Fox

Wow. So he/she/they happened across a web page that shows you the directory index. He/She/they followed the heirarchy till He/She/they hit the admin folder. He/She/they probably used the Linux equiv of Notepad to view the shell script, which, in turn held the password. (bfd - login scripts for an a/d environment use a similar method to automatically map drive shares. The login scripts hold the users id & password, then map the drives) Hardly elite.

Shoulda used it...

He should have utilized that ftp to sneak in some real news. What a disaster that would have been.

The Bad, The Worse, The Stupid, and the Orwellian

Bad: Fox News has mediocre web security.
Worse: The same level of security that can be easily beefed up was applied to all the MyFox websites.
STUPID: News Reporter from Los Angeles pisses off the hacker community with a bias report by interviewing cowards with dogs and curtains, losers with MySpace accounts, and Eric "eBaum" Bauman in a dark room.
ORWELLIAN: MyFox now requires a 24 hour waiting period for blog and message board posts.
Silver lining: There is always the Usenet.

Re:Linux Ver Security hole, fox stupidity, or both

Oh shut the fuck up, you Gentoo fanboi. If they used Gentoo, the server would still be recompiling from a kernel update six months ago. Take your Genntoo, and jam it up your ass sideways and backwards. It's 0.038% more optimized for that.

Re:Linux Ver Security hole, fox stupidity, or both

NOT +1 interesting. The FTP service is "Microsoft FTP Service".

I'm no lawyer, but...

Just because you find the key to my car lying on the street doesn't mean you can go for a joy ride.

Re:Full Disclosure?

Talk about a crappy news day...

My guess

531g h41l

Re:Fox news runs Ubuntu

I'm really sorry, but I don't think that word means what you think it means.

If instead this were the server that updates Fox News with all of Microsoft's latest FUD about Linux insecurities, then you have irony my friend.

Wrong

That's amazing! I've got the same combination on my luggage!

Wait, did I just feed the intentionally-screwed-up movie quote troll?

Dick Cheney has mod-points?!?!

Remain where you are, illegal enemy combatant. Agents from Halliburton Force Delta are being dispatched to your location for extraordinary rendition and eventual re-education. Your cooperation will be rewarded by extra meal rations and exercise yard time. Thank you for reporting this bug.

So this is flamebait? Fair and balanced? Yuh.