Fox News' FTP Password Anyone? 611
An anonymous reader writes "While browsing around the Fox News website, I found that directory indexes are turned on. So, I started following the tree up, until I got to /admin. Eventually, I found my way into /admin/xml_parser/zdnet/, in which, there is a shell script. Seeing as it's a shell script, and I use Linux, I took a peek. Inside, is a username and password to an FTP. So, of course, I tried to login. The result? Epic fail on Fox's part. And seriously, what kind of password is T1me Out. This is just pathetic." It's already been changed of course, but that's still pretty amusing.
Wasted chance (Score:5, Funny)
Re:Wasted chance (Score:5, Insightful)
Re: (Score:3, Interesting)
Re:Wasted chance (Score:5, Funny)
Now, is that "ton is of free publicity", or does Mr. Ton have a lot of "of free publicity" that he could potentially give to you?
Re: (Score:3)
Re:Wasted chance (Score:5, Funny)
Re: (Score:2, Funny)
Re:Wasted chance (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Damn, I'd love to have the tinfoil franchise for Slashdot.
Re: (Score:3, Informative)
Clinton believed they were there, because at the time Saddam was refusing to let UN inspectors do their job. By the time Bush had invaded, the UN inspectors had already been in and found nothing.
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
North Korea (Score:5, Insightful)
You make a very good point.
North Korea is also part of the "Axis of Evil". However they have WMD's and some pretty nasty long range missiles. They may not be able to strike The US, but they could devastate South Korea, Japan and Taiwan. We keep begging North Korea to please, pretty please, come to the negotiating table. No talk of invasion there.
Sadam complied with the U.N. inspections we demanded. Grudgingly but he complied. He ended his weapons programs and allowed us and our allies to control two thirds of his air space. (All of this had to be forced on him, but he complied).
So the moral of the story?
If you are an evil dictatorship, do not comply with The US and its allies. Build up your arsenal and become as powerfull and as dangerous as possible. The US only invades weaklings. The US begs for negotiations with the dangerous crackpots.
I believe Iran watched all of this unfold. The way Sadam and Iraq complied, and were rewarded with invasion. The way North Korea refused to comply and became more dangerous, and gets more and more aid on its terms.
This is why Iran has restarted its nuclear program.
Pretty good foreign policy we have, huh?
Re: (Score:3, Insightful)
What I find funny is that it appears most of the folks here think gaming and inveigling in diplomacy and war started when bush took office. News flash: this stuff's been going on for a few years (try millennia). I recommend a good game of Civ. It'll whet the appetite.
What amazes me most isn't that the U.S. is playing ball, hard ball, with the world, it's that all you folks think it started with Bush, that Clinton didn't do it or that the next one won't
Re: (Score:3, Interesting)
I don't click on stories about network security to read peoples daily kos blog.
Re: (Score:3, Informative)
Actually, Clinton and Bush both new that Saddam had chemical and biological weapons because the USA sold them to him (http://www.commondreams.org/headlines02/0908-08.h tm). However, what they did not know is if he still had them at the time of the invasion (although best guess is Bush did know that Saddam did not
Ditto on all accounts (Score:4, Interesting)
Re: (Score:3, Insightful)
The plan to establish a democratic government in Iraq was a part of the plan from the start. And now it's just what they have left to do.
Re: (Score:3, Insightful)
Anyone looking just at the inspectors' reports would not believe that Saddam had "stockpiles of weapons of mass destruction" as was claimed by some. You don't get stockpiles from "losing track of the actual truth". you don't get mass destruction from a few ancient chemical weapons.
Using the advantage of hindsight, the answer is obvious; just follow the money. The Bush administration had a significant financial motivation for the invasion, so they hyped it in any way they could. (Example: Nigerian yellowca
Re: (Score:3, Insightful)
Just to be accurate as possible I've updated that sentence for you.
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
Yeah, I'm not sure either but I have a similar memory. I mean the point that proves they were wrong the most is simply that nothing has been found in Iraq. I definitely wasn't trying to say that they were right... only that several of the world's intelligence agencies believed the sa
Re:Wasted chance (Score:5, Insightful)
Idle curiosity: Do you think a smart-assed remark about how you, unlike the other guy, are too good for personal attacks is something other than a personal attack?
Re: (Score:3, Insightful)
Because he has no self-interest in getting deposed.
Re: (Score:3, Informative)
I no longer subscribe to the "Bush as Mr. Magoo" story line. There's too much evidence that they wanted invade Iraq from day 1.
Re:Wasted chance (Score:5, Insightful)
Not everyone who has the president's ear is appointed by him. He showed some bad judgment prior to the invasion and obviously some of his appointees were poor picks given our post-9/11 hindsight. My point is that there wasn't a crystal-clear picture either way prior to invasion, and Bush's vision was even more filtered because those he most trusted were unwilling or unable to tell him the whole story.
Iraq was big stupid mess from day one, no doubt about that. But let's not try to paint the whole administration as malicious warmongering tyrants when in all reality they're just inept shoot-from-the-hip bureaucrats.
The sad thing is, I really don't believe we'd have been much better with either of our presidential alternatives: I think Gore would have found a completely different way to bungle things after 9/11 and make someone miserable (probably us) and Kerry would probably have really fouled up the occupation...yes, even more than Bush.
Re: (Score:3, Interesting)
I wish that I could disagree with you on other fronts...but I think we were set up, and not by the Iraqis. The evidence seems to point to a plot internal to the government. (Look at how quickly the PATRIOT bill was presented and passed. Notice where the anthrax came
Re: (Score:3)
He did pick the head of the CIA George Tenant. Also, Cheney and Rumsfield created their own group inside the Pentagon to go through all the evidence that was separate from the CIA. The people in that group were not experienced analysts and were not able to effectively separate the wheat from the chaff, plus they had an explicit agenda as to what they wanted the outcom to be, which
Re: (Score:3, Insightful)
Iraq was big stupid mess from day one, no doubt about that. But let's not try to paint the whole administration as malicious warmongering tyrants when in all reality they're just inept shoot-from-the-hip bureaucrats.
How about we actually pay attention instead of your course of ignore all the facts to try and excuse the administration for their premeditated malicious actions?
Go read the 2000 paper by the Project For a New American Century titled "Rebuilding America's Defenses" signed by Rumsfeld, Cheney, Wol
Re: (Score:3, Insightful)
You can't go to war with the President you'd like to have, only the one you've got.
In all seriousness, I know this is just an opinion but what could you possibly base this on?
Re: (Score:3, Informative)
You'd feel safer in AR then. When I took my CCW testing there, I learned that it was perfectly legal to shoot someone you saw in the act of committing arson. Seriously, the law is on the books there.
I never was 'lucky' enough to catch someone in the 'act'....
Re: (Score:3, Informative)
It's rather disengenuous to cite quotes from 1998 when he did have WMD programs to justify actions taken in 2003 when he did not have any WMD programs.
Re: (Score:2)
Re:Wasted chance (Score:5, Informative)
Re: (Score:3, Informative)
Yep. In 1998. Then we invaded, destroyed stockpiles, and ushered in the inspection teams.
What that has to do with GWB's claims in 2003 I don't know, but I'm sure that completely unbiased and non-partisan site you linked to has an answer.
Re: (Score:3, Informative)
"Even CLINTON believed they were there."
Yep. In 1998. Then we invaded, destroyed stockpiles, and ushered in the inspection teams.
What that has to do with GWB's claims in 2003 I don't know, but I'm sure that completely unbiased and non-partisan site you linked to has an answer.
You didn't read the linked article, obviously. The site he linked to is a snopes-like rumor debunking site. It's quite true that the quotes listed (between 1998 and 2003) are all true. The congress really did believe that WMDs would be found in Iraq. The question is: why did they think that? The answer is that the CIA was used as a tool to make the case for war. Tenet's [wikipedia.org] book has made that pretty clear. He was somewhat complicit, and the CIA certainly did get some things wrong, but it's clear that the Bush
Re:Wasted chance (Score:5, Insightful)
This isn't about believing in WMDs before the invasion. This is about believing that we found WMDs AFTER the invasion. In an October 2003 poll, for example, 7 months after the invasion, 33% of Fox viewers said that the U.S. had actually physically found WMDs in the course of the invasion. That's 10% higher than the next most confused media viewership. This is what some of us would really love to see explained by you "nothing to see here" apologists. Or else, it sounds like you still maintain that's a reasonable belief today?
http://www.americanassembler.com/issues/media/docs /Media_10_02_03_Report.pdf [americanassembler.com]
Re:Wasted chance (Score:5, Informative)
I know that I will get flamed for this but it is the truth.
Re: (Score:3, Informative)
The reason why it was used and repeated over and over while the troops were assembling in the Gulf was that it was actually a rather safe bet (since it was the US itself t
Re: (Score:3, Interesting)
Because that was our only legal basis for the war and it goes back to the Iraqi invasion of Kuwait. That invasion gave us a legal basis to invade in 1991 and the terms of the surrender called for the elimination of WMD. This was a minor provision at the time, but it was enough for us to use as an excuse to go in this time. This is all very important for people to
Re:Wasted chance (Score:5, Informative)
And, of course, there were also incidents where the insurgent groups got ahold of some lingering chemical weapons (mustard gas, I think) and tried to make bombs out of them--luckily, that also was old and non-effective. Those were widely reported at the time.
In other words, get off your uninformed, sanctimonious high-horse.
Re: (Score:3, Insightful)
This is like the local police saying 'We're going to raid every home in your town because of illegal arms.' They end up finding a broken revolver pistol from the 50s buried in a garbage pile. Claiming 'SEE THEY FOUND GUNS' is being a complete idiot.
Re:Wasted chance (Score:5, Insightful)
Unfortunately, the issue is not as black and white as the pundits on either side would like you to believe. There is, unfortunately, some wiggle room that gets used to support either one side or the other depending upon the speaker. The problem lies in the strictness of one's definition of WMDs and the categorization by some people of certain chemical weapons as WMDs despite the fact that such weapons are orders or magnitude less destructive than say the nuclear weapons that they are grouped with. Now, having said that it *is* true that US forces in Iraq have, from time to time, come across the odd Artillery shell filled with mustard or even a binary form of sarin in one case (used as a roadside bomb and a couple of US soldiers experienced minor symptoms, but no deaths). At best one could say that such finds are execeedingly rare and do not in and of themselves constitute evidence of a vast and active program on the part of Saddam to develop and use these weapons in the years immediately prior to the invasion. However, proof is proof and if even one shell is found then the number of "WMDs" was not zero and that is why the pundits continue arguing the points. This is splitting hairs maybe but if one argues that there were absolutely *no* WMDs in Iraq prior to the invasion then strictly speaking that person would be wrong. The problem lies in the use of absolutes in argumentation where even one counter-example disproves the argument.
Re:Wasted chance (Score:5, Insightful)
The specific charge Bush used to get our panties in a wad was nuclear weapons. "We don't want the smoking gun to be in the form of a mushroom cloud." Yellow cake uranium, lie. Aluminum tubes, lie. The CIA was giving Bush solid intel but he and his team refused to accept it. Cheney and his cronies cherry-picked raw intel for the most sensationalistic shit they could find, regardless of whether it was true or not.
When you say "most people assumed Saddam had WMD" you really mean "Most people assumed he had some leftover chemical or biological shit", not that he had nukes ready to strike the west in 45 minutes. The consensus before 9-11, a consensus backed by Powell, was that the US policy of Iraqi containment was working.
I'm sick of lies and lying liars. I'm sick of people who rewrite the facts to justify doing something and then rewrite history to protect themselves from that fuckup.
Re: (Score:3, Informative)
Get used to it. Whomever wins (Democrat or Republican) the whitehouse will
1. Blame the previous administration for anything that goes wrong domestic or foreign for I predict at least 2 years and probably 3.
2. Spin Spin Spin until you puke like riding that thing that kids ride at parks.
3. Probably keep 90 to 95% of every executive order that B
Re: (Score:3, Insightful)
This is utter and completely unmitigated nonsense. 'We' most certainly did NOT all know that Iraq had WMDs. In fact most of the people in the world except those systematically misinformed by the American Media were pretty sure Iraq did not have such weapons. That's why (unlike
Re:Wasted chance (Score:5, Informative)
Re:Wasted chance (Score:5, Interesting)
Has anyone looked at the development of Dubai over the past 10 years? or the wealth of the royal family in Saudi Arabia? Money is flowing to someone from somewhere over there that is for sure.
Now I'm not saying that Saudi's or UAE citizens are evil by default, simply that there has been absolutely 0 backlash against these regions while the US uses 9/11 to justify everything else it has been doing everywhere else.
Wheres the puzzled slightly-tilted looks of hwhaaa?
Re: (Score:3, Insightful)
Having biological and chemical weapons lying around is a liability waiting to happen. They're hard to control, and hard to account for. (Sir, the warehouse reports that we have 5,347,761 moles of VX gas available.)
Disposing of them is environmentally hazardous. For instance, you don't really know that much about the products of the disposal reaction. Check out [delawareonline.com] one story about how the disposal is problematic. (check out how many related stories there are in the side ba
Re: (Score:3, Insightful)
I'm so sick of hearing that argument. Disarmament of nuclear weapons != complete disarmament. Even if we get rid of all our ICBMs and chemical and biological weapons, we'll still have enough nukes to destroy any other country three times over, backed up by the finest conventional military in the world.
Face it: with the fall of the Soviet Union, there is no reason for America to be spending so time and money maintaining weap
Re: (Score:3, Insightful)
Well using 9/11 to invade Iraq isn't really that great of a cause; if you had so many good reasons, why did Bush try to link Saddam to 9/11? Just use one of the many good reasons already there.
As far as asking what the Saudis think, I really don't give a shit what they think. When a government can arrest and kill a woman because you saw her ankle, I don't really care if that government feels "
HaHa (Score:5, Funny)
Nice... (Score:5, Funny)
Changed by whom? (Score:5, Funny)
Great all we need. (Score:5, Funny)
Followed up with "Hackers: Evil and must be stopped?" to linking hacking to Obama, a danger to your kids and finally Hackers gone wild at Spring break.
Re: (Score:2)
Re: (Score:3, Interesting)
Either that, or we need to begin teaching nubile drunken 22-year-olds to hack.
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Nice typo. Confusing a Democratic candidate with Al Quaeda's head demagogue? Apropos, given we're talking about Fox.
what's wrong with T1me Out (Score:5, Insightful)
Re:what's wrong with T1me Out (Score:5, Funny)
Great - now I have to go change all my passwords.
Re:what's wrong with T1me Out (Score:5, Funny)
>Great - now I have to go change all my passwords.
Don't feel bad, I had the same combination on my luggage.
Re:what's wrong with T1me Out (Score:5, Funny)
Don't worry about it. I just did it for you.
Re: (Score:2)
<joke>That's on my luggage.</joke>
Seriously, though, that's the form you should be using for passwords, especially critical ones or ones that are public-facing. Get yourself a good password manager (TealSafe, SplashID) and just keep generating new passwords for all your systems.
Re:what's wrong with T1me Out (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Re:what's wrong with T1me Out (Score:5, Funny)
A system that I was managing once started crashing, and further investigation revealed that the password of an upstream system had been changed. When we contacted the admin team of the offending application, they informed us that they had upgraded the password from 123 to the "highly secure" (in their words) 234.
Re:what's wrong with T1me Out (Score:5, Insightful)
There is something very wrong with writing the password down, in plain text, on a public-facing server and assuming that no-one will be able to see it.
Re: (Score:2)
I use my own password generator [movetoiceland.com] (source code [movetoiceland.com]) to generate secure and easy to remember passwords. It's really handy because I have accounts on a bunch of machines at work and I can't use passwords that are too hard to remember in case I need to scp from one machine to another.
Re: (Score:3, Informative)
In other words, yes, this password was prone to be dict'ed.
Re:what's wrong with T1me Out (Score:5, Insightful)
Great--now you've got 8 people making the same joke.
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
In that case, the words are still there, you just have to memorize the capitalization and non-word components, which honestly isn't hard, people just think it is.
Define "hard". Since I know I'm me, passwords are an annoying speed bump in the best case scenario. In the worst case, a password I can't remember is worthless, no matter how strong it is.
Password Nazis these days are really frigging annoying. The most annoying rule I keep coming across is "no more than N letters in a row". Obviously that's meant to make it harder to use a dictionary word, but it trips me up frequently even though I never use dictionary words. I'd wager most people use mostly the same non-
Re: (Score:3, Interesting)
Wimp. Real men use
dd if=/dev/random bs=1024 count=1 | passwd --stdin
Completely random password, whatever! (Score:3, Insightful)
Bingo! Never, ever, ever! NEVER store a password in plaintext in a script. Not ever. That's always a huge security issue, because you never know who is going to read the file. If you need unattended logins, there's SSH, Kerberos/GSSAPI, whatever.
Re: (Score:3, Funny)
Not a horrible password (Score:4, Informative)
Not really going to harm Fox (Score:5, Interesting)
There seems to be a string of these lately between content aggregators. About a month ago there was that page on MS's site endorsing Linux. Turns out the content was from another site (I think, actually, CNet).
Not to say I'm not totally surprised. In this day when about 50% of someone's site is content from somebody else, it's not surprising there's snafus. I'm just waiting for the day when one of the sites leaves up SSH logins for another.
It Works (Score:2, Informative)
Let's see here (Score:4, Insightful)
Corporation that people don't like has bad security: Note after note about how evil the company is and that they're idiots in the highest sense.
Ridiculous summary (Score:5, Insightful)
2) Why the hell are you blaming Fox? You think the entire company sat in a conference room and decided on a security scheme and a password?
3) Why did this deserve front page news? Exploits like this are found on a daily basis, and ones much more humorous/interesting/newsworthy.
Re:Ridiculous summary (Score:5, Informative)
At least the story had "ftp" in it, making it slightly more "for nerds".
Peter
PS. I was against the war, I'm against Bush and I think Fox sucks, but even so (and as the parent post points out), this is a bit tenuous.
NEWS FLASH: Left-Wing Fascists mod parent off-topc (Score:4, Insightful)
4chan (Score:4, Insightful)
Pity or natural selection (Score:2)
This is the closest Fox News will ever get... (Score:4, Funny)
From the same people who ruined finger (Score:3, Insightful)
Directory indexes, on a properly-run site, are a Good Thing and should be encouraged. They are and should be turned on by default in real httpd software. Anything secret that's accessible through a directory index would also be accessible by guessing the URL - so security has to be enforced by 403 Forbidden, not by "nobody will know the URL," anyway. Don't disable directory indexes unless you have a really good reason - and if you think you have a really good reason, especially if you think it has something to do with some kind of "security," then you're probably wrong.
Disney's website Security (Score:3, Interesting)
- Email the admins (with password), requesting an upload opportunity giving detail of content and approval reference
- Admins create FTP account on a purpose-built server
- Admins send back time-sensitive FTP details
- Design company uploads to FTP server
- Committees review content, send authorization to admins
- Admins upload content.
And this was for already-approved work. Kinda puts this level of security to shame...
Re:Linux Ver Security hole, fox stupidity, or both (Score:4, Funny)
Re:Linux Ver Security hole, fox stupidity, or both (Score:2)
I'm no lawyer, but... (Score:2, Insightful)
Re: (Score:2, Interesting)
Re: (Score:3)
Re: (Score:2)
Re: (Score:3, Insightful)
Yes, this password would be cracked in 5-20 seconds by an average password cracker.
Re: (Score:3, Informative)
Re: (Score:3, Funny)