Security Faux Pas At Fox — Jul 24th 2007
It appears that FOXNews.com
may be left with a red face today, after allowing a massive data leak on its own website and that of a major publishing group.
The problem came to light Sunday on the Something Awful website. A user named "Morphie" posted a comment
entitled "Fox News Headline Images (some funny, some not)." The images in question had been found on FOXNews.com, and it turned out that the website had left its images directory unprotected, meaning that any Internet user could see every file listed in that particular directory.
It was soon discovered that the site's admin directory was also publicly accessible. And that's when the situation went from an amusing faux pas
to a serious data breach. At 3:23 AM, another user on Something Awful posted the login information for a Ziff-Davis server, which he had found in one of the files in the FOXNews directories. This was a major catch: Ziff-Davis is a big publishing company and the owner of ZDNet
. The information soon circulated through the social-networking world at Reddit
and the IT community at Slashdot
Unfortunately for Ziff-Davis, that particular server contained phone numbers, email addresses, and street addresses for many of its users. Wikinews estimates
that as many as 1.5 million users may be at risk, with several gigabytes of data at least temporarily accessible. This number cannot be independently verified, however, since the security hole has since been fixed.
What is particularly interesting about this leak is that it was very basic and easily preventable. Even small websites are advised to avoid publicly accessible directories, and many network administrators would immediately turn them off. Security expert David Utter called
it "surprising" that Fox would leave such an integral part of its website unprotected, going so far as to accuse the webmasters of outright "sloppiness."
Not surprisingly, the network itself is downplaying the incident. Contacted by NewsQuake, Jeff Misenti, General Manager and VP of Fox News Digital, addressed it this way: "It was a server communications error which was fixed immediately and steps were taken to make sure it doesn't happen again."
Tags: Fox News, security breach, Something Awful, ZDNet, Ziff Davis