Security Faux Pas At Fox

Netscape Home The Netscape BlogNetscape NewsQuake

Security Faux Pas At Fox — Jul 24th 2007

By Corey Spring

It appears that FOXNews.com may be left with a red face today, after allowing a massive data leak on its own website and that of a major publishing group.

The problem came to light Sunday on the Something Awful website. A user named "Morphie" posted a comment entitled "Fox News Headline Images (some funny, some not)." The images in question had been found on FOXNews.com, and it turned out that the website had left its images directory unprotected, meaning that any Internet user could see every file listed in that particular directory.

It was soon discovered that the site's admin directory was also publicly accessible. And that's when the situation went from an amusing faux pas to a serious data breach. At 3:23 AM, another user on Something Awful posted the login information for a Ziff-Davis server, which he had found in one of the files in the FOXNews directories. This was a major catch: Ziff-Davis is a big publishing company and the owner of ZDNet. The information soon circulated through the social-networking world at Reddit and the IT community at Slashdot.

Unfortunately for Ziff-Davis, that particular server contained phone numbers, email addresses, and street addresses for many of its users. Wikinews estimates that as many as 1.5 million users may be at risk, with several gigabytes of data at least temporarily accessible. This number cannot be independently verified, however, since the security hole has since been fixed.

What is particularly interesting about this leak is that it was very basic and easily preventable. Even small websites are advised to avoid publicly accessible directories, and many network administrators would immediately turn them off. Security expert David Utter called it "surprising" that Fox would leave such an integral part of its website unprotected, going so far as to accuse the webmasters of outright "sloppiness."

Not surprisingly, the network itself is downplaying the incident. Contacted by NewsQuake, Jeff Misenti, General Manager and VP of Fox News Digital, addressed it this way: "It was a server communications error which was fixed immediately and steps were taken to make sure it doesn't happen again."

Tags: Fox News, security breach, Something Awful, ZDNet, Ziff Davis

2 Comments

Reader Comments (Page 1 of 1)

Corey Spring — 3:36AM on Jul 24th 2007

1. The folks who accessed the Ziff-Davis server via Fox's blunder were also quick to upload pornography, claiming to be from Ebaumsworld.com

(Something Awful, where this whole ordeal seems to have come from, has an incredibly bitter and long-standing feud with Ebaumsworld)

http://www.whitedust.net/news/4007/Fox_News_security_hole_exposes_1.5_million_users

willyscapewillys — 5:22PM on Jul 26th 2007

2. Servers: {" ARE NOT SECURE"}!. DON'T know where I remember that from?.

Every, web site seems; to have a way, of keeping track, OF WHOM!, they have writing on-line, or a Blog page, and comments etc.

Every one of them mention Some Vague Reference to security, {OR LACK THERE OF}.

I guess they{FOX} could not command a "HIGHER" enough Price?[for sale purpose], so just let them just slip into the web "DOMAIN?"; oh so convenient?.

At NewsQuake!, the Netscape staff blogs about breaking news of every stripe. Looking for context, commentary, and lively reportage? You’ve come to the right place.

RSS News Feed RSS Feed / Send us Tips

Featured Galleries