Interesting People mailing list archives
IP: New York Times Internal Network Hacked
From: Dave Farber <dave () farber net>
Date: Tue, 26 Feb 2002 19:38:36 -0500
------ Forwarded Message From: "Kevin L. Poulsen" <klp () securityfocus com> Reply-To: <klp () securityfocus com> Date: Tue, 26 Feb 2002 16:32:12 -0800 To: "Farber () Cis Upenn Edu" <farber () cis upenn edu> Subject: New York Times Internal Network Hacked Dave, FYI. --- New York Times Internal Network Hacked http://online.securityfocus.com/news/340 Security holes in the New York Times internal network left sensitive databases exposed to hackers, including a file containing social security numbers and home phone numbers for contributors to the Times op-ed page, SecurityFocus Online has learned. In a two-minute scan performed on a whim, twenty-one-year-old hacker and sometimes-security consultant Adrian Lamo discovered no less than seven misconfigured proxy servers acting as doorways between the public Internet and the Times' private intranet, making the latter accessible to anyone capable of properly configuring their Web browser. "The very first server I looked at was running an open proxy," says Lamo. "The server practically approached me." Once on the newspaper's network, Lamo exploited weaknesses in the Times password policies to broaden his access, eventually browsing such disparate information as the names and social security numbers of the paper's employees, logs of home delivery customers' stop and start orders, instructions and computer dial-ups for stringers to file stories, lists of contacts used by the Metro and Business desks, and the "WireWatch" keywords particular reporters had selected for monitoring wire services. But measured by sheer star power, the hack is most notable for Lamo's access to a database of 3,000 contributors to the Times op-ed page, the august soap box of the cultural elite and politically powerful. The roster includes social security numbers for former U.N. weapons inspector Richard Butler, Democratic operative James Carville, ex-NSA chief Bobby Inman, Nannygate veteran Zoe Baird, former secretary of state James Baker, Internet policy thinker Larry Lessig, and thespian activist Robert Redford, who last May authored an op-ed on President Bush's environmental policies. <snip> ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: New York Times Internal Network Hacked Dave Farber (Feb 26)