I believe the operative term is "DOH!" Jon [EMAIL PROTECTED] http://online.securityfocus.com/news/340NEWS
Excerpt: New York Times Internal Network Hacked How open proxies and default passwords led to Adrian Lamo padding his rolodex with information on 3,000 op-ed writers, from William F. Buckley Jr. to Jimmy Carter. By Kevin Poulsen Feb 26 2002 4:15PM PT Security holes in the New York Times internal network left sensitive databases exposed to hackers, including a file containing Social Security numbers and home phone numbers for contributors to the Times op-ed page, SecurityFocus Online has learned. In a two-minute scan performed on a whim, twenty-one-year-old hacker and sometimes-security consultant Adrian Lamo discovered no less than seven misconfigured proxy servers acting as doorways between the public Internet and the Times' private intranet, making the latter accessible to anyone capable of properly configuring their Web browser. "The very first server I looked at was running an open proxy," says Lamo. "The server practically approached me." Once on the newspaper's network, Lamo exploited weaknesses in the Times password policies to broaden his access, eventually browsing such disparate information as the names and Social Security numbers of the paper's employees, logs of home delivery customers' stop and start orders, instructions and computer dial-ups for stringers to file stories, lists of contacts used by the Metro and Business desks, and the "WireWatch" keywords particular reporters had selected for monitoring wire services. But measured by sheer star power, the hack is most notable for Lamo's access to a database of 3,000 contributors to the Times op-ed page, the august soap box of the cultural elite and politically powerful. The roster includes Social Security numbers for former U.N. weapons inspector Richard Butler, Democratic operative James Carville, ex-NSA chief Bobby Inman, Nannygate veteran Zoe Baird, former secretary of state James Baker, Internet policy thinker Larry Lessig, and thespian activist Robert Redford, who last May authored an op-ed on President Bush's environmental policies. Entries with home telephone numbers include Lawrence Walsh, William F. Buckley Jr., Jeanne Kirkpatrick, Rush Limbaugh, Vint Cerf, Warren Beatty and former president Jimmy Carter. The database includes details on contributors' areas of expertise and what books they've written, and the odd note on how easily they succumb to editing or how much they were paid. Lamo notified the Times of the vulnerabilities Tuesday through a reporter, and provided them with a list of the open proxies. In a statement, a spokesperson for the paper said the Times takes security "very seriously."
