Blog Entries

On July 23rd an anonymous person was able to find the password to one of Fox’s secure servers in plain sight. Unfortunately, this is not an uncommon occurence, one person making a small oversight can put millions of dollars of company information at risk.  While browsing around the Fox News website (www.foxnews.com), the person stumbled across a file which contained the username and password for a highly secure FTP server.  Luckily, this person chose to publically expose the flaw instead of exploiting it or selling it to a malicious hacker.  Fox was able to patch the information leak by quickly changing the password to their server, but since the exploit had already been made public, there was still a great deal of damage done to their reputation.  As a major news outlet, much of their business depends on them being able to keep confidential information secure until they are ready to release it to the public.  Leaks like this could cause potential sources to think twice before sending them sensitive information; or even more importantly, it could cause mistrust among their viewership.

The only way to prevent leaks like this is through frequent and thorough security audits.  Oftentimes, internal teams do not have the time or resources necessary to conduct these audits frequently enough.  It is unknown how long the Fox News password was publically available, but it is likely that a well implemented monitoring program would have found the password first, notified Fox News, and allowed them to fix the problem before it became public.