Facebook Master Password Was "Chuck Norris" 319
I Don't Believe in Imaginary Property writes "A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."
Chuck Norris... (Score:4, Insightful)
doesn't need a password.
Re:Chuck Norris... (Score:5, Funny)
Will he brute force his way in?
Re: (Score:2)
Good one. Replying to remove my mistaken Overrated.
Re:Chuck Norris... (Score:5, Funny)
Re:Chuck Norris... (Score:4, Insightful)
Re: (Score:2)
I guess thats because the password is so tough that...oh never mind.
Re:Chuck Norris... (Score:4, Insightful)
The joke is so clever that you get modded insightful for talking about how someone got modded insightful for calling it clever.
Hopefully we'll see some recursion here...
Re:Chuck Norris... (Score:5, Funny)
Can Chuck Norris create a password SO strong that he, himself, cannot crack it?????
Yes.
And then he can crack it.
Re:Chuck Norris... (Score:5, Funny)
In Soviet Russia, passwords ask for Chuck Norris.
Re: (Score:2)
Well I for one welcome our new stream of Chuck Norris jokes.
Re:Chuck Norris... (Score:5, Funny)
Chuck Norris types in his name as the Username and a program never has the chance to ask for a Password.
Re:Chuck Norris... (Score:4, Funny)
Chuck Norris doesn't need a password, he just round-house kicks the keyboard into submission.
Re: (Score:3, Interesting)
Chuck Norris doesn't need a password, because when it's the real Chuck Norris - you just know.
Strongest password in the world (Score:3, Funny)
I don't see the problem here.
Q: What is the strongest pasword in the world?
A: "Chuck Norris"
Not the master password (Score:5, Funny)
It's not Facebook's fault: it's not like they actually set the master password to "Chuck Norris".
The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
Re:Not the master password (Score:4, Insightful)
My pants...
this is idle, right?
Re: (Score:2)
Try this when attempting to enter a club. When the bouncer denies you entry point and say, "Chuck Norris" while he is cowering for his life enter the club.
Re:Not the master password (Score:5, Funny)
Try this when attempting to enter a club. When the bouncer denies you entry
"Attempting"....Not "if" but "when"....
Make no mistake, this is definitely Slashdot. :-)
Re: (Score:2)
Re: (Score:2)
Please tell me you didn't use this line to get into your sister's pants ...
But it only works ... (Score:4, Insightful)
The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
But it only works for Chuck Norris.
Re: (Score:2, Funny)
It's not Facebook's fault: it's not like they actually set the master password to "Chuck Norris".
The real WTF is that "Chuck Norris" works as a password into anything: Facebook, your online bank account, your sister's pants...
You're getting your forums mixed up... I think you're looking for http://thedailywtf.com/ [thedailywtf.com]
Re: (Score:2)
If you can get into my sisters facebook account you can probably get into her pants.
Re: (Score:2)
Reading comprehension check, he said your sister's pants. I hope she's hot.
Reason #2378238 not to be on Facebook (Score:5, Insightful)
Like you need another reason?
Re: (Score:2)
The problem are not the tools, but how people use/misuse them. If you are smart enough you can make this service (or any other service) work fine without exposing yourself. It's not like they are watching you from a s
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Re: (Score:2)
What are you talking about? You've clearly never been on a 'working' lunch. People get sloshed.
Re: (Score:2)
True, but you guys also may be allowed the odd pint with lunch. Not so here in the United States of Amerika.
Why not?
Nowhere I've worked has had any sort of (enforced) policy on the issue. The one time I worked near a pub I would regularly have my lunch there*; officially I wasn't allowed to drink any alcohol (I think), and usually I'd order a soft drink but no one ever checked up on me. A glass of wine, or a vodka-red bull, passed my lips on more than one occasion. I can testify that I once saw my manager having a drink there at lunch time as well. As long as you don't get drunk, and work just as hard after lunc
Re: (Score:2)
What state do you live in? I bet it's south of Dixie!
Re: (Score:2)
School teachers can and do get reprimanded if not fired for engaging in activities that, while acceptable for adults, are "corrupting" for children.
It's not about whether it's legal, or a detriment to their job performance. It's about the example they're setting for those poor, impressionable children.
If pictures of a drunk teacher found their way to the wrong parent, they'd definitely be in trouble.
Re: (Score:2)
I was under the impression that, thanks to teacher's unions, a teacher pretty much can't get fired unless (s)he has sex with a student or something (and even then they just get suspended from active teaching while some committee "reviews" their actions). Or are you not from the US?
Re: (Score:2)
School teachers can and do get reprimanded if not fired for engaging in activities that, while acceptable for adults, are "corrupting" for children.
It's not about whether it's legal, or a detriment to their job performance. It's about the example they're setting for those poor, impressionable children.
If pictures of a drunk teacher found their way to the wrong parent, they'd definitely be in trouble.
That's a ludicrous state of affairs. I work in an FE college [wikipedia.org] we get kids from 14 all the way to 19. My employer hasn't once queried what I do in my own time as long it's within the law as I'm not seen to be representing them. As the drinking age here is 18 al lot of the students are doing worse themselves anyway; even the younger ones will probably be having a drink somehow anyway (underage drinking is a problem here).
I even know a couple of tutors who got drunk on college time in the presence of their l
Re: (Score:2)
Indeed. Heck I was on call for New Years Eve and I flat out told my boss that if I was called I'd have to have someone else drive me in and possibly tote me to a keyboard, but I'd be there if they needed me :). She just laughed.
I'm not sure that I'd want to work somewhere that they were so uptight that they would fire you for having a shot or two (or 8) in your off time.
Re: (Score:2)
Re: (Score:2)
There are multiple moving parts to this, though:
1) There is (was) a master password that was not unique to the accounts
and
2) It had sufficient security to obviate it
What if '2' is false? Would anyone ever admit to that fact?
SHOCKER (Score:5, Insightful)
Nearly everything you've ever done on the site is recorded into a database
Considering nearly everything you ever do on Facebook is made public to either your friends or everybody - thats not shocking at all. The entire system is basically built around informing everybody of everything you do. You can't even perform an action without some app or another prompting you "Do you want to post this on your profile? YES/NO".
And for those of you wondering, it's obvious what the new password is;
The only man to have ever beaten Chuck Norris? Bruce Lee.
Re: (Score:2)
Close but no cigar. (Score:2)
Come on, it's not Bruce Lee. Bruce Lee is dead. The new password MUST be Jack Bauer.
Close but no cigar.
"Jack Bauer" might work for physical access. But for password access to databases and encrypted files it's "Chloe O'Brian".
Re:SHOCKER (Score:5, Funny)
If 24 starred Chuck Norris, it would have been called "1".
And most of that time would have been Chuck just taking his time to get there...
-JJS
The only man to have ever beaten Chuck Norris? (Score:2, Informative)
From http://en.wikipedia.org/wiki/Chuck_Norris [wikipedia.org]
There's funny... (Score:3, Insightful)
There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.
Re:There's funny... (Score:5, Insightful)
Re: (Score:2)
It grew, he didn't. He's still a douche bag acting like a teenager.
Re:There's funny... (Score:5, Informative)
Re: (Score:2)
And as we know, no hacker has ever owned a system inside a company before.
Re: (Score:2)
Re:There's funny... (Score:5, Informative)
There's funny, and then there's irresponsible. Having "Chuck Norris" as a master password that grants access to any account is most definitely the latter. I would expect that from a couple of teenagers running their first web server, not one of the most popular websites on the Internet.
Despite what the summary and title say, the password was not "Chuck Norris". The password was a combination of uppercase letters, lowercase letters, numbers, and symbols that essentially spelled "Chuck Norris". In other words, probably something like "(hu(|<N0rr15". Also, it only worked from within the Facebook office, and was only known to certain individuals. It's not like you or I could have used the password from home to enter anyone's account.
There is a time and a place for silly HTML comments or in-joke variable names, but a master password for a site with hundreds of millions of users is not one of them.
It's pretty normal for support personnel to have access to production systems in order to provide support.
Re: (Score:3, Interesting)
Yes, but this is a childishly simple and unaccountable way to provide said access. Their current system (described in the article) where you hit "Switch login", you have to justify your action, and it is logged, is much better, although I hope it is restricted only to employees who have an active need to switch to other users' profiles, and approved beforehand for anyone else who needs to use it.
Re: (Score:3, Insightful)
Yes, but this is a childishly simple and unaccountable way to provide said access.
Considering Facebook logs everything, I wouldn't describe this as "unaccountable". I'm sure it's not that difficult to track who did what and when. In fact, the interview discusses cases where people who abused it were tracked down and fired.
It's not the best system, but that's exactly why they replaced it. It did the job for a while, then they introduced a better system. That's how things usually work.
Re: (Score:2)
(hu(|<N0rr15
Wait a minute... that's the combination on my luggage!
Re: (Score:2)
It's also worth noting that Facebook didn't have hundreds of millions of users when this was going down. They had MAYBE thousands.
Re: (Score:2)
It's pretty normal for support personnel to have access to production systems in order to provide support.
Right. Every IT support job I've had, I've made it widely known within the company, "I can read your email." It's not "I want to read your email," or "I will read your email," but "I am able to read your email and I may have to under some weird circumstances. If there's any personal information that you're too embarrassed for me to know, don't put it in your work email."
Ultimately we should all understand that email isn't completely secure unless you encrypt it. Your search habits aren't secure, and ne
Re:There's funny... (Score:5, Informative)
Inquiry, how do you know this? You from facebook?
No, I used a novel new approach to acquiring information — I read the article.
Re:There's funny... (Score:5, Funny)
No, I used a novel new approach to acquiring information — I read the article.
I'll go fetch the torches, guys.
Re:There's funny... (Score:5, Informative)
Re:There's funny... (Score:4, Interesting)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Yeah, that's why you should probably not rely on the summary to be accurate.
In other words, they used a lengthy password (presumably at least 11 characters) with a mix of alphanumerics and symbols and
Re: (Score:2)
RTFM...it's a good bit more complicated. Along with being deprecated sometime before now, the password was not just "Chuck Norris" but bore some resemblance to Chuck Norris including non-alphanumeric, numbers, different cases, etc. Maybe Chuck Norris wasn't a great source word, but I highly doubt from the description in the article there was any danger.
I feel that overall, it's a pretty good way to come up with passwords. For instance, take your pets name and childhood phone number, replace some letters wit
Re: (Score:2)
and can easily be extended in length.
Are there passwords that are difficult to extend in legth?
Re: (Score:2)
and can easily be extended in length.
Are there passwords that are difficult to extend in legth?
Yes. "Chuck Norris" cannot be extended. It is long enough already.
Re: (Score:2)
Are there passwords that are difficult to extend in legth?
And continue being easy to memorize (which is what I meant)? Absolutely. Obviously one can literally make any style password longer...
Memorize 10 characters of mixed case non-alphanumeric, numbers, etc. Completely random. Then extend to 20 completely random characters. 30. 40. It gets hard to remember!! Especially if you regularly deal with different passwords. I still remember a 14-character random password from a decade ago that I had to type most every day for months. On the otherhand I've already forgot
Re: (Score:2)
What a great idea. Since I have notthing to hide, let just not use password online. I'll just say "Hey that's me" to the website and it will let me in. Sounds perfect!
Re: (Score:2)
Not to people that want to sell useless things teenage girls don't really need to teenage girls.
Re: (Score:2)
I would certainly hope that physical access to one of their office desktops would not get you access to production live databases.
Also, there's a reason to set a password to begin with. Sometimes you want multiple layers of security. For example, sure you can only log into arbitrary profiles from inside their network, that makes sense, but do you really want everyone on that network to have that ability. Every single employee? What about visitors using their WiFi? What about contracted employees, say c
Re: (Score:2)
I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less. It was pretty fantastic.
TFA accuracy? (Score:4, Insightful)
Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.
This is rubbish, isn't it?
I've just typed "a" into the search box and it comes up with an alphabetical list of contacts. The first one happens to be someone whos profile I don't think I've ever clicked on.
Re: (Score:3, Interesting)
Re: (Score:2)
er no..
I just tried that and its highlighting almost everyone. Including people whose profiles I may have viewed once or twice as far back as 6 months ago, and maybe exchanged a well post back a few months ago too. While a person whose profile I go to weekly isn't highlighted and another person I visit daily is.
Re:TFA accuracy? (Score:5, Funny)
Re: (Score:2)
Chuck Norris... (Score:5, Funny)
Re: (Score:3, Funny)
The very idea of a "master password" seems scary.. (Score:5, Funny)
I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?
Re: (Score:2)
It's a shame the summary doesn't somehow provide you with access to more detailed information on the topic, like an article or something. If it did, you could read that and find out that there is no longer a master password (or at least, so they claim), as they've replaced that concept with a newer admin tool.
However, I disagree; in the context of FB, the idea of a master password is not scary.
At least the don't call the Master account (Score:2)
something lame like "root".
Re: (Score:2)
Re: (Score:2)
J03 pisC0p0
Like anyone's ever going to admit to using *that* as a password.
Re: (Score:2)
I wonder, what it is now... "Angelina Jolie"? "Bruce Willis"?
Obama
No, they had to change it.
Chuck Norris is good security (Score:5, Funny)
At least the master password wasn't something weak like "Rick Moranis." By using Chuck Norris, you can tell Facebook was taking security seriously.
i am the Keymaster (Score:2)
are you the Gatekeeper?
Re:i am the Keymaster (Score:4, Funny)
Don't look now, but you just propositioned a dude for sex...
google has a similar set up (Score:5, Funny)
in fact, a little known subplot in the whole drama last week over china hacking into google email servers is that chinese intel knew the master password for gmail was "chuck norris"
problem was, when the chinese spies typed chuck norris into the human rights activists' email logins, the password itself would jump off the computer screen, hit the spy with five roundhouse kicks to the face, then smash their keyboard into dust just by giving it a hard stare
so the chinese government had no other choice but to hire hackers to break into the accounts. because even when they hired seven of the greatest kung fu masters and the most proficient in the eighteen arms of wushu in all of china to stand by while the spy logged in, plus jet li, plus jackie chan, and plus the reanimated cyborg admantium zombie of bruce lee, the chuck norris password still roundhouse kicked all of them into submission
Re: (Score:2)
"problem was, when the chinese spies typed chuck norris into the human rights activists' email logins, the password itself would jump off the computer screen, hit the spy with five roundhouse kicks to the face, then smash their keyboard into dust just by giving it a hard stare"
That's why we need hackers to be skilled in martial art as in matrix!
We Have A "Magic" Password Too (Score:4, Insightful)
I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less.
Sounds like it was obscure enough to me. If a user just happened to be using that password they would have never known it was magic unless they thought to try it on another user id.
Chuck Norris (Score:2, Funny)
Now its ... (Score:5, Funny)
Re: (Score:3, Funny)
Hey! That's the same password I have on my chastity belt!
Stores in a database (Score:4, Insightful)
Unlike slashdot, which writes everything in code on paper and has mute gnomes who it in a locked vault.
Seriously, I expect this kind of idiocy from the AP, but I thought slashdot editors were supposed to be technical. Nearly every goddamn site stores user data in a database, and in nearly all these cases there are employees with the master passwords that allow them to see every damn thing. (Except, if you're lucky, the password.)
Stanford? (Score:2)
I don't think there's any question that Stanford is the number one CS department in the world.
Wow, there's so much question, it's ridiculous. According to US News and World Reports 2008 (the most recent I could find), it was tied with Berkeley and MIT for #1, and even that is being generous. For a while, it was Carnegie and MIT alternating between 1 and 2 every year. Perhaps she meant "the best entrepreneurial CS program".
How about Chuck Moore? (Score:2)
True Chuck Moore facts:
Chuck Moore wrote his own VLSI chip design system. In Forth. [simple-talk.com]
Engraving "Chuck Norris" on the floor (Score:3, Funny)
Re:Chuck Norris Jokes (Score:4, Funny)
So this guy shot Chuck Norris in the face with a shotgun, and then he ended up in prison, because murder is illegal.
Re:Chuck Norris Jokes (Score:5, Funny)
I think you meant because suicide is illegal.
Re: (Score:2)
Actually, as it is, it's the best joke ever.
Re: (Score:3, Funny)
that prison's name was Chuck Norris
Re: (Score:2)
U:RayMarron
P:Qwertyuiop
Hmm... it didn't work for me. Maybe it only works in chatrooms. ;)
Re: (Score:3, Interesting)
>Wow, I just figured out a new feature on Slashdot! You can type in, "U:username and P:password," and it will replace your password with stars.
They must have implemented a time machine because that joke is older than I am.