The New York Times' corporate Intranet and Web-based applications that handle everything from payroll accounts to the newsroom's source database were penetrated by a freelance security researcher this week using nothing more than a Web browser, Newsbytes has learned. The . . .
The New York Times' corporate Intranet and Web-based applications that handle everything from payroll accounts to the newsroom's source database were penetrated by a freelance security researcher this week using nothing more than a Web browser, Newsbytes has learned. The discovery was made by 21-year-old Adrian Lamo, a white-hat hacker known for tracking down and alerting Fortune 500 companies that employ lackluster or non-existent security measures on their Web sites. The internal Web site included pages with detailed instructions for stringers and correspondents on how to file from the field, complete with dial-in modem numbers and accounts. The intranet also lists each Times employee's contact information, as well as their Social Security numbers.

According to screenshots obtained by Newsbytes, the Times' own "Everyone, Everywhere" newsroom contact database was also available via the corporate Intranet. The database contains phone numbers and contact information for such household names such as Yogi Berra, Warren Beatty, and Robert Redford, as well as high-profile political figures - including Palestinian leader Yassir Arafat and Secretary of State Colin Powell.

The source database also contains Social Security numbers for all of the Times' guest op-ed writers, including Democratic operative James Carville and Internet policy guru Lawrence Lessig. Also spotted in the file were entries for William F. Buckley Jr., Rush Limbaugh, Microsoft founder Bill Gates, and New York Mayor Michael Bloomberg.

The link for this article located at Newsbytes is no longer available.