Security at The New York Times’ website has been exposed after a reader gained publishing access to a weblog at the paper.
New Yorker Liza Sabater said she chanced upon a yet-to-be-launched New York politics blog and was able to log in and write posts to the site.
“[It was] just as easy as signing in through their WordPress login page,” Ms Sabater wrote. “I honestly cannot believe they just left the door open like that.”
The Times operates several weblogs using the open-source WordPress platform. Ms Sabater discovered the nascent blog, which does not yet appear on the paper’s index page and included placeholder design elements, in the referrer logs for her Daily Gotham site, which staff at the Gray Lady had linked from their development.
Upon logging in, she said, she posted several entries and exposed the incident to readers around the blogosphere.
“I did not hack into the site,” read her message. “You’ve just got a major security hole. You’ve overlooked what I would consider a huge detail in blog development. You never, ever leave the login permissions open while mired in testing and development.”