"So why did rusty leave the dump out?"
It was an old dump from December, back in ye olde Slash days of Kuro5hin. Since Slash doesn't store the passwords encrypted (like Scoop does), the fellow who found the problem uncompressed the table and read it. Because of Rusty's policy of not really changing his passwords often, the person who found the problem could post it. Rusty was properly given a tongue lashing for this, of course :-)
The person who found the problem (and posted the test "hax0r" message) was mature enough to delete it and logout afterwards. Naturally, we went into fascistic-security mode anyway. I'd already port scanned the identified assailent, as well as blocked their access to kuro5hin (via ipchains) by the time the mail arrived explaining the situation :-)
This was a funny non-event for us, but it's just another reminder to not put files that contain sensitive information on a site in plain text. It's how those wacky colon cat makers, :Digital:Convergence.:Com, had their big "privacy expose." Many other sites have also had problems with this.
Drdink had a different view on the situation:
"MSN Kuro5hin Project
Day 1: Leaked all passwords. Will be attacked by skriptkiddie soon and all personal information will be stolen.
Day 2: Skript Kiddie found that rusty's k5 password was the root password for the machine. Kuro5hin will be back in a few months on a new server."
Well, shucks, there goes our next freebie from VA (and for being listed with fuckedcompany.com)!