Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Wikitech

Inactive sysops + improving security

 

 

First page Previous page 1 2 3 Next page Last page  View All Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded


lists at nadir-seen-fire

Apr 4, 2012, 4:56 AM

Post #26 of 51 (424 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

Sooo... we're on the way to HTTPS... what's next?
YubiKey/Google Authenticator/etc... 2-factor auth? Or signed client side
user certificates (<keygen>, etc...)?

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

On Wed, 04 Apr 2012 04:31:02 -0700, Petr Bena <benapetr [at] gmail> wrote:

> Ok, your reply makes a lot of sense. However problem is that how users
> get more "hats" they are usually more afraid of loosing them :-) and
> would probably like to have an option to protect from attackers (I
> don't really know but I hope that people with some extra flags are
> trying to have a secure password at least). The account is getting
> more valuable and for example account of some stewards might be a good
> target for hackers. The question is how these people can defend
> themselves when the philosophy is "we don't need strong security
> because user accounts aren't valuable / can't do much damange to site"
> - when their account is compromised, they will surely have the flags
> revoked permanently, that's likely not what they want. So at some
> point, having more security measures which could be opt-in for people
> who do care about their account, in opposite of people whom account
> isn't interesting for hackers would make some point too. Given that
> there are thousands of sysops on big projects, I guess they would
> welcome to have this feature. (Not that I care, personally, I was just
> interested in implementing that to mediawiki)
>
> On Wed, Apr 4, 2012 at 11:48 AM, Thomas Morton
> <morton.thomas [at] googlemail> wrote:
>>>
>>> The current process needs to be done by hand, which isn't just
>>
>> annoying, but also not fail safe, some accounts might be overlooked,
>>> etc. Bureaucrats can mislick or forget.
>>
>>
>> Certainly automatic de-sysoping after a certain inactivity would be
>> useful;
>> an extension that does the notifications and ultimately the de-sysoping
>> would be useful to automate the community approved process, don't get me
>> wrong on that front, I like the idea!
>>
>>
>>> The email account is likely
>>> much more safe than wikimedia account,
>>
>>
>> Not a good premise to take; email accounts are high value targets (as
>> opposed to a Wikipedia account, which has relatively low general value).
>> So although they are harder to crack (to a point) they are also more
>> worthwhile targets.
>>
>> So an email account is a significant risk.
>>
>> And an account without an email address added could be argued to be
>> *more*secure.
>>
>> the google for example offers a
>>> lot of security measures we don't, because they don't follow "hacking
>>> user wouldn't do much damage" philosophy.
>>
>>
>> It's largely security theatre; except the two factor authentication
>> (which
>> is actually useful). Our accounts simple aren't that valuable, which is
>> why
>> actual security of that form isn't really a good option. What you
>> proposed
>> is only really a stopgap.
>>
>>
>>> And I guess many other
>>> providers do the same. Hacking to two accounts would be much harder
>>> than hacking one, given to that once the first account is hacked, the
>>> user would be immediately notified in email (hacker would have very
>>> limited time to hack to email box as well).
>>>
>>
>> Realistically, and in my experience, this is not the case. You're
>> relying
>> on the user to respond, or being in a position to respond - which is the
>> critical failing of the proposal.
>>
>> When we do pen tests often we will make notifications of some sort
>> appear
>> in front of users to see how they respond to them - and often the
>> response
>> is confusion, not concern. Remember; the large part of the WM community
>> is *
>> not* technical.
>>
>> Tom

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 5:33 AM

Post #27 of 51 (372 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

I said it would be opt-in so they wouldn't be spammed unless they
would like to be

On Wed, Apr 4, 2012 at 2:36 PM, Platonides <Platonides [at] gmail> wrote:
> On 04/04/12 10:47, Petr Bena wrote:
>> The accounts could be compromised just using a brute force attacks
>> which would be running for a long time. Since user would never know
>> their account is being cracked, they would likely never bother with
>> making their password more strong, neither report it somewhere. If I
>> was an inactive sysop and I received a message that someone has done
>> 500 000 login attempts over night, I would likely ask some bureaucrat
>> to remove my sysop flag, since I don't even need it.
>
> Many people would complain that wikipedia is spamming them... and do
> nothing.
> Note that there's no way to stop an ip from trying to login.
> I think login failures are aggregated in some server, the sysadmins
> should be able to detect from there a bruteforce attempt and ban the ips
> at the squids. I don't know if there's such alarm implemented, though.
>
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


innocentkiller at gmail

Apr 4, 2012, 5:35 AM

Post #28 of 51 (376 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Wed, Apr 4, 2012 at 8:33 AM, Petr Bena <benapetr [at] gmail> wrote:
> I said it would be opt-in so they wouldn't be spammed unless they
> would like to be
>

I would like to remind everyone that user preferences are
evil--especially when it comes to things relating to security.

The correct thing to do is to come up with sensible defaults
that work for everyone.

-Chad

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Platonides at gmail

Apr 4, 2012, 5:36 AM

Post #29 of 51 (373 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On 04/04/12 10:47, Petr Bena wrote:
> The accounts could be compromised just using a brute force attacks
> which would be running for a long time. Since user would never know
> their account is being cracked, they would likely never bother with
> making their password more strong, neither report it somewhere. If I
> was an inactive sysop and I received a message that someone has done
> 500 000 login attempts over night, I would likely ask some bureaucrat
> to remove my sysop flag, since I don't even need it.

Many people would complain that wikipedia is spamming them... and do
nothing.
Note that there's no way to stop an ip from trying to login.
I think login failures are aggregated in some server, the sysadmins
should be able to detect from there a bruteforce attempt and ban the ips
at the squids. I don't know if there's such alarm implemented, though.


_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 5:38 AM

Post #30 of 51 (370 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

Why is it evil?

On Wed, Apr 4, 2012 at 2:35 PM, Chad <innocentkiller [at] gmail> wrote:
> On Wed, Apr 4, 2012 at 8:33 AM, Petr Bena <benapetr [at] gmail> wrote:
>> I said it would be opt-in so they wouldn't be spammed unless they
>> would like to be
>>
>
> I would like to remind everyone that user preferences are
> evil--especially when it comes to things relating to security.
>
> The correct thing to do is to come up with sensible defaults
> that work for everyone.
>
> -Chad
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


overlordq at gmail

Apr 4, 2012, 7:24 AM

Post #31 of 51 (374 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Wed, Apr 4, 2012 at 7:38 AM, Petr Bena <benapetr [at] gmail> wrote:
> Why is it evil?

Bluntly?
Users, for the most part, are stupid. Or rather, they make silly
choices that can make systems more vulnerable without knowing better.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 7:35 AM

Post #32 of 51 (374 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

That sounds like as microsoft would interpret how perfect system
should work, and why I don't like windows:

"We know best what the user wants, so let us configure the system
according to what we think that is best for them, without even giving
them option to change anything on that"

Seriously, don't make microsoft windows from mediawiki, please. We
could as well make mediawiki do what it "thinks that user wants to do"
rather than "what user really wants"

On Wed, Apr 4, 2012 at 4:24 PM, OQ <overlordq [at] gmail> wrote:
> On Wed, Apr 4, 2012 at 7:38 AM, Petr Bena <benapetr [at] gmail> wrote:
>> Why is it evil?
>
> Bluntly?
> Users, for the most part, are stupid. Or rather, they make silly
> choices that can make systems more vulnerable without knowing better.
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 7:40 AM

Post #33 of 51 (371 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

Also keep in mind we are talking about accounts which are interesting
for hackers, stewards and such. I hope that people who are
volunteering as stewards aren't just "stupid" and would eventually
read manual / ask someone who knows how does it work, before changing
options in insecure way. (Anyway if it was opt-in it would be either
more secure or same insecure as it's now)

On Wed, Apr 4, 2012 at 4:35 PM, Petr Bena <benapetr [at] gmail> wrote:
> That sounds like as microsoft would interpret how perfect system
> should work, and why I don't like windows:
>
> "We know best what the user wants, so let us configure the system
> according to what we think that is best for them, without even giving
> them option to change anything on that"
>
> Seriously, don't make microsoft windows from mediawiki, please. We
> could as well make mediawiki do what it "thinks that user wants to do"
> rather than "what user really wants"
>
> On Wed, Apr 4, 2012 at 4:24 PM, OQ <overlordq [at] gmail> wrote:
>> On Wed, Apr 4, 2012 at 7:38 AM, Petr Bena <benapetr [at] gmail> wrote:
>>> Why is it evil?
>>
>> Bluntly?
>> Users, for the most part, are stupid. Or rather, they make silly
>> choices that can make systems more vulnerable without knowing better.
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> Wikitech-l [at] lists
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 7:42 AM

Post #34 of 51 (375 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

Let me clarify:
we are talking about accounts which are interesting for hackers such
as these of stewards.

I didn't want to compare stewards to hackers :-)

On Wed, Apr 4, 2012 at 4:40 PM, Petr Bena <benapetr [at] gmail> wrote:
> Also keep in mind we are talking about accounts which are interesting
> for hackers, stewards and such. I hope that people who are
> volunteering as stewards aren't just "stupid" and would eventually
> read manual / ask someone who knows how does it work, before changing
> options in insecure way. (Anyway if it was opt-in it would be either
> more secure or same insecure as it's now)
>
> On Wed, Apr 4, 2012 at 4:35 PM, Petr Bena <benapetr [at] gmail> wrote:
>> That sounds like as microsoft would interpret how perfect system
>> should work, and why I don't like windows:
>>
>> "We know best what the user wants, so let us configure the system
>> according to what we think that is best for them, without even giving
>> them option to change anything on that"
>>
>> Seriously, don't make microsoft windows from mediawiki, please. We
>> could as well make mediawiki do what it "thinks that user wants to do"
>> rather than "what user really wants"
>>
>> On Wed, Apr 4, 2012 at 4:24 PM, OQ <overlordq [at] gmail> wrote:
>>> On Wed, Apr 4, 2012 at 7:38 AM, Petr Bena <benapetr [at] gmail> wrote:
>>>> Why is it evil?
>>>
>>> Bluntly?
>>> Users, for the most part, are stupid. Or rather, they make silly
>>> choices that can make systems more vulnerable without knowing better.
>>>
>>> _______________________________________________
>>> Wikitech-l mailing list
>>> Wikitech-l [at] lists
>>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


morton.thomas at googlemail

Apr 4, 2012, 7:54 AM

Post #35 of 51 (375 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On 4 April 2012 15:35, Petr Bena <benapetr [at] gmail> wrote:

> That sounds like as microsoft would interpret how perfect system
> should work, and why I don't like windows:
>
> "We know best what the user wants, so let us configure the system
> according to what we think that is best for them, without even giving
> them option to change anything on that"
>
> Seriously, don't make microsoft windows from mediawiki, please. We
> could as well make mediawiki do what it "thinks that user wants to do"
> rather than "what user really wants"


Actually; what he is describing is super-serious security 101.

Users are always a major security flaw in any system, and leaving security
options up the them increases your attack vector (i.e; most people don't
use Gmail 2 factor authentication, because it is a pain).

There is a reason Microsoft (successfully) makes use of this model. As does
most modern Linux distro's, Mac OSX, etc etc. The key is getting a balance
between sane defaults and advanced configuration for those with proven
responsibility to understand their own security.

If you make it *easy* for an individual to disable a key security feature
then your security effectively becomes useless.

Tom
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


morton.thomas at googlemail

Apr 4, 2012, 7:56 AM

Post #36 of 51 (368 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On 4 April 2012 15:40, Petr Bena <benapetr [at] gmail> wrote:

> Also keep in mind we are talking about accounts which are interesting
> for hackers, stewards and such. I hope that people who are
> volunteering as stewards aren't just "stupid" and would eventually
> read manual / ask someone who knows how does it work, before changing
> options in insecure way. (Anyway if it was opt-in it would be either
> more secure or same insecure as it's now)
>
>
Traditionally; the more technically literate a user is, the worse his/her
security regime tends to be.

For example; my security regime - a programmer & security consultant - is
fairly bad.

Tom
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 8:33 AM

Post #37 of 51 (372 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

OK, but this is a new option which doesn't exist now, and if it could
be turned off, it wouldn't affect the security more than making it
just same as it's now. The reason why it should be in preferences is
that some users might want it and some would rather not have it. (In
fact as default this should be disabled, it's advanced feature for
users with risky accounts, like sysops). I am talking about email
warning when someone is trying to hack in your account. The auto sysop
removal and such should no way be in user preferences.

On Wed, Apr 4, 2012 at 4:56 PM, Thomas Morton
<morton.thomas [at] googlemail> wrote:
> On 4 April 2012 15:40, Petr Bena <benapetr [at] gmail> wrote:
>
>> Also keep in mind we are talking about accounts which are interesting
>> for hackers, stewards and such. I hope that people who are
>> volunteering as stewards aren't just "stupid" and would eventually
>> read manual / ask someone who knows how does it work, before changing
>> options in insecure way. (Anyway if it was opt-in it would be either
>> more secure or same insecure as it's now)
>>
>>
> Traditionally; the more technically literate a user is, the worse his/her
> security regime tends to be.
>
> For example; my security regime - a programmer & security consultant - is
> fairly bad.
>
> Tom
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


innocentkiller at gmail

Apr 4, 2012, 8:45 AM

Post #38 of 51 (374 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Wed, Apr 4, 2012 at 10:24 AM, OQ <overlordq [at] gmail> wrote:
> On Wed, Apr 4, 2012 at 7:38 AM, Petr Bena <benapetr [at] gmail> wrote:
>> Why is it evil?
>
> Bluntly?
> Users, for the most part, are stupid. Or rather, they make silly
> choices that can make systems more vulnerable without knowing better.
>

There's that. There's also the "adding preferences adds to the overall
complexity of the system."

-Chad

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 4, 2012, 8:48 AM

Post #39 of 51 (380 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

That's something 1 group of people agree and another strongly disagree

Let's make both, if you really want simple preferences, why not to
have "advanced" toggle, which uncover the complex stuff?

On Wed, Apr 4, 2012 at 5:45 PM, Chad <innocentkiller [at] gmail> wrote:
> On Wed, Apr 4, 2012 at 10:24 AM, OQ <overlordq [at] gmail> wrote:
>> On Wed, Apr 4, 2012 at 7:38 AM, Petr Bena <benapetr [at] gmail> wrote:
>>> Why is it evil?
>>
>> Bluntly?
>> Users, for the most part, are stupid. Or rather, they make silly
>> choices that can make systems more vulnerable without knowing better.
>>
>
> There's that. There's also the "adding preferences adds to the overall
> complexity of the system."
>
> -Chad
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


innocentkiller at gmail

Apr 4, 2012, 8:59 AM

Post #40 of 51 (374 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Wed, Apr 4, 2012 at 11:48 AM, Petr Bena <benapetr [at] gmail> wrote:
> That's something 1 group of people agree and another strongly disagree
>
> Let's make both, if you really want simple preferences, why not to
> have "advanced" toggle, which uncover the complex stuff?
>

Because we've been over this time and time again as a community[0][1]
and the consensus is always against adding additional preferences if we
can avoid it.

-Chad

[0] http://lists.wikimedia.org/pipermail/wikitech-l/2006-December/028158.html
[1] http://lists.wikimedia.org/pipermail/wikitech-l/2007-March/030298.html

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


emufarmers at gmail

Apr 4, 2012, 9:40 AM

Post #41 of 51 (380 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Wed, Apr 4, 2012 at 7:53 AM, Daniel Friesen
<lists [at] nadir-seen-fire> wrote:
> Rather than cut-off rate limits isn't it a better experience to use
> something with a slow exponential/compound increase

It's worth noting that there's already a softer cut-off: ConfirmEdit's
"badlogin" trigger. Still, I like your idea.

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


agarrett at wikimedia

Apr 12, 2012, 7:49 PM

Post #42 of 51 (400 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Wed, Apr 4, 2012 at 6:25 PM, Petr Bena <benapetr [at] gmail> wrote:

> > An account with sysop rights cannot do that much damage anyway.
> > Deleting a page does no more damage than deleting a paragraph in an
> > existent page, and the latter can be done by anybody; in fact,
> > deleting a page makes a lot more noise. The same goes for protection,
> > blocking and editing in the MediaWiki space - everything is easily
> > traceable and reversible, and in a functioning wiki community the
> > damage will be minimal.
>
> That isn't excuse to leave project open to damage. Security of
> mediawiki users and their accounts should be important for us anyway.
>

Actually, this is the most important thing to think about.

There is no such thing as perfect security. You just need to make it more
costly to breach security than the benefit that a hacker would get for it.
Conversely, you need to expend no more effort in security than the cost of
a breach in security.

Now, there are things that sysops can do that aren't so easily reversible.
You could surreptitiously add site JS that captured tokens from checkusers
and released large amounts of sensitive data, so it's not exactly without
merit. But I don't think it's justifiable to dismiss discussion about
whether extra security is "worth it".

--
Andrew Garrett
Wikimedia Foundation
agarrett [at] wikimedia
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


wikiposta at gmail

Apr 12, 2012, 10:00 PM

Post #43 of 51 (365 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

2012/4/13 Andrew Garrett <agarrett [at] wikimedia>

> You could surreptitiously add site JS that captured tokens from checkusers
> and released large amounts of sensitive data,
>

What can CUs do to prevent this?

--
Binris
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jayvdb at gmail

Apr 12, 2012, 10:17 PM

Post #44 of 51 (355 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Thu, Apr 5, 2012 at 12:42 AM, Petr Bena <benapetr [at] gmail> wrote:
> Let me clarify:
> we are talking about accounts which are interesting for hackers such
> as these of stewards.

Really? You're clearly designing a system targeting inactive sysops
who disappear, but it doesnt seem suitable for inactive stewards who
disappear.
The former happens and nobody notices or cares, whereas the latter
rarely happens without anyone noticing/caring, and never happens for
more than a year because of steward re-elections.

Unless the software is going to poll stewards who have been inactive
for a month or two, it wont be more effective than the current system,
and the current system of steward re-elections isnt replaceable with
your design (or any other software solution).

--
John Vandenberg

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 12, 2012, 10:56 PM

Post #45 of 51 (361 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

That was just an example, interesting are of course even checkuser
accounts and such. I don't see any reason why system which notify you
that someone is trying to login as you is something bad for stewards.

On Fri, Apr 13, 2012 at 7:17 AM, John Vandenberg <jayvdb [at] gmail> wrote:
> On Thu, Apr 5, 2012 at 12:42 AM, Petr Bena <benapetr [at] gmail> wrote:
>> Let me clarify:
>> we are talking about accounts which are interesting for hackers such
>> as these of stewards.
>
> Really? You're clearly designing a system targeting inactive sysops
> who disappear, but it doesnt seem suitable for inactive stewards who
> disappear.
> The former happens and nobody notices or cares, whereas the latter
> rarely happens without anyone noticing/caring, and never happens for
> more than a year because of steward re-elections.
>
> Unless the software is going to poll stewards who have been inactive
> for a month or two, it wont be more effective than the current system,
> and the current system of steward re-elections isnt replaceable with
> your design (or any other software solution).
>
> --
> John Vandenberg
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


jayvdb at gmail

Apr 12, 2012, 11:33 PM

Post #46 of 51 (352 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On Fri, Apr 13, 2012 at 3:56 PM, Petr Bena <benapetr [at] gmail> wrote:
> That was just an example, interesting are of course even checkuser
> accounts and such. I don't see any reason why system which notify you
> that someone is trying to login as you is something bad for stewards.

That feature would be awesome.

https://bugzilla.wikimedia.org/show_bug.cgi?id=9838

--
John Vandenberg

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 12, 2012, 11:52 PM

Post #47 of 51 (362 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

Yes, that is what I just tried to propose in second email :-) I see I
am not the only one who believe we need it

On Fri, Apr 13, 2012 at 8:33 AM, John Vandenberg <jayvdb [at] gmail> wrote:
> On Fri, Apr 13, 2012 at 3:56 PM, Petr Bena <benapetr [at] gmail> wrote:
>> That was just an example, interesting are of course even checkuser
>> accounts and such. I don't see any reason why system which notify you
>> that someone is trying to login as you is something bad for stewards.
>
> That feature would be awesome.
>
> https://bugzilla.wikimedia.org/show_bug.cgi?id=9838
>
> --
> John Vandenberg
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


ariel at wikimedia

Apr 13, 2012, 12:06 AM

Post #48 of 51 (412 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

Στις 13-04-2012, ημέρα Παρ, και ώρα 12:49 +1000, ο/η Andrew Garrett
έγραψε:
> On Wed, Apr 4, 2012 at 6:25 PM, Petr Bena <benapetr [at] gmail> wrote:
>
> > > An account with sysop rights cannot do that much damage anyway.
> > > Deleting a page does no more damage than deleting a paragraph in an
> > > existent page, and the latter can be done by anybody; in fact,
> > > deleting a page makes a lot more noise. The same goes for protection,
> > > blocking and editing in the MediaWiki space - everything is easily
> > > traceable and reversible, and in a functioning wiki community the
> > > damage will be minimal.
> >
> > That isn't excuse to leave project open to damage. Security of
> > mediawiki users and their accounts should be important for us anyway.
> >
>
> Actually, this is the most important thing to think about.
>
> There is no such thing as perfect security. You just need to make it more
> costly to breach security than the benefit that a hacker would get for it.
> Conversely, you need to expend no more effort in security than the cost of
> a breach in security.
>
> Now, there are things that sysops can do that aren't so easily reversible.
> You could surreptitiously add site JS that captured tokens from checkusers
> and released large amounts of sensitive data, so it's not exactly without
> merit. But I don't think it's justifiable to dismiss discussion about
> whether extra security is "worth it".
>

If I wanted to cause harm to an editing community, one of the better
ways might be to take over a few inactive sysop accounts and slowly
start to push for policies and take actions that are divisive. The
resulting damage to community trust would be hard indeed to undo; think
back to the various infiltration programs of law enforcement into
activist groups in the 1960's and 1970's in the U.S. for a prime example
of this.

I don't think this justifies automated de-sysopping of inactive accounts
(because this also sends a message about trust or value to the account
owner), but a notification system of some sort, as has been proposed
earlier in this thread, might be nice.

Ariel


_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


benapetr at gmail

Apr 13, 2012, 12:30 AM

Post #49 of 51 (352 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

No doubt that any user account compromised would be unfortunate and
would also mean that developers didn't make the software secure
enough. On one side there are needs for big restriction on community
developers from being able to access resources (not just shell access
is restricted a lot) but it was also announced recently that any site
using standard api authentication to wikimedia would be blocked from
having access to cluster, unless it uses any other authentication
despite that there is no other way (so it completely blocks various
projects). On other side you are telling here that security isn't so
important since the compromised accounts couldn't do much damage.

I don't really know what is true, but I agree that security is
something important, we shouldn't underestimate, so any improvement
which actually doesn't cost much (in some cases it does cost literally
0$, for example rewriting some policies on projects requiring sysops
to have strong passwords is something what would cost only a time
needed to fix it) is worth of implementing.

Ariel: I didn't propose to auto desysop anyone, I proposed to improve
security for users themselves, the accounts wouldn't get really
desysoped but deactivated and needed to be activated by email. Also if
you really want to tell us how is it possible to hack to the site,
please don't post it publicly next time, "If I wanted to cause harm to
an editing community, one of the better ways might be ..." sounds
dangerous from someone who has access to servers :-)

On Fri, Apr 13, 2012 at 9:06 AM, Ariel T. Glenn <ariel [at] wikimedia> wrote:
> 13-04-2012, , 12:49 +1000, / Andrew Garrett
> :
>> On Wed, Apr 4, 2012 at 6:25 PM, Petr Bena <benapetr [at] gmail> wrote:
>>
>> > > An account with sysop rights cannot do that much damage anyway.
>> > > Deleting a page does no more damage than deleting a paragraph in an
>> > > existent page, and the latter can be done by anybody; in fact,
>> > > deleting a page makes a lot more noise. The same goes for protection,
>> > > blocking and editing in the MediaWiki space - everything is easily
>> > > traceable and reversible, and in a functioning wiki community the
>> > > damage will be minimal.
>> >
>> > That isn't excuse to leave project open to damage. Security of
>> > mediawiki users and their accounts should be important for us anyway.
>> >
>>
>> Actually, this is the most important thing to think about.
>>
>> There is no such thing as perfect security. You just need to make it more
>> costly to breach security than the benefit that a hacker would get for it.
>> Conversely, you need to expend no more effort in security than the cost of
>> a breach in security.
>>
>> Now, there are things that sysops can do that aren't so easily reversible.
>> You could surreptitiously add site JS that captured tokens from checkusers
>> and released large amounts of sensitive data, so it's not exactly without
>> merit. But I don't think it's justifiable to dismiss discussion about
>> whether extra security is "worth it".
>>
>
> If I wanted to cause harm to an editing community, one of the better
> ways might be to take over a few inactive sysop accounts and slowly
> start to push for policies and take actions that are divisive. The
> resulting damage to community trust would be hard indeed to undo; think
> back to the various infiltration programs of law enforcement into
> activist groups in the 1960's and 1970's in the U.S. for a prime example
> of this.
>
> I don't think this justifies automated de-sysopping of inactive accounts
> (because this also sends a message about trust or value to the account
> owner), but a notification system of some sort, as has been proposed
> earlier in this thread, might be nice.
>
> Ariel
>
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


Platonides at gmail

Apr 13, 2012, 11:21 AM

Post #50 of 51 (355 views)
Permalink
Re: Inactive sysops + improving security [In reply to]

On 13/04/12 09:30, Petr Bena wrote:
> "If I wanted to cause harm to an editing community, one of the better ways might be ..." sounds dangerous from someone who has access to servers :-)

He is a puppetmaster who wants nothing from his puppets? :)
http://xkcd.com/792/



_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

First page Previous page 1 2 3 Next page Last page  View All Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.