Printable Version of Topic

Click here to view this topic in its original format

_ General Discussion _

Posted by: Wikitaka

How great is the possibility of a database hack attack on WP by e.g. LulzSec, Anonymous, etc that would retrieve the full user list with passwords, etc and the "top secret" areas like CU, ArbCom, Jimbo's files, and so on?

You don't have to be an Einstein to know that it would be an interesting (and shocking) read... evilgrin.gif


Posted by: jsalsman

QUOTE(Wikitaka @ Fri 16th March 2012, 3:43pm) *

How great is the possibility of a database hack attack on WP by e.g. LulzSec, Anonymous, etc that would retrieve the full user list with passwords, etc
Very unlikely. The sysadmins can read the hashed and salted password list, but they are hashed with an up-to-date cryptographic hash function, so even they can not retrieve the plain text without quite a bit of effort expended on each.
QUOTE
and the "top secret" areas like CU, ArbCom, Jimbo's files, and so on?
Well, that has happened and will probably continue to happen periodically. All the sensitive email lists are distributed to many people by email, and few of them take the kind of precautions that most people named in those emails would probably prefer. Until that changes, it's probably safer to use a pseudonym for your email as well as your wiki accounts if you have anything to lose by exposure.

Posted by: Wikitaka

The easiest way, but one of the most unlikely ways to get further access to the ArbCom/CU mailing lists would be creating a Gmail account in the name of an arb/CU, sending an E-mail to the mailing list saying that the e-mail of the arb has been compromised and has to be removed from the mailing list urgently while the account you are using is given access.

Highly unlikely, but you never know with the Arbs....

Posted by: carbuncle

QUOTE(Wikitaka @ Fri 16th March 2012, 9:43pm) *

How great is the possibility of a database hack attack on WP by e.g. LulzSec, Anonymous, etc that would retrieve the full user list with passwords, etc and the "top secret" areas like CU, ArbCom, Jimbo's files, and so on?

You don't have to be an Einstein to know that it would be an interesting (and shocking) read... evilgrin.gif

Nobody outside of WP circles would be even vaguely interested. Inside WP circles, however, some people would get very nervous. Having your username, email, and password exposed tends to make people feel that way. I doubt there would be much damaging WP-related info that could be gleaned from that kind of a data leak (short of people using the same email for their sockpuppets).

I don't think this is in the cards - where's the attraction for someone with the skills to do it? After all, this isn't script-kiddy territory where someone can just look for known, unpatched exploits. They would have to actually do some work.

Posted by: barney

What about all these automated tools Wikipedians use like Twinkle or whatever? Seems like those would be a prime way to attack WP, for a skilled hacker.