|
|
|
Wikileaker's identity |
|
|
Shalom |
|
Ãœber Member
Group: Regulars
Posts: 880
Joined:
Member No.: 5,566
|
I've determined Wikileaker's identity on a "more probable than not" standard of confidence. I assumed that the statements Wikileaker made about himself on Wikipedia Review are accurate, and I evaluated every arbitrator's history on Wikipedia against those statements. Only one user seemed to match all the criteria. Does anyone want to know? Newyorkbrad? Do you want to know? You did ask before: http://wikipediareview.com/index.php?s=&sh...ndpost&p=155190 [Wikileaker is NOT Newyorkbrad. I am pointing out that Newyorkbrad asked Wikileaker to identify himself.]
|
|
|
|
EricBarbour |
|
blah
Group: Regulars
Posts: 5,919
Joined:
Member No.: 5,066
|
|
|
|
|
Wikileaker |
|
Junior Member
Group: Contributors
Posts: 62
Joined:
Member No.: 4,864
|
QUOTE(Shalom @ Wed 6th July 2011, 11:04pm) I've determined Wikileaker's identity on a "more probable than not" standard of confidence. QUOTE I assumed that the statements Wikileaker made about himself on Wikipedia Review are accurate QUOTE I assumed Anyway, thanks for reminding me about that old "en-ac-private" group. I'll have to dig up my archives of that and see if there's anything interesting... this is of course contingent on me not running out of bourbon in the meantime...
|
|
|
|
radek |
|
Ãœber Member
Group: Regulars
Posts: 699
Joined:
Member No.: 15,651
|
QUOTE(No one of consequence @ Wed 6th July 2011, 10:40pm) I have no comment as to the accuracy of the guess, but retired arbitrators continued to have full access to the Arbcom mailing list until sometime in 2009 (if I recall correctly). After some controversy over something or other, and some early leaks that may or may not have been Wikileaker, Arbcom closed the Arbcom mailing list to all but current arbitrators only, and also created the functionaries mailing list, which checkusers, oversighters and past arbcom members in addition to current arbcom members are eligible to join.
The implication of this presumes that they change the password (or whatever guards access to these super sekrit archives) frequently. If not, then someone who had access to it pre 2009 (with some kind of axe to grind), who's access got removed, still could have gone back more recently and checked if "the old password still works" and then... Maybe it sounds a little far fetched but from what I understand a lot of these security breaches occur for mundane reasons like this. And the leaker did say that the reason for the leak was "stupidity" and this certainly fits the scenario.
|
|
|
|
Shalom |
|
Ãœber Member
Group: Regulars
Posts: 880
Joined:
Member No.: 5,566
|
QUOTE(radek @ Thu 7th July 2011, 12:38am) QUOTE(No one of consequence @ Wed 6th July 2011, 10:40pm) I have no comment as to the accuracy of the guess, but retired arbitrators continued to have full access to the Arbcom mailing list until sometime in 2009 (if I recall correctly). After some controversy over something or other, and some early leaks that may or may not have been Wikileaker, Arbcom closed the Arbcom mailing list to all but current arbitrators only, and also created the functionaries mailing list, which checkusers, oversighters and past arbcom members in addition to current arbcom members are eligible to join.
The implication of this presumes that they change the password (or whatever guards access to these super sekrit archives) frequently. If not, then someone who had access to it pre 2009 (with some kind of axe to grind), who's access got removed, still could have gone back more recently and checked if "the old password still works" and then... Maybe it sounds a little far fetched but from what I understand a lot of these security breaches occur for mundane reasons like this. And the leaker did say that the reason for the leak was "stupidity" and this certainly fits the scenario. I'm under the impression that each Arbcom-L user has an individual username and password, just like on Wikipedia or the Review. Sam Korn's login would have been disabled on January 16, 2009, when he and the other old-timers were removed from access to Arbcom-L. Perhaps the login was not disabled but he also didn't receive new messages. Any other former arbitrator from that time could comment here on what happened. Thatcher commented but he wasn't an arbitrator so he has no direct knowledge of what Sam Korn would have found different. Thus, there wasn't one password to ArbCom-L -- unless there was. I've also concluded that Sam Korn may be "Anonymous editor" here on Wikipedia Review. If I'm correct, it would enable me to continue our conversation from two years ago at "False statements at RFA" thread. I haven't examined "Anonymous editor"'s pattern enough to know with confidence, but one clue suggests that he is Wikileaker (both accounts tell someone else "You are a child"). Another clue suggests Anonymous editor is Sam Korn ("I know everything about you, Shalom, your name, your..."). Sam Korn checkusered me or at least reported results to me. This was before "Anonymous editor" taunted me in that way. This post has been edited by Shalom:
|
|
|
|
Kelly Martin |
|
Bring back the guttersnipes!
Group: Regulars
Posts: 3,270
Joined:
From: EN61bw
Member No.: 6,696
|
They were using mailman, which means each member had their own password, which was emailed to them in plain text once a month. There is also a master list password, which would be known to whoever managed the master list (used to be David Gerard, but I imagine not so anymore), and a master server password, which would be known to whoever runs the software (WMF technical team, I assume).
The thing is, these passwords are (as I mentioned) emailed to each member once a month, in plaintext. If one of the Arbs were to have been so foolish as to use a public access unencrypted WiFi to access their email, that would have allowed anyone with enough competence to run firesheep to capture a login cookie to their email account, and from that our intrepid hacker could have gotten anything that was presently in their email, presumably including that plaintext password. From there, the rest is gravy: log into the mailman archives with that password and download all the archives.
There are fairly simple steps that can be taken to avoid this sort of compromise, but fairly few people take them, and with eighteen people on the ArbCom it's a fair bet that at least one of them was not.
|
|
|
|
NuclearWarfare |
|
Senior Member
Group: Contributors
Posts: 382
Joined:
Member No.: 9,506
|
QUOTE(A Horse With No Name @ Thu 7th July 2011, 12:52pm) QUOTE(trenton @ Wed 6th July 2011, 11:49pm) Its either Sam Korn, Flcelloguy, or Fritzpoll.
Let the witch hunt begin!
Eh, phooey! It is really NuclearWarfare. Now let's grab some shovels and konk him on the head! (IMG: smilys0b23ax56/default/biggrin.gif) Oh shi...
|
|
|
|
Abd |
|
Postmaster
Group: Regulars
Posts: 1,919
Joined:
From: Northampton, MA, USA
Member No.: 9,019
|
QUOTE(NuclearWarfare @ Thu 7th July 2011, 11:17am) QUOTE(A Horse With No Name @ Thu 7th July 2011, 12:52pm) QUOTE(trenton @ Wed 6th July 2011, 11:49pm) Its either Sam Korn, Flcelloguy, or Fritzpoll.
Let the witch hunt begin! Eh, phooey! It is really NuclearWarfare. Now let's grab some shovels and konk him on the head! (IMG: smilys0b23ax56/default/biggrin.gif) Oh shi... Got him!
|
|
|
|
melloden |
|
.
Group: Contributors
Posts: 450
Joined:
Member No.: 34,482
|
QUOTE(No one of consequence @ Thu 7th July 2011, 3:40am) I have no comment as to the accuracy of the guess, but retired arbitrators continued to have full access to the Arbcom mailing list until sometime in 2009 (if I recall correctly). After some controversy over something or other, and some early leaks that may or may not have been Wikileaker, Arbcom closed the Arbcom mailing list to all but current arbitrators only, and also created the functionaries mailing list, which checkusers, oversighters and past arbcom members in addition to current arbcom members are eligible to join.
ArbCom did close off the list to old arbs on January 16, 2009 (but Wikileaker said he had access up to 2/16/09, so I guess that was a typo?). Sam Korn was an ombudsman in 2009--do they have access to the enwiki CU/OS lists?
|
|
|
|
Sololol |
|
Bell the Cat
Group: Contributors
Posts: 193
Joined:
Member No.: 50,538
|
QUOTE(Abd @ Thu 7th July 2011, 12:41pm) QUOTE(NuclearWarfare @ Thu 7th July 2011, 11:17am) QUOTE(A Horse With No Name @ Thu 7th July 2011, 12:52pm) QUOTE(trenton @ Wed 6th July 2011, 11:49pm) Its either Sam Korn, Flcelloguy, or Fritzpoll.
Let the witch hunt begin! Eh, phooey! It is really NuclearWarfare. Now let's grab some shovels and konk him on the head! (IMG: smilys0b23ax56/default/biggrin.gif) Oh shi... Got him! (IMG: smilys0b23ax56/default/unhappy.gif) And he would have gotten away with it if it weren't for you nosy kids and your horse.
|
|
|
|
|
|
3 User(s) are reading this topic (3 Guests and 0 Anonymous Users)
0 Members:
| |