|
|
|
Oh dear., or: a wikipedian's worse dream come true? |
|
|
CrazyGameOfPoker |
|
Senior Member
Group: Regulars
Posts: 332
Joined:
Member No.: 58
|
It seems like either some admins have gone rouge rogue, or even worse someone's cracking into their accounts. First it was AndyZ who made a very "special" deletions, and another special block before finally being caught and desysopped. As people were trying to figure out what exactly happened (Dmdevit apparently posted AndyZ's IP address as part of checkuser on AN/I, but I can't find the diff), a more sinister plot was brewing... Apparently the devious cracker (or perhaps a copycat), found another account to get into. Apparently he decided to one up the main page image vandal, by replacing those lovely sitenotices that are on every page with Goatse. (Well he also blocked Jimbo and deleted the Main Page again, but that's small fish) In order to calm the populace, it seems that Brion's going to run a cracker in order to find admins with weak passwords. Meanwhile one has to wonder if this particular reign of terror is going to continue. (IMG: smilys0b23ax56/default/ph34r.gif)
|
|
|
|
Somey |
|
Can't actually moderate (or even post)
Group: Moderators
Posts: 11,816
Joined:
From: Dreamland
Member No.: 275
|
And as usual, Cyde isn't very forgiving. QUOTE(User:Cyde @ 14:16, 7 May 2007 UTC) Why should we trust you to be an admin again? Your failure to take adequate security measures already got us a Tubgirl on the top of every page on Wikipedia. I and many others no longer trust you to have access to the bit anyway. Well, I'd just like to say that I myself trust Jiang implicitly, and not only with the bit, but also the halter, the stirrups, and possibly even the lead rope. I heard a rumor that his password was actually "jiang"...
|
|
|
|
Somey |
|
Can't actually moderate (or even post)
Group: Moderators
Posts: 11,816
Joined:
From: Dreamland
Member No.: 275
|
What was he doing, just blocking people at random? I mean, if the guy can program a bot to guess passwords, can't he program one to block all the other admins in under 60 seconds, so they don't have time to react? Or something?C'mon, whoever you are! Can't you just save one account to do something really useful with, like start a huge wheel war with JoshuaZ, or maybe just mass-revert everything Jayjg and SlimVirgin have done since, well, Day One? Not that he's likely to be reading this... (IMG: smilys0b23ax56/default/sad.gif) Come to think of it, this is starting to reach media-attention proportions, isn't it?
|
|
|
|
Rootology |
|
Fat Cat
Group: Regulars
Posts: 1,489
Joined:
Member No.: 877
|
|
|
|
|
Unrepentant Vandal |
|
Ãœber Member
Group: Regulars
Posts: 866
Joined:
Member No.: 394
|
Well chaps, I must admit that when this story broke I was very amused, and quickly got someone even less gainfully employed than myself to write a program to test these things. I can now report that the ten most inactive admins (from the list of wikipedian admins) do not have any of the 760 most commonly used passwords which I found on the net somewhere. None of them had any of these passwords, unfortunately.
If the person *is* reading this, please change the password of any remaining compromised accounts to aardvark, it would make these searches a lot quicker.
Note that there is nothing that Wikipedia can do about this, in the long term, without substantial redesign. They can brute force the current admins and enforce password change. It would be almost impossible to do this for all current users. An intelligent cracker will be looking for future admins to try. Even if number of logins is restricted, just try 5 logins for each user. Restrict it by IP and distributed computing is your friend. Remember to monitor new users, and keep a database of those whose passwords you obtain for future use, etc etc.
I'm not sure whether I should post the program or not, but at the moment I'm leading towards no.
|
|
|
|
Somey |
|
Can't actually moderate (or even post)
Group: Moderators
Posts: 11,816
Joined:
From: Dreamland
Member No.: 275
|
QUOTE(The Joy @ Mon 7th May 2007, 2:45pm) What is this person's agenda? My guess is he's upset about the supposedly "NPOV" coverage of Sony's PlayStation_3 sixth-generation videogame console. One can hardly blame him... QUOTE Is he a disgruntled former Wikipedian or something? Or some crazed prankster? Well, he's indef-blocked Jimbo twice now, so he at least knows that much about what's going on... In fact, this makes four times for ol' Jimbo. Pretty soon he's going to be branded a "recurring bannee." This is the most fun we've had in months!
|
|
|
|
Somey |
|
Can't actually moderate (or even post)
Group: Moderators
Posts: 11,816
Joined:
From: Dreamland
Member No.: 275
|
QUOTE(Rootology @ Mon 7th May 2007, 2:58pm) ...I have to agree with Cyde on one point: you have a crap password, it's your own fault for anything bad happening. You might as well make your banking PIN number "1234". Uh-oh... I'd better change my banking PIN number!Actually, wasn't that gag used in Spaceballs?Roland: Five. Dark Helmet: Five. Colonel Sandurz: Five. Dark Helmet: So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
Later... President Skroob: [enters after the interrogation of King Roland] Well? Did it work? Where's the king? Dark Helmet: It worked, sir. We have the combination. President Skroob: Great. Now we can take every last breath of fresh air from planet Druidia. What's the combination? Dark Helmet: 1 2 3 4 5. President Skroob: 1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Prepare Spaceball 1 for immediate departure! Dark Helmet: Yes, sir! President Skroob: And change the combination on my luggage!
|
|
|
|
The Joy |
|
I am a millipede! I am amazing!
Group: Members
Posts: 3,839
Joined:
From: The Moon
Member No.: 982
|
Dark Helmet: "The password's '12345'? That's stupid! That's like a combination for some idiot's luggage!" President Screwb: "What's the password?" Spaceball officer: "12345, sir!" President Screwb: "That's the same combination as my luggage!" From the movie Spaceballs. Sorry, I couldn't resist! (IMG: smilys0b23ax56/default/biggrin.gif) Update: Ah, Somey! You caught me, as they say on WP, in an Edit Conflict! Now the joke is lost! This post has been edited by The Joy:
|
|
|
|
BobbyBombastic |
|
gabba gabba hey
Group: Regulars
Posts: 1,071
Joined:
From: BADCITY, Iowa
Member No.: 1,223
|
QUOTE(Unrepentant Vandal @ Mon 7th May 2007, 8:44pm) QUOTE(Uly @ Mon 7th May 2007, 9:36pm) I should say so. This would carry jail time in Flordia, if Wikimedia can get the DA to play along.
It may come under the computer misuse act here, but I wouldn't be sure. I think that the fact Wikipedia invites anyone to edit it would make the case much more complex. Certainly there wouldn't be a problem with straight vandalism. identifying the individuals is the other problem. and the harm done is not all that great. im sure wikipatriots are calling for prison time. btw, these incidents display why anonymity of admins may not be such a good idea. {{unblock|OMG THIS IS NOT THE HAX0R UNBLOCK PLZ}} just doesn't work. pushing admins to identify their account names with their real names should ensue more hilarity. especially considering sockpuppet admins, people with conflict of interests, etc. at this points, it seems disclosing this information to the Foundation would be better than nothing. This post has been edited by BobbyBombastic:
|
|
|
|
michael |
|
Senior Member
Group: Contributors
Posts: 254
Joined:
Member No.: 1,097
|
QUOTE(Rootology @ Mon 7th May 2007, 12:47pm) QUOTE(The Joy @ Mon 7th May 2007, 12:45pm) Not Tony the Marine! This is madness! Absolute madness! What is this person's agenda? Is he a disgruntled former Wikipedian or something? Or some crazed prankster? $10 says Cplot! Does anyone raise $15 for Willy? Willy was just an immature page move vandal. He also apparently repented nad contributed positively for a time, but his legacy is continued by the legion sof imposters. Cplot...he was just an annoying 9/11 conspirast, who also employed extremely effective tactics to be able to create a whole ton of accounts. Neither says password cracker to me.
|
|
|
|
JTM |
|
New Member
Group: Contributors
Posts: 45
Joined:
Member No.: 1,141
|
As to the identity of the hacker I just have two words:
Brian Peppers.
That is all.
|
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| |