The Wikipedia Review: A forum for discussion and criticism of Wikipedia
Wikipedia Review Op-Ed Pages

Welcome, Guest! ( Log In | Register )

> General Discussion? What's that all about?

This subforum is for general discussion of Wikipedia and other Wikimedia projects. For a glossary of terms frequently used in such discussions, please refer to Wikipedia:Glossary. For a glossary of musical terms, see here. Other useful links:

Akahele.orgWikipedia-WatchWikitruthWP:ANWikiEN-L/Foundation-L (mailing lists) • Citizendium forums

 
Reply to this topicStart new topic
> 
Wikitaka
post Fri 16th March 2012, 9:43pm
Post #1


New Member
*

Group: Contributors
Posts: 24
Joined: Fri 9th Mar 2012, 9:47pm
Member No.: 76,720



How great is the possibility of a database hack attack on WP by e.g. LulzSec, Anonymous, etc that would retrieve the full user list with passwords, etc and the "top secret" areas like CU, ArbCom, Jimbo's files, and so on?

You don't have to be an Einstein to know that it would be an interesting (and shocking) read... evilgrin.gif

User is offlineProfile CardPM
Go to the top of the page
+Quote Post
jsalsman
post Fri 16th March 2012, 9:55pm
Post #2


New Member
*

Group: Contributors
Posts: 45
Joined: Tue 21st Feb 2012, 6:57pm
Member No.: 76,279



QUOTE(Wikitaka @ Fri 16th March 2012, 3:43pm) *

How great is the possibility of a database hack attack on WP by e.g. LulzSec, Anonymous, etc that would retrieve the full user list with passwords, etc
Very unlikely. The sysadmins can read the hashed and salted password list, but they are hashed with an up-to-date cryptographic hash function, so even they can not retrieve the plain text without quite a bit of effort expended on each.
QUOTE
and the "top secret" areas like CU, ArbCom, Jimbo's files, and so on?
Well, that has happened and will probably continue to happen periodically. All the sensitive email lists are distributed to many people by email, and few of them take the kind of precautions that most people named in those emails would probably prefer. Until that changes, it's probably safer to use a pseudonym for your email as well as your wiki accounts if you have anything to lose by exposure.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Wikitaka
post Fri 16th March 2012, 10:00pm
Post #3


New Member
*

Group: Contributors
Posts: 24
Joined: Fri 9th Mar 2012, 9:47pm
Member No.: 76,720



The easiest way, but one of the most unlikely ways to get further access to the ArbCom/CU mailing lists would be creating a Gmail account in the name of an arb/CU, sending an E-mail to the mailing list saying that the e-mail of the arb has been compromised and has to be removed from the mailing list urgently while the account you are using is given access.

Highly unlikely, but you never know with the Arbs....
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
carbuncle
post Fri 16th March 2012, 10:00pm
Post #4


Fat Cat
******

Group: Regulars
Posts: 1,601
Joined: Sun 30th Mar 2008, 4:48pm
Member No.: 5,544



QUOTE(Wikitaka @ Fri 16th March 2012, 9:43pm) *

How great is the possibility of a database hack attack on WP by e.g. LulzSec, Anonymous, etc that would retrieve the full user list with passwords, etc and the "top secret" areas like CU, ArbCom, Jimbo's files, and so on?

You don't have to be an Einstein to know that it would be an interesting (and shocking) read... evilgrin.gif

Nobody outside of WP circles would be even vaguely interested. Inside WP circles, however, some people would get very nervous. Having your username, email, and password exposed tends to make people feel that way. I doubt there would be much damaging WP-related info that could be gleaned from that kind of a data leak (short of people using the same email for their sockpuppets).

I don't think this is in the cards - where's the attraction for someone with the skills to do it? After all, this isn't script-kiddy territory where someone can just look for known, unpatched exploits. They would have to actually do some work.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
barney
post Sat 17th March 2012, 6:16am
Post #5


Neophyte


Group: Contributors
Posts: 6
Joined: Fri 16th Mar 2012, 9:39pm
Member No.: 76,900



What about all these automated tools Wikipedians use like Twinkle or whatever? Seems like those would be a prime way to attack WP, for a skilled hacker.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

-   Lo-Fi Version Time is now: 3rd 9 14, 7:00am