The Wikipedia Review: A forum for discussion and criticism of Wikipedia
Wikipedia Review Op-Ed Pages

Welcome, Guest! ( Log In | Register )

> General Discussion? What's that all about?

This subforum is for general discussion of Wikipedia and other Wikimedia projects. For a glossary of terms frequently used in such discussions, please refer to Wikipedia:Glossary. For a glossary of musical terms, see here. Other useful links:

Akahele.orgWikipedia-WatchWikitruthWP:ANWikiEN-L/Foundation-L (mailing lists) • Citizendium forums

3 Pages V  1 2 3 >  
Reply to this topicStart new topic
> Oh dear., or: a wikipedian's worse dream come true?
CrazyGameOfPoker
post Mon 7th May 2007, 5:35pm
Post #1


Senior Member
****

Group: Regulars
Posts: 332
Joined: Thu 9th Mar 2006, 12:19am
Member No.: 58



It seems like either some admins have gone rouge rogue, or even worse someone's cracking into their accounts.

First it was AndyZ who made a very "special" deletions, and another special block before finally being caught and desysopped.

As people were trying to figure out what exactly happened (Dmdevit apparently posted AndyZ's IP address as part of checkuser on AN/I, but I can't find the diff), a more sinister plot was brewing...

Apparently the devious cracker (or perhaps a copycat), found another account to get into. Apparently he decided to one up the main page image vandal, by replacing those lovely sitenotices that are on every page with Goatse. (Well he also blocked Jimbo and deleted the Main Page again, but that's small fish)

In order to calm the populace, it seems that Brion's going to run a cracker in order to find admins with weak passwords.

Meanwhile one has to wonder if this particular reign of terror is going to continue. ph34r.gif
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Mon 7th May 2007, 5:46pm
Post #2


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



And as usual, Cyde isn't very forgiving.
QUOTE(User:Cyde @ 14:16, 7 May 2007 UTC)
Why should we trust you to be an admin again? Your failure to take adequate security measures already got us a Tubgirl on the top of every page on Wikipedia. I and many others no longer trust you to have access to the bit anyway.

Well, I'd just like to say that I myself trust Jiang implicitly, and not only with the bit, but also the halter, the stirrups, and possibly even the lead rope.

I heard a rumor that his password was actually "jiang"...
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
taiwopanfob
post Mon 7th May 2007, 6:05pm
Post #3


Über Member
*****

Group: Regulars
Posts: 643
Joined: Fri 26th May 2006, 12:21pm
Member No.: 214



If it is possible to run a client-side password cracker against Wikipedia without an alarm going off somewhere, then there are problems than can not be fixed by simply changing passwords. More than likely someone is just trying a quick sweep with a very small number of highly likely passwords, and has scored a number of hits. Wasn't everyone poo-pooing this a while back re: dormant admin accounts?

User is offlineProfile CardPM
Go to the top of the page
+Quote Post
gomi
post Mon 7th May 2007, 6:10pm
Post #4


Member
********

Group: Members
Posts: 3,022
Joined: Fri 17th Nov 2006, 6:38pm
Member No.: 565



Here's what I don't understand: the password cracker could do much more damage if he/she compromised the account, changed the password, changed the email address, and then did nothing, or even better, acted normally, banning a few vandals here and there, voting in an AFD or RFA or whatever. There would be nothing (or at least very little) the compromised admin could do to re-take the account. Sigh.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Mon 7th May 2007, 6:22pm
Post #5


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



Now that this has happened, somebody could also study an inactive admin's contribs for a while, then e-mail a bunch of active admins saying that he'd used a weak password and that the real admin is an impostor. Then there'd always be this vague suspicion following the real admin around like a cloud... They could ALL be impostors...!

I'll bet a good 25 percent of the admins probably use the term "lovecabal" for a password. smile.gif
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Uly
post Mon 7th May 2007, 6:28pm
Post #6


Junior Member
**

Group: Contributors
Posts: 80
Joined: Wed 7th Jun 2006, 8:01pm
Member No.: 250



That assumes the cracker was out to cause damage.

History seems to have shown that security exploiters are more interested in highly visible pranks than in stealthy damage.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Rootology
post Mon 7th May 2007, 7:23pm
Post #7


Fat Cat
******

Group: Regulars
Posts: 1,489
Joined: Fri 26th Jan 2007, 11:11pm
Member No.: 877



Got another pwned admin account:

http://en.wikipedia.org/w/index.php?title=...Conscious&page=

This is just absurd and silly now.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Mon 7th May 2007, 7:30pm
Post #8


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



What was he doing, just blocking people at random? I mean, if the guy can program a bot to guess passwords, can't he program one to block all the other admins in under 60 seconds, so they don't have time to react? Or something?

C'mon, whoever you are! Can't you just save one account to do something really useful with, like start a huge wheel war with JoshuaZ, or maybe just mass-revert everything Jayjg and SlimVirgin have done since, well, Day One?

Not that he's likely to be reading this... sad.gif

Come to think of it, this is starting to reach media-attention proportions, isn't it?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Rootology
post Mon 7th May 2007, 7:36pm
Post #9


Fat Cat
******

Group: Regulars
Posts: 1,489
Joined: Fri 26th Jan 2007, 11:11pm
Member No.: 877



QUOTE(Somey @ Mon 7th May 2007, 12:30pm) *
Come to think of it, this is starting to reach media-attention proportions, isn't it?


Not until he/she/it does something more than just troll Wikipedia, probably, unless it continues going on for a decent amount of time. It's all back alley Wikipedia stuff that will get cornholed once the WP:ANI archives cycle. If only it could get out to the blogosphere...
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
CrazyGameOfPoker
post Mon 7th May 2007, 7:37pm
Post #10


Senior Member
****

Group: Regulars
Posts: 332
Joined: Thu 9th Mar 2006, 12:19am
Member No.: 58



Actually Somey, admins are able to use block/protect/delete when they're still blocked, so it wouldn't have an effect if he blocked all the administrators.

Certainly would be hilarious.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
The Joy
post Mon 7th May 2007, 7:37pm
Post #11


I am a millipede! I am amazing!
********

Group: Members
Posts: 3,838
Joined: Sat 17th Feb 2007, 2:25am
From: The Moon
Member No.: 982



QUOTE
Come to think of it, this is starting to reach media-attention proportions, isn't it?


If the hacker gets into the more prominent accounts, like JoshuaZ, Danny, or Jimbo, then it will most definitely get that way.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Mon 7th May 2007, 7:42pm
Post #12


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



QUOTE(CrazyGameOfPoker @ Mon 7th May 2007, 2:37pm) *
Actually Somey, admins are able to use block/protect/delete when they're still blocked, so it wouldn't have an effect if he blocked all the administrators.

Dang, they think of everything, don't they? mad.gif

I've got to get that MediaWiki test-bed installation done ASAP, so that I'll write about these things without sounding like a numbskull.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Rootology
post Mon 7th May 2007, 7:42pm
Post #13


Fat Cat
******

Group: Regulars
Posts: 1,489
Joined: Fri 26th Jan 2007, 11:11pm
Member No.: 877



ANOTHER one got haxxed.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Unrepentant Vandal
post Mon 7th May 2007, 7:45pm
Post #14


Über Member
*****

Group: Regulars
Posts: 866
Joined: Wed 6th Sep 2006, 12:38pm
Member No.: 394



Well chaps, I must admit that when this story broke I was very amused, and quickly got someone even less gainfully employed than myself to write a program to test these things. I can now report that the ten most inactive admins (from the list of wikipedian admins) do not have any of the 760 most commonly used passwords which I found on the net somewhere. None of them had any of these passwords, unfortunately.

If the person *is* reading this, please change the password of any remaining compromised accounts to aardvark, it would make these searches a lot quicker.

Note that there is nothing that Wikipedia can do about this, in the long term, without substantial redesign. They can brute force the current admins and enforce password change. It would be almost impossible to do this for all current users. An intelligent cracker will be looking for future admins to try. Even if number of logins is restricted, just try 5 logins for each user. Restrict it by IP and distributed computing is your friend. Remember to monitor new users, and keep a database of those whose passwords you obtain for future use, etc etc.

I'm not sure whether I should post the program or not, but at the moment I'm leading towards no.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
The Joy
post Mon 7th May 2007, 7:45pm
Post #15


I am a millipede! I am amazing!
********

Group: Members
Posts: 3,838
Joined: Sat 17th Feb 2007, 2:25am
From: The Moon
Member No.: 982



Not Tony the Marine! This is madness! Absolute madness! What is this person's agenda? Is he a disgruntled former Wikipedian or something? Or some crazed prankster?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Rootology
post Mon 7th May 2007, 7:47pm
Post #16


Fat Cat
******

Group: Regulars
Posts: 1,489
Joined: Fri 26th Jan 2007, 11:11pm
Member No.: 877



QUOTE(The Joy @ Mon 7th May 2007, 12:45pm) *
Not Tony the Marine! This is madness! Absolute madness! What is this person's agenda? Is he a disgruntled former Wikipedian or something? Or some crazed prankster?


$10 says Cplot! Does anyone raise $15 for Willy?
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
The Joy
post Mon 7th May 2007, 7:50pm
Post #17


I am a millipede! I am amazing!
********

Group: Members
Posts: 3,838
Joined: Sat 17th Feb 2007, 2:25am
From: The Moon
Member No.: 982



Is this related to the Robdurber admin going rogue? I think they proved that banned user Wonderfool was using that account.

How long will it take before the Community starts blaming one of us on WR for this fiasco?

Update: Tony the Marine's been unblocked and exonerated. He'll get his admin bit back soon. But who will fall next?

This post has been edited by The Joy: Mon 7th May 2007, 7:53pm
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Unrepentant Vandal
post Mon 7th May 2007, 7:51pm
Post #18


Über Member
*****

Group: Regulars
Posts: 866
Joined: Wed 6th Sep 2006, 12:38pm
Member No.: 394



QUOTE(Rootology @ Mon 7th May 2007, 8:47pm) *

QUOTE(The Joy @ Mon 7th May 2007, 12:45pm) *
Not Tony the Marine! This is madness! Absolute madness! What is this person's agenda? Is he a disgruntled former Wikipedian or something? Or some crazed prankster?


$10 says Cplot! Does anyone raise $15 for Willy?


Methinks GNAA or something... Dictionary attack is one of the oldest tricks in the book, and it would appear that it takes about ten or fifteen minutes to write the software to do this.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Mon 7th May 2007, 7:54pm
Post #19


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



QUOTE(The Joy @ Mon 7th May 2007, 2:45pm) *
What is this person's agenda?

My guess is he's upset about the supposedly "NPOV" coverage of Sony's PlayStation_3 sixth-generation videogame console.

One can hardly blame him...

QUOTE
Is he a disgruntled former Wikipedian or something? Or some crazed prankster?

Well, he's indef-blocked Jimbo twice now, so he at least knows that much about what's going on... In fact, this makes four times for ol' Jimbo. Pretty soon he's going to be branded a "recurring bannee."

This is the most fun we've had in months!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Rootology
post Mon 7th May 2007, 7:58pm
Post #20


Fat Cat
******

Group: Regulars
Posts: 1,489
Joined: Fri 26th Jan 2007, 11:11pm
Member No.: 877



From a Mediawiki technology standpoint, short of rushing new logon related code into production, there really isn't anything they can do at this point. They can't block all open proxies until they're used against WP. The bodies will keep falling until there are no more crap passwords for accounts. Given that this is now getting more attention, it's only a matter of time till "veteran" non-admin accounts are harvested for trolling and vandalism next. And I have to agree with Cyde on one point: you have a crap password, it's your own fault for anything bad happening. You might as well make your banking PIN number "1234".
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

3 Pages V  1 2 3 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

-   Lo-Fi Version Time is now: 29th 11 14, 6:07am