Administrators who pose a security risk

Editors, Admins and Bureaucrats blecch!
User avatar
Dysklyver
Sucks Critic
Posts: 391
Joined: Thu Jun 21, 2018 10:14 am
Has thanked: 8 times
Been thanked: 24 times

Re: Administrators who pose a security risk

Post by Dysklyver » Fri Nov 30, 2018 10:13 am

CrowsNest wrote:Classic Guy Macon......
Multiple attempts to log on to my account
There have been over 400 attempts to log on to my Wikipedia account, and the number is growing as I speak.

They aren't going to succeed -- my passphrase consists of 256 random characters generated from a hardware random number generator -- but I thought that somebody might want to track the IP address being used and see if they have an account. --Guy Macon (talk) 19:19, 29 November 2018 (UTC)
Risk advertising to the world what they should be programming their malware to look for if they want his password (hey, why not just try the clipboard?), for the vanishingly small possibility that the person trying to hack him is dumb enough to use their Wikipedia IP to do it.


Alas just that simple statement shows how Guy Moron knows little to nothing about password security. He probably just read the cryptography article which says passwords that long take 2.84 billion years to crack.

User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Mon Dec 03, 2018 3:42 am

I rarely text (which is the only way 2FA currently works on WP; other platforms permit authentication by email). Guess that means I should be desysopped :-). All the best, Miniapolis 16:08, 2 December 2018 (UTC)
No, it means you are a moron.

You should be desysopped, but you won't be. Stupidity is not a disqualifying trait.

User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Mon Dec 03, 2018 3:56 am

2FA will never be necessary if your password is genuinely strong and unique. — Bilorv(c)(talk) 13:53, 2 December 2018 (UTC)
Never?

Pretty sure this guy is a risk too.

User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Sat Feb 02, 2019 6:27 pm


User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Wed May 08, 2019 9:59 am

Jesus.....
One of the challenges of not being competent is that you don't know what you don't know. ...... Jehochman Talk 11:21, 6 May 2019 (UTC)
Why the fuck are you even opening your trap then?
Sending people tokens and asking them to write them down violates several principles of cybersecurity. First, the paper tokens don't expire until used, unlike authenticator tokens that expire after 30 seconds. Second, we should never write down passwords (yeah, everybody does, but this shouldn't be encouraged). Third, a typed security token can be phished just as easily as a typed in password.
It's better not to require any minimum length. That's already taken care of by restricting exposed passwords. Any common password or short password is already on the list of 500 million.
You're an idiot. Stop talking. Stop talking now.

These people, putting them INTO THE SEA is too good for them.
When I had to recover my account it was very inconvenient and the developers only helped me because I had such a long history and knew how to work the system. An ordinary user would probably just get frustrated and give up. Systems should be built considering the impact on everyone not just the elite users. Jehochman Talk 21:23, 6 May 2019 (UTC)
AN ORDINARY USER WOULD HAVE FOLLOWED THE INSTRUCTIONS. Write your scratch codes down. It's not rocket science. You're just a fucking moron who not only doesn't know what he doesn't know, he thinks he knows better than people whose actual job is cyber security.

Who would want the job of an WMF developer? You couldn't pay me a million bucks to be in a world where I would have to spend even a second pretending these people are not complete and utter morons.

I would pay good money to know what was said about Jehochman between the developers on their private channels as they instituted the Dumbass Protocols.

User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Fri May 10, 2019 1:23 pm

Why do they keep opening their mouths? WHY?
A major problem with 2FA as presently implemented is that there is no mechanism in place for resetting 2FA in the event a user is locked out. At present the proces is to open a ticket on phabricator and try to convince a developer that the request is both legitimate and worthy of attention.

2FA lockouts can occur fairly easily and are common over a time horizon of years with a user base numbering in the thousands.

The main problem in dealing with reset requests is confirming the legitimacy of the request. While we do not have a policy at the present time, we should be able to create one combining elements of:

-The passage of time, so that the legitimate operator of an account has the opportunity to log in and reject the request
-Comparing the requestor's identity to previous public statements by the account.
-Comparison of the requestor's appearance to photos from meetups or other similar events
-Confirmation that the email address associated with the account is under the requestor's control

This is a process that requires judgment that is best performed by someone answerable to the ENWP community. I believe that the 'crats are in the best position to perform these tasks.

I believe the best process to achieve this would be to build consensus locally and then involve WMF trust and safety. I would imagine that we would be forwarding approved reset requests for 2FA reset to developers (perhaps via phabricator) until there is sufficient volume to warrant an automated interface.

I believe that having a well-defined, fair process for 2FA resets will speed the adoption of 2FA and improve security. Even if the exisitng 2FA system is replaced with something better, the need for a process for handling reset requests will be ongoing.

I'm starting here and if there is sufficient support can open an RfC or otherwise get this in front of a wider audience.

UninvitedCompany 22:06, 6 May 2019 (UTC)
Firstly, the fact it is incredibly hard to recover a 2FA protected account after you've done all the things you need to do get locked out of it, is not a bug, it is a FEATURE.

As people have already pointed out, you cannot even get into Phabricator without your account, and a local policy for a global system is idiotic. But on it goes, getting discussed like these people have a clue.

Consider this - if a standard password is like a door key, then getting locked out of a 2FA protected account is like losing your door key, and losing your spare key, and losing your spare spare key, and it happening after you were specifically instructed to keep your spare keys and secure. You have to be that kind of fuckwit. You have to be a Jehochman.

That scenario is very apt, because typically your only way out of that situation, is finding some way to prove you are the legitimate owner of the house. That is not a "problem", that is how it should work, reflecting the gravitas of the situation you put yourself in, by being such a moron.

But let's drop that analogy, because you know what? WIKIPEDIA ALREADY HAS A WAY DEVS CAN VERIFY YOU OWN THE ACCOUNT WITHOUT REVEALING ANY PERSONAL INFORMATION.

It's called committed identity. If you know you're going to enable 2FA and you're the sort of idiot who loses their house keys a lot, then you can have a backup to your backup. All it involves is you remembering a different passphrase, creating a hash from it and posting that somewhere a dev can find it. Give the dev your paraphrase and voila, he knows you were the one who posted the hash. Like a locksmith who accepts cash and asks no questions.

Probably not a good idea to write the passphrase down on a computer, but much like 2FA scratch codes, there is minimal risk to you writing it down and keeping it in a place you know is safe and secure. Keep it in a different place to your scratch codes, not because that is a necessary protection for the security system (an attacker having one is as bad for you as having both), but because it has already been established that you lose shit, easily, even stuff you were specifically told it was important not to lose.

Shocked that creating a backup for your backup is this easy? You should not be. It has been a well known feature of enhanced Wikipedia account security, the sort of thing anyone who isn't a security risk, even someone who is just curious, would be aware of, because many users have their public key posted, well, publicly. Christ knows what Bishonen thinks they are. Pretty patterns? Secret codes for passing snide messages between little users?

It is perhaps understandable that the help page for 2FA doesn't mention this backup to your backup, because it is an extra thing to remember and really is a bit like having three spare keys for your house, which might make you feel secure, but won't really convince anyone that you should really be trusted with a house at all. But it is mentioned in the "User account security" page, which is linked from there.

User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Fri May 24, 2019 7:00 pm

The latest compromised Admin account, Nv8200pa, was discovered by complete accident, and a whole SEVENTEEN hours after it began doing "suspicious" things. Some little addict was bored and so decided to teach himself a bit of SQL by writing scripts which inspected user rights (because this is what Wikipedia is for, right?), and noticed a strange case of a brand new user called NVPA8200 who, despite having zero edits, had been granted all rights it is possible to be given by an Administrator.

How did it happen? Well, turns out the user was created by and given the rights by whichever hacker had compromised Nv8200pa. It took them all quite a while to figure out what was going on, compounded by the fact the hacker also covered their tracks by deleting logs and referred to entirely fake email correspondance, restricting who could definitively say, hold up lads, this is a load of bollocks.

Once eventually alerted by that bored addict, they were remarkably slow to suspect a compromise, 66 minutes passing until Steward locked the Admin account, even though it really should be the case that it has become so common that should be the first thing anyone thinks of should an Admin be seen doing anything even slightly odd.

There's the usual questions about how and why lots of this stuff is even possible technically, never mind the human angle. It strikes me the ability for anyone to just piss around running scripts just to learn how Wikipedia does things, is not the wisest thing to be doing, from a security perspective.

User avatar
CrowsNest
Sucks Maniac
Posts: 4459
Joined: Tue Feb 27, 2018 4:50 am
Been thanked: 5 times

Re: Administrators who pose a security risk

Post by CrowsNest » Thu Jun 06, 2019 11:44 am

Boing! wrote:I've been in computer software and computer systems all my working life, always in positions where account security was essential, and it can be astonishingly difficult trying to get even intelligent educated computer techies to secure their accounts properly.
Not half as difficult as getting the likes of Jehochman and RexxS to realize they are fucking morons who don't know shit about shit, surely?

In a real world environment, things can actually be done if users demonstrate not only an unwillingness to follow best practice, but make it pretty damn clear that unwillingness stems not from mere laziness, but an idiotic belief they understand things like 2FA better than the people telling them to use it.

Wikipedia is arguably it in the mess it is regarding the ongoing problem of compromised Administrator accounts not because people are lazy or stupid (although you can't discount that as a factor), an arguably bigger part of it is the fact genuinely stupid people are given a voice in things they clearly know nothing about, and are influencing the thoughts of others who are humble enough to admit they don't have the necessary expertise and are just looking for informed guidance.

It's a personality cult issue, is what it is. Wikipedia is a place where Boing! is not in any position to call out the likes of Queen Bishonen and her newly promoted underling RexxS for their utterly moronic comments on the merits of 2FA. And before you feel too bad for him, realise that this is probably not so much because he fears them (although in his private thoughts he probably does fear what they could do to him if they turned on him), rather that he is as much an enthusiastic supporter of their power as anyone else has been.

Unless or until Wikipedia finds a way to call out stupidity in those who have been promoted into positions of actual power and elevated into positions of social influence, precisely on the presumption they are not stupid, it will always be an issue.

I frankly cannot conceive of them ever finding a way. It is a feature.

Post Reply