-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Peter Mackay wrote:
From:
wikien-l-bounces(a)Wikipedia.org
[mailto:wikien-l-bounces@Wikipedia.org] On Behalf Of Brett Gustafson
Sent: Thursday, 3 November 2005 11:23
To: wikien-l(a)wikipedia.org
Subject: [WikiEN-l] Shock site bot
...But I recently heard of these people
that were talking about wikipedia that they were all
programming a hack for it. So after a little while I found it
was a spider to hunt down all the pages links and change them
to shocks site links or something along those lines.
There's something about this message that doesn't quite ring true to me (and
no, it's not the Nigerian spelling), but in case it's genuine, it doesn't
seem to be much of a threat - anything like this is going to be noticed very
quickly, the IP address swiftly blocked, and the pages repaired.
In case it is somehow programmed to be resistant to our normal defence
measures, then maybe we could have a white-hat robot searching for the links
inserted by the black-hat and reverting them.
If they were thinking of using an open proxy, one diligent user went and
blocked about a hundred of them the other day, completely flooded the
recent changes channel...
There have been similar incidences of "ZOMOGG let's run a bot to do
something stupid" before (eg. the junk username bot) - we stopped that
with a range block (I think it was most of AOL) and tagged all the
relevant usernames.
I also remember a threat of "mass disruption" that was communicated
about in code (I think it was some sort of substitution cipher), but the
planned attack never came.
Oh, and helpdesk-l, #wikipedia and info-en (used to) get plenty of
"There is a serious security problem with your site! Anyone can change
it!" posts, and we've survived /that/ problem for the last four years ;)
Bottom line to anyone who warns of an "iminent attack": We find your
ideas intriguing/interesting and wish to subscribe to your
newsletter/journal.
- --
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird -
http://enigmail.mozdev.org
iQEVAwUBQ2oXDrMAAH8MeUlWAQhCUQgAqym6b27ekfQzbBRZfdL0XT/RCPu49DCa
4OeP/Pjn1dqDqMVBfm5wcq741lHsE7EzAsQ2tplj7HaTSRKzhABzemyxf4Yab+w/
NNxLRj0TuneVEioBflWCepyuClacMd4XoRzVB2yIdqxlHu4n+rGSCtPHQ+2I8NaR
H4gEzLpBmrIgj8cBUNkfBJAqGQA1SWidkuerYTyeOc8Eu10sKduL3XpXYFE7dWl7
wdeop29EJ+9oWRt1qPpRRBt0FZkfIR+tLNsgqgBxT3MB+1fxTElBVYsJRkjPxKds
bryJh76cI5l3xVezXF/vRsgtSSKcgLQfa0wkEv3SncBWiRSculWEVw==
=HOIh
-----END PGP SIGNATURE-----