Hi,
Columns for country data in EventLogging tables sometimes not only contain the country code, but also larger chunks of the client cookies, which may put sensitive data into the tables.
The corresponding bug is https://bugzilla.wikimedia.org/show_bug.cgi?id=66478
At least NavigationTiming MultimediaViewerNetworkPerformance schemas for end of April 2014 onwards are affected.
If you publish reports exposing the country information/aggregates, please make sure to validate the country data against exposing sensitive information, or remove the exposing reports until the issue is fixed.
Sorry for the inconveniences, Christian
Props to Oliver Keyes for discovering this issue and bringing it to people's attention.
On Wed, Jun 11, 2014 at 10:09 AM, Christian Aistleitner < christian@quelltextlich.at> wrote:
Hi,
Columns for country data in EventLogging tables sometimes not only contain the country code, but also larger chunks of the client cookies, which may put sensitive data into the tables.
The corresponding bug is https://bugzilla.wikimedia.org/show_bug.cgi?id=66478
At least NavigationTiming MultimediaViewerNetworkPerformance schemas for end of April 2014 onwards are affected.
If you publish reports exposing the country information/aggregates, please make sure to validate the country data against exposing sensitive information, or remove the exposing reports until the issue is fixed.
Sorry for the inconveniences, Christian
-- ---- quelltextlich e.U. ---- \ ---- Christian Aistleitner ---- Companies' registry: 360296y in Linz Christian Aistleitner Kefermarkterstrasze 6a/3 Email: christian@quelltextlich.at 4293 Gutau, Austria Phone: +43 7946 / 20 5 81 Fax: +43 7946 / 20 5 81 Homepage: http://quelltextlich.at/
Analytics mailing list Analytics@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/analytics
Hi,
On Wed, Jun 11, 2014 at 10:25:24AM -0500, Aaron Halfaker wrote:
Props to Oliver Keyes for discovering this issue and bringing it to people's attention.
Yikes ... I didn't link the original report :-( Thanks Aaron for speaking up.
Thanks Oliver for discovering the issue! Initial report is at https://lists.wikimedia.org/mailman/private/analytics-internal/2014-June/001...
Have fun, Christian
Hi,
On Wed, Jun 11, 2014 at 05:09:45PM +0200, Christian Aistleitner wrote:
Columns for country data in EventLogging tables sometimes not only contain the country code, but also larger chunks of the client cookies, which may put sensitive data into the tables.
The corresponding bug is https://bugzilla.wikimedia.org/show_bug.cgi?id=66478
due to the issue reaching farther than anticipated, fixing it took some time, but everything should be back to normal now. Thanks to all that helped fixing it!
The country column from the tables of the EventLogging database are again good to use (including historic data).
Have fun, Christian