We can guess, of course, and some of us are very good guessers, but here:
http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-black-...
Fred
Did you mean to post this on Wikimedia-l? Probably a bit offtopic for the software list. :)
(And no, MediaWiki does not contain any NSA backdoors. But for all you know, your server's BIOS might!)
-- brion
On Tue, Jun 11, 2013 at 11:20 AM, Fred Bauder fredbaud@fairpoint.netwrote:
We can guess, of course, and some of us are very good guessers, but here:
http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-black-...
Fred
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Of course there is no backdoor for CIA, nor NSA.
Everybody knows mediawiki is controlled by KGB
On Tue, Jun 11, 2013 at 8:34 PM, Brion Vibber brion@pobox.com wrote:
Did you mean to post this on Wikimedia-l? Probably a bit offtopic for the software list. :)
(And no, MediaWiki does not contain any NSA backdoors. But for all you know, your server's BIOS might!)
-- brion
On Tue, Jun 11, 2013 at 11:20 AM, Fred Bauder fredbaud@fairpoint.netwrote:
We can guess, of course, and some of us are very good guessers, but here:
http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-black-...
Fred
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Tue, 11 Jun 2013 11:42:00 -0700, Petr Bena benapetr@gmail.com wrote:
Of course there is no backdoor for CIA, nor NSA.
Everybody knows mediawiki is controlled by KGB
T_T I was going to insert a joke about it really being controlled by <insert relevant Australian organization here> due to Tim's "easter egg" on Special:Version but it looks like https://gerrit.wikimedia.org/r/#/c/54319/ got rid of it.
On Tue, Jun 11, 2013 at 8:34 PM, Brion Vibber brion@pobox.com wrote:
Did you mean to post this on Wikimedia-l? Probably a bit offtopic for the software list. :)
(And no, MediaWiki does not contain any NSA backdoors. But for all you know, your server's BIOS might!)
-- brion
On Tue, Jun 11, 2013 at 11:20 AM, Fred Bauder fredbaud@fairpoint.netwrote:
We can guess, of course, and some of us are very good guessers, but here:
http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-black-...
Fred
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Indeed, it'd be pretty hard to do. Since we use git, anyone trying to sneak something in would break history and likely get noticed.
-Chad On Jun 11, 2013 2:34 PM, "Brion Vibber" brion@pobox.com wrote:
Did you mean to post this on Wikimedia-l? Probably a bit offtopic for the software list. :)
(And no, MediaWiki does not contain any NSA backdoors. But for all you know, your server's BIOS might!)
-- brion
On Tue, Jun 11, 2013 at 11:20 AM, Fred Bauder <fredbaud@fairpoint.net
wrote:
We can guess, of course, and some of us are very good guessers, but here:
http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-black-...
Fred
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Am Dienstag, 11. Juni 2013, 14:42:36 schrieb Chad:
Indeed, it'd be pretty hard to do. Since we use git, anyone trying to sneak something in would break history and likely get noticed.
That is not entirely true. Considering the live website is at best a git clone and not the main git repo (or just an automatic mirror of the git sources), all you'd need to get is access to the server, and secretly modifying the live sources. You could also set up a git merge hook, where git are pulled and on top of that applies your backdoor again, so the sysadmins won't notice in first place. No git commits involved here. Just food for thoughts ;)
-Chad
On Jun 11, 2013 2:34 PM, "Brion Vibber" brion@pobox.com wrote:
Did you mean to post this on Wikimedia-l? Probably a bit offtopic for the software list. :)
(And no, MediaWiki does not contain any NSA backdoors. But for all you know, your server's BIOS might!)
-- brion
On Tue, Jun 11, 2013 at 11:20 AM, Fred Bauder <fredbaud@fairpoint.net
wrote: We can guess, of course, and some of us are very good guessers, but
here:
http://www.scientificamerican.com/article.cfm?id=5-basic-unknowns-nsa-blac k-hole-prism>
Fred
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Tue, Jun 11, 2013 at 3:16 PM, Ingo Malchow imalchow@kde.org wrote:
Am Dienstag, 11. Juni 2013, 14:42:36 schrieb Chad:
Indeed, it'd be pretty hard to do. Since we use git, anyone trying to sneak something in would break history and likely get noticed.
That is not entirely true. Considering the live website is at best a git clone and not the main git repo (or just an automatic mirror of the git sources), all you'd need to get is access to the server, and secretly modifying the live sources.
Well yes, but...
You could also set up a git merge hook, where git are pulled and on top of that applies your backdoor again, so the sysadmins won't notice in first place. No git commits involved here. Just food for thoughts ;)
Which would subsequently show up on git-status. And if you tried to add your $secretFile to .gitignore, there'd be a change to .gitignore in the tree.
Impossible to do? No. But hard to do without tipping someone off, yeah, I'd say so. Heck, we spot the problem all the time when someone goes and makes a live hack without committing.
-Chad
On Tue, 11 Jun 2013 13:18:57 -0700, Chad innocentkiller@gmail.com wrote:
Which would subsequently show up on git-status. And if you tried to add your $secretFile to .gitignore, there'd be a change to .gitignore in the tree.
.git/info/exclude
Impossible to do? No. But hard to do without tipping someone off, yeah, I'd say so. Heck, we spot the problem all the time when someone goes and makes a live hack without committing.
-Chad
On 12/06/13 05:16, Ingo Malchow wrote:
Am Dienstag, 11. Juni 2013, 14:42:36 schrieb Chad:
Indeed, it'd be pretty hard to do. Since we use git, anyone trying to sneak something in would break history and likely get noticed.
That is not entirely true. Considering the live website is at best a git clone and not the main git repo (or just an automatic mirror of the git sources), all you'd need to get is access to the server, and secretly modifying the live sources. You could also set up a git merge hook, where git are pulled and on top of that applies your backdoor again, so the sysadmins won't notice in first place. No git commits involved here. Just food for thoughts ;)
Like Brion said, this is the MediaWiki list, so what you can do on a single live website is not really relevant.
It would probably be possible to insert a back door into MediaWiki, in the form of a non-obvious arbitrary script execution vulnerability. If it was done with care, by an agent planted long in advance, it would look like an honest mistake, if it was detected. But if I was running the CIA/NSA/FBI, I could imagine more interesting places to put agents.
-- Tim Starling
mediawiki-l@lists.wikimedia.org