Hello,
Many of you may have been receiving emails in the last 24 hours warning you of "Multiple failed attempts to log in" with your account. I wanted to let you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to decrease the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized access to random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems and processes to offset the impact of malicious efforts such as these, the best method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the past to support things like stronger password requirements,[1] and we continue to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your passwords,[2] actively running antivirus software on your systems, and keeping your system software up to date.
My team will continue to investigate this incident, and report back if we notice any concerning changes. If you have any questions, please contact the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
On 4 May 2018 at 01:27, John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning you of "Multiple failed attempts to log in" with your account. I wanted to let you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to decrease the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized access to random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems and processes to offset the impact of malicious efforts such as these, the best method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the past to support things like stronger password requirements,[1] and we continue to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your passwords,[2] actively running antivirus software on your systems, and keeping your system software up to date.
My team will continue to investigate this incident, and report back if we notice any concerning changes. If you have any questions, please contact the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Thanks for the update.
Could you please follow up with a public report about incident and the analysis. There is plenty of data available in the public domain, and an awful lot of users have been affected, there seems no special reason to keep the basic analysis a secret even if some behind-the-scenes changes might need to remain unpublished. I have raised this as a Phabricator ticket as a prompt.[1]
By the way, the Wikimedia user community is still waiting for the promised report on the OurMine hack of 11th November 2016. Could you get on with it please? Leaving users hanging for more than a year for analysis to get published is not a good look for the WMF, it leaves us wondering if this type of standard analysis gets done properly or not.[2]
Links 1. https://phabricator.wikimedia.org/T193846 Publish analysis of sustained login attack of 3 May 2018 2. https://phabricator.wikimedia.org/T150605 Publish an analysis of the OurMine hack
Thanks Fae
Dear Security group of the Wikimedia Foundation,
The community has been patiently waiting for *113 days* for an analysis to be published for the login attack of 3 May 2018.
The community has been waiting for *650 days* (that's around one year and 10 months) for an analysis of the OurMine hack to be published.
We are repeatedly, and at times rudely, advised by WMF employees to raise Phabricator tickets for these types of task, which now appears to be deliberately bad advice if the tickets can remain open but languish as "Needs Triage" and ignored by the WMF for a period of years or indefinitely until the community conveniently forgets about them.
The OurMine hack was an important breach of Wikimedia project security, and though the precise details may not be smart to make public as this might risk becoming guidance for future hackers, nobody can object to a potted summary and analysis of how severe the attack was, and what types of steps the WMF has taken to ensure this will never be repeated.
Links 1. https://phabricator.wikimedia.org/T193846 Publish analysis of sustained login attack of 3 May 2018 2. https://phabricator.wikimedia.org/T150605 Publish an analysis of the OurMine hack (11 November 2016)
Thank you for helping out with better community communication, Fae
Wouldn't disclosure in a public forum of any details of such an attack potentially inform the attackers and would-be imitators of the success or lack thereof of the attack, of its methods, and of detection and cleanup methods?
On Sat, Aug 25, 2018 at 12:21 PM, Fæ faewik@gmail.com wrote:
Dear Security group of the Wikimedia Foundation,
The community has been patiently waiting for *113 days* for an analysis to be published for the login attack of 3 May 2018.
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning you of "Multiple failed attempts to log in" with your account. I wanted to let you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to decrease the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized access to random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems and processes to offset the impact of malicious efforts such as these, the best method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the past to support things like stronger password requirements,[1] and we continue to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your passwords,[2] actively running antivirus software on your systems, and keeping your system software up to date.
From my experience, anti-virus programs usually do more harm than good. For example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance to malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should use https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report back if we notice any concerning changes. If you have any questions, please contact the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
I have been a Linux advocate for almost a decade now and from 'my past experience', I can tell you have opened a topic of a huge discussion about people should switch to Linux Desktops (which is off-topic here). But I respectfully disagree with your statement, "anti-virus programs usually do more harm than good".
From a conservative viewpoint, some protection is still better to have than
no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a weaker point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
--- Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning
you
of "Multiple failed attempts to log in" with your account. I wanted to
let
you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized access
to
random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems
and
processes to offset the impact of malicious efforts such as these, the
best
method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the past to support things like stronger password requirements,[1] and we continue to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your passwords,[2] actively running antivirus software on your systems, and keeping your system software up to date.
From my experience, anti-virus programs usually do more harm than good. For example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance to malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should use https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report back if we notice any concerning changes. If you have any questions, please contact the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no one there to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post - http://shlom.in/reply .
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
I am also a Linux advocate, and have been so for years (decades?). That been said, I imagine that there are still more people using Windows XP than there are people using Linux. Last time I checked (october 2017) it was something like 5% using XP and less than 1% using linux, all distros included. We can safely predict that virus outvreaks will be a problem for linux once it reaches 5% or 10% market share...
Gabe
On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa shabab.mustafa@gmail.com wrote:
I have been a Linux advocate for almost a decade now and from 'my past experience', I can tell you have opened a topic of a huge discussion about people should switch to Linux Desktops (which is off-topic here). But I respectfully disagree with your statement, "anti-virus programs usually do more harm than good".
From a conservative viewpoint, some protection is still better to have than no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a weaker point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning
you
of "Multiple failed attempts to log in" with your account. I wanted to
let
you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized
access
to
random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems
and
processes to offset the impact of malicious efforts such as these, the
best
method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the
past
to support things like stronger password requirements,[1] and we
continue
to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your
passwords,[2]
actively running antivirus software on your systems, and keeping your system software up to date.
From my experience, anti-virus programs usually do more harm than good.
For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance to malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should
use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report back if
we
notice any concerning changes. If you have any questions, please
contact
the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no one
there
to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post - http://shlom.in/reply
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Shlomi,
I believe that the problem is with your particular brand of antivirus, eventhough they all block a bit more or less to prevent certain risks.
Nevertheless, making an extrapolation to every antivirus from the experience with only one brand, and concluding "they do more harm than good" based on that, seems a bit off.
Cheers!
El lun., may. 7, 2018 10:02, Gabriel Thullen gabriel@thullen.com escribió:
I am also a Linux advocate, and have been so for years (decades?). That been said, I imagine that there are still more people using Windows XP than there are people using Linux. Last time I checked (october 2017) it was something like 5% using XP and less than 1% using linux, all distros included. We can safely predict that virus outvreaks will be a problem for linux once it reaches 5% or 10% market share...
Gabe
On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa shabab.mustafa@gmail.com wrote:
I have been a Linux advocate for almost a decade now and from 'my past experience', I can tell you have opened a topic of a huge discussion
about
people should switch to Linux Desktops (which is off-topic here). But I respectfully disagree with your statement, "anti-virus programs usually
do
more harm than good".
From a conservative viewpoint, some protection is still better to have
than
no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a weaker point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org
wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours
warning
you
of "Multiple failed attempts to log in" with your account. I wanted
to
let
you know that the Wikimedia Foundation's Security team is aware of
the
situation, and working with others in the organization on steps to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized
access
to
random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number
of
accounts which we believe have been compromised.
While we are constantly looking at improvements to our security
systems
and
processes to offset the impact of malicious efforts such as these,
the
best
method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the
past
to support things like stronger password requirements,[1] and we
continue
to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your
passwords,[2]
actively running antivirus software on your systems, and keeping your system software up to date.
From my experience, anti-virus programs usually do more harm than good.
For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
blocked
my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance
to
malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should
use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report back
if
we
notice any concerning changes. If you have any questions, please
contact
the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no one
there
to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post -
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Hi,
On Mon, 07 May 2018 13:20:22 +0000 Eduardo Testart etestart@gmail.com wrote:
Shlomi,
I believe that the problem is with your particular brand of antivirus, eventhough they all block a bit more or less to prevent certain risks.
Nevertheless, making an extrapolation to every antivirus from the experience with only one brand, and concluding "they do more harm than good" based on that, seems a bit off.
this was just one example. I have heard of many similar problems with others. Just try subscribing to gimp-user ( https://www.gimp.org/mail_lists.html ) or chatting on freenode for a while and you will see.
Cheers!
El lun., may. 7, 2018 10:02, Gabriel Thullen gabriel@thullen.com escribió:
I am also a Linux advocate, and have been so for years (decades?). That been said, I imagine that there are still more people using Windows XP than there are people using Linux. Last time I checked (october 2017) it was something like 5% using XP and less than 1% using linux, all distros included. We can safely predict that virus outvreaks will be a problem for linux once it reaches 5% or 10% market share...
Gabe
On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa shabab.mustafa@gmail.com wrote:
I have been a Linux advocate for almost a decade now and from 'my past experience', I can tell you have opened a topic of a huge discussion
about
people should switch to Linux Desktops (which is off-topic here). But I respectfully disagree with your statement, "anti-virus programs usually
do
more harm than good".
From a conservative viewpoint, some protection is still better to have
than
no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a weaker point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org
wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours
warning
you
of "Multiple failed attempts to log in" with your account. I wanted
to
let
you know that the Wikimedia Foundation's Security team is aware of
the
situation, and working with others in the organization on steps to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized
access
to
random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number
of
accounts which we believe have been compromised.
While we are constantly looking at improvements to our security
systems
and
processes to offset the impact of malicious efforts such as these,
the
best
method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the
past
to support things like stronger password requirements,[1] and we
continue
to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your
passwords,[2]
actively running antivirus software on your systems, and keeping your system software up to date.
From my experience, anti-virus programs usually do more harm than good.
For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
blocked
my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance
to
malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should
use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report back
if
we
notice any concerning changes. If you have any questions, please
contact
the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no one
there
to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post -
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Hi Gabriel,
On Mon, 7 May 2018 14:02:44 +0100 Gabriel Thullen gabriel@thullen.com wrote:
I am also a Linux advocate, and have been so for years (decades?). That been said, I imagine that there are still more people using Windows XP than there are people using Linux. Last time I checked (october 2017) it was something like 5% using XP and less than 1% using linux, all distros included. We can safely predict that virus outvreaks will be a problem for linux once it reaches 5% or 10% market share...
Most linux viruses have never outbroke and never caused much harm. Linux can be susceptible to other forms of malware such as worms or rootkits, but it hasyet to exhibit a large scale virus epidemic and it isnt because it wasn't tried. Linux is an attractive target because many servers run on it. See also https://duckduckgo.com/?q=linux+viruses&ia=web
Regards,
Shlomi
Gabe
On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa shabab.mustafa@gmail.com wrote:
I have been a Linux advocate for almost a decade now and from 'my past experience', I can tell you have opened a topic of a huge discussion about people should switch to Linux Desktops (which is off-topic here). But I respectfully disagree with your statement, "anti-virus programs usually do more harm than good".
From a conservative viewpoint, some protection is still better to have than no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a weaker point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning
you
of "Multiple failed attempts to log in" with your account. I wanted to
let
you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from our systems. That means it is an external effort to gain unauthorized
access
to
random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small number of accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems
and
processes to offset the impact of malicious efforts such as these, the
best
method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in the
past
to support things like stronger password requirements,[1] and we
continue
to encourage everyone to take some routine steps to maintain a secure computer and account. That includes regularly changing your
passwords,[2]
actively running antivirus software on your systems, and keeping your system software up to date.
From my experience, anti-virus programs usually do more harm than good.
For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance to malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should
use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report back if
we
notice any concerning changes. If you have any questions, please
contact
the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no one
there
to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post - http://shlom.in/reply
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
"Imagine a world, where all windows installations have turned off their antivirus protection"!
Regards, Thyge
Den man. 7. maj 2018 kl. 17.09 skrev Shlomi Fish shlomif@shlomifish.org:
Hi Gabriel,
On Mon, 7 May 2018 14:02:44 +0100 Gabriel Thullen gabriel@thullen.com wrote:
I am also a Linux advocate, and have been so for years (decades?). That been said, I imagine that there are still more people using Windows XP
than
there are people using Linux. Last time I checked (october 2017) it was something like 5% using XP and less than 1% using linux, all distros included. We can safely predict that virus outvreaks will be a problem
for
linux once it reaches 5% or 10% market share...
Most linux viruses have never outbroke and never caused much harm. Linux can be susceptible to other forms of malware such as worms or rootkits, but it hasyet to exhibit a large scale virus epidemic and it isnt because it wasn't tried. Linux is an attractive target because many servers run on it. See also https://duckduckgo.com/?q=linux+viruses&ia=web
Regards,
Shlomi
Gabe
On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <shabab.mustafa@gmail.com
wrote:
I have been a Linux advocate for almost a decade now and from 'my past experience', I can tell you have opened a topic of a huge discussion
about
people should switch to Linux Desktops (which is off-topic here). But I respectfully disagree with your statement, "anti-virus programs
usually do
more harm than good".
From a conservative viewpoint, some protection is still better to have
than
no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a weaker point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org
wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning
you
of "Multiple failed attempts to log in" with your account. I
wanted to
let
you know that the Wikimedia Foundation's Security team is aware of
the
situation, and working with others in the organization on steps
to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from
our
systems. That means it is an external effort to gain unauthorized
access
to
random accounts. These types of efforts are increasingly common for websites of our reach. A vast majority of these attempts have been unsuccessful, and we are reaching out personally to the small
number of
accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems
and
processes to offset the impact of malicious efforts such as these,
the
best
method of prevention continues to be the steps each of you take to safeguard your accounts. Because of this, we have taken steps in
the
past
to support things like stronger password requirements,[1] and we
continue
to encourage everyone to take some routine steps to maintain a
secure
computer and account. That includes regularly changing your
passwords,[2]
actively running antivirus software on your systems, and keeping
your
system software up to date.
From my experience, anti-virus programs usually do more harm than
good.
For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
blocked
my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor
resistance to
malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are
the
reasons why I cannot recommend running it as a desktop, and instead one
should
use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report
back if
we
notice any concerning changes. If you have any questions, please
contact
the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
[1] https://meta.wikimedia.org/wiki/Password_strength_requirements [2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no
one
there
to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post -
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://youtu.be/xZLwtc9x4yA - Anime in Real Life!! (Parody)
E‐mail, web feeds, and doing something productive — choose two.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
The main reason we have virus outbreaks is the way a lot of users click on email attachments and on programs they have just downloaded from the net. Users are warned time and time again, but they do it anyway. Once we get a large enough base of desktop linux users, we will have the same problems.
We are safe for now...
On Mon, May 7, 2018 at 5:53 PM, Thyge ltl.privat@gmail.com wrote:
"Imagine a world, where all windows installations have turned off their antivirus protection"!
Regards, Thyge
Den man. 7. maj 2018 kl. 17.09 skrev Shlomi Fish shlomif@shlomifish.org:
Hi Gabriel,
On Mon, 7 May 2018 14:02:44 +0100 Gabriel Thullen gabriel@thullen.com wrote:
I am also a Linux advocate, and have been so for years (decades?). That been said, I imagine that there are still more people using Windows XP
than
there are people using Linux. Last time I checked (october 2017) it was something like 5% using XP and less than 1% using linux, all distros included. We can safely predict that virus outvreaks will be a problem
for
linux once it reaches 5% or 10% market share...
Most linux viruses have never outbroke and never caused much harm. Linux can be susceptible to other forms of malware such as worms or rootkits, but it hasyet to exhibit a large scale virus epidemic and it isnt because it wasn't tried. Linux is an attractive target because many servers run on it. See also https://duckduckgo.com/?q=linux+viruses&ia=web
Regards,
Shlomi
Gabe
On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <
shabab.mustafa@gmail.com
wrote:
I have been a Linux advocate for almost a decade now and from 'my
past
experience', I can tell you have opened a topic of a huge discussion
about
people should switch to Linux Desktops (which is off-topic here).
But I
respectfully disagree with your statement, "anti-virus programs
usually do
more harm than good".
From a conservative viewpoint, some protection is still better to
have
than
no protection at all. And the example you gave here, an anti-virus mistakenly classified your domain as a potential threat, makes a
weaker
point. By a few mistakes, we cannot cancel out a million of other successes. A false alarm is yet favourable than no alarm at all.
Shabab Mustafa President Wikimedia Bangladesh
On Mon, May 7, 2018 at 5:56 PM Shlomi Fish shlomif@shlomifish.org
wrote:
On Thu, 3 May 2018 19:27:16 -0500 John Bennett jbennett@wikimedia.org wrote:
Hello,
Many of you may have been receiving emails in the last 24 hours warning
you
of "Multiple failed attempts to log in" with your account. I
wanted to
let
you know that the Wikimedia Foundation's Security team is aware
of
the
situation, and working with others in the organization on steps
to
decrease
the success of attacks like these.
The exact source is not yet known, but it is not originating from
our
systems. That means it is an external effort to gain unauthorized
access
to
random accounts. These types of efforts are increasingly common
for
websites of our reach. A vast majority of these attempts have
been
unsuccessful, and we are reaching out personally to the small
number of
accounts which we believe have been compromised.
While we are constantly looking at improvements to our security systems
and
processes to offset the impact of malicious efforts such as
these,
the
best
method of prevention continues to be the steps each of you take
to
safeguard your accounts. Because of this, we have taken steps in
the
past
to support things like stronger password requirements,[1] and we
continue
to encourage everyone to take some routine steps to maintain a
secure
computer and account. That includes regularly changing your
passwords,[2]
actively running antivirus software on your systems, and keeping
your
system software up to date.
From my experience, anti-virus programs usually do more harm than
good.
For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
blocked
my entire shlomifish.org domain because it apparently misclassified
an
executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor
resistance to
malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are
the
reasons why I cannot recommend running it as a desktop, and instead one
should
use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
similar.
A little off topic perhaps, but needs to be said.
My team will continue to investigate this incident, and report
back if
we
notice any concerning changes. If you have any questions, please
contact
the Support and Safety team (susa{{@}}wikimedia.org).
John Bennett Director of Security, Wikimedia Foundation
requirements
[2] https://meta.wikimedia.org/wiki/Special:ChangePassword _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
--
Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/
If a tree falls down in the middle of the forest, and there’s no
one
there
to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge
Please reply to list if it's a mailing list post -
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
--
Shlomi Fish http://www.shlomifish.org/ http://youtu.be/xZLwtc9x4yA - Anime in Real Life!! (Parody)
E‐mail, web feeds, and doing something productive — choose two.
Please reply to list if it's a mailing list post - http://shlom.in/reply
.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/ wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
wikimedia-l@lists.wikimedia.org