FYI.
---------- Forwarded message ----------
From: Erik Moeller <erik(a)wikimedia.org>
Date: Wed, Oct 2, 2013 at 10:56 PM
Subject: Notification about Wikimedia user account security issue
To: Wikimedia Mailing List <wikimedia-l(a)lists.wikimedia.org>
See also:
https://meta.wikimedia.org/wiki/October_2013_private_data_security_issue
On October 1, 2013, we learned about an implementation error that made
private user information (specifically, user email addresses, password
hashes, session tokens, and last login timestamp) for approximately
37,000 Wikimedia project users accessible to volunteers with access to
the Wikimedia "LabsDB" infrastructure.
LabsDB, launched in May 2013, is designed to give volunteers the
ability to write tools and generate reports that make use of data from
our databases in real-time. This supports bottom-up innovation by the
Wikimedia community. As part of this process, private data is
automatically redacted before volunteers are given access to the data.
Unfortunately, for some of Wikimedia’s wikis[1], the database triggers
used to redact private data failed to take effect due to a schema
incompatibility, and LabsDB users had access to private user data for
some user accounts in these specific wiki databases. As of October 1,
228 users have access to LabsDB, and the window of availability of
this data was May 29, 2013 to October 1, 2013.
This issue was discovered and reported by a trusted volunteer, and
access to the data in question was revoked within 15 minutes of the
report. We have no evidence to suggest that the private data in
question was exported in bulk or used for malicious purposes, but we
cannot definitively exclude the possibility. As a precautionary
measure, we have invalidated all affected user sessions, and are
requiring affected users to change their password on their next login.
We have also sent an email notification to affected users with a
confirmed email address.
We regret this mistake. LabsDB is still a new part of our
infrastructure, and we will fully audit the redaction process, so as
to minimize any risk of a future mistake of this nature.
Sincerely,
Erik Moeller
Vice President of Engineering & Product Development
Contact information
Should you have any questions, please contact us via email to:
accountsecurity(a)wikimedia.org
You can also reach the Wikimedia Foundation at:
Wikimedia Foundation, Inc.
149 New Montgomery Street
Floor 6
San Francisco, CA 94105
United States
Phone: +1-415-839-6885
Fax: +1-415-882-0495
[1] List of affected databases: aswikisource bewikisource dewikivoyage
elwikivoyage enwikivoyage eswikivoyage frwikivoyage guwikisource
hewikivoyage itwikivoyage kowikiversity lezwiki loginwiki minwiki
nlwikivoyage plwikivoyage ptwikivoyage rowikivoyage ruwikivoyage
sawikiquote slwikiversity svwikivoyage testwikidatawiki tyvwiki
ukwikivoyage vecwiktionary votewiki wikidatawiki wikimania2013wiki
wikimania2014wiki
--
Erik Möller
VP of Engineering and Product Development, Wikimedia Foundation
--
Erik Möller
VP of Engineering and Product Development, Wikimedia Foundation
Hi folks,
As you know, in July 2012 the Wikimedia Foundation Board of Trustees asked
me to set up the Funds Dissemination Committee, a volunteer-driven advisory
committee created to make recommendations to the Board allocating funds for
chapters and other Wikimedia movement entities. I did that, and the FDC has
now been fully operational for a little more than a year.
As part of the FDC framework, I committed that after the FDC’s first year
of operation I would create a report for the Board that documented the
state of the FDC at that moment in time, and told the Board about any
revisions we had made to the process as a result of stakeholder input
during its first year.
The purpose of this note is to tell you that report is now posted. It’s
here:
https://meta.wikimedia.org/wiki/FDC_portal/Annual_report_on_the_Funds_Disse…
If you’ve got comments on the report I’d suggest that rather than replying
to this list, you leave them on the talk page. And, my thanks to everyone
who contributed to the FDC's first year of operations, and also to the
report :-)
Thanks,
Sue
Hi all,
the new bulletin from Wikimedia Italia (#59) is available. This time
we write about Wiki Loves Monuments 2013, VisualEditor, new international
positions held by our members and future appointments.
As usual a link has been added to meta, at
Wikimedia_chapters/Reports/Wikimedia_Italia ; more-or-less raw text of
the bulletin follows below.
ciao, .mau.
(p.s.: for the curious, # 57 and # 58 exist, but they were not translated.
Sooner or later we will add them)
=-=-=-=-=-=-=-=-=-=-=== Wiki Loves Monuments 2013 ==
Sunday, September 1, [http://www.wikilovesmonuments.org/ Wiki Loves
Monuments 2013] officially began. The photo competition is open to
everybody who wants to help illustrate Wikipedia and enhance the world
cultural heritage. The competition kicks off with the figures of the
important achievements in the previous year ('''353,768 images''' received
, '''more than 15,000 people''' involved) and with its recognition as
'''"World's largest Photo Contest"''', as awarded by the Guinness Book of
World Records in 2012 (as in 2011).
In this issue there are news at the international level: 48 countries have
joined, including several new entries, such as England, Armenia and
Antarctica. We point out that you can follow
[http://wikizabytki.pl/stats/online ] the evolution of the competition
nation to nation; number
enthusiasts should also not miss [
http://toolserver.org/~emijrp/wlm/stats.php the sites ] with even more
detailed statistics.
'''In Italy''' we have received 13 sponsorships; more than 120
municipalities, associations and individuals have freed their cultural
heritage for the competition, so that at this moment '''971''' monuments
may be photographed (and the number [
http://www.wikilovesmonuments.it/monumenti/lista-monumenti/ steadily
increases]).
Here's what our president said , [[:it:w:Utente:Frieda|Frieda Brioschi]],
on the occasion of the launch: "''Since its beginning, Wiki Loves Monuments
had a huge success throughout the world, because the protection of artistic
and cultural heritage of the entire planet is an issue really felt. We
Italians are always sensitive to these issues, because we appreciate art
and culture also as valuable resources for our country, as well as the
pillars of world history. I am however very sorry that besides the
unconditional support of WWF, regions and some superintendences, major
entities as MIBAC [the Italian ministry for cultural heritage], FAI [Fondo
Ambiente Italiano] and Italia Nostra systematically ignored the numerous
attempts on our part to engage them. The aim of our project seems perfectly
aligned with their charters; we should put our forces together, for a cause
that has as its sole purpose the promotion of an immense heritage''."
==Visual Editor: What's the story ==
As we already announced in previous issues of WMINews, from the end of July
2013 a new editing interface for modifying Wikipedia entries, called [
https://it.wikipedia.org/wiki/Wikipedia:VE VisualEditor] (VE), is active.
VisualEditor looks like a simple word processing program and does not
require any knowledge of wikisyntax. [[:it:w:Utente:Elitre_ 28WMF%
29%|Elitre]] is the contact person working with the Wikimedia Foundation to
facilitate the introduction of the new instrument in the Italian community.
We asked her how things are going after about a month, and how
Italian-speaking Wikipedians react. We learn that bugfixing is going on,
new features are being introduced and that even many "historical" users
accustomed to the classic mode of writing are using VisualEditor, and they
are tirelessly helping to improve it with their advice. From a look at the
Recent changes, however, is immediately apparent that, as expected,
contributors using VisualEditor are mostly anonymous and newly registered
users, thanks to its intuitive interface.
Information:
* To contact Elitre, you can write at
https://it.wikipedia.org/wiki/Discussioni_utente:Elitre_(WMF).
* You can subscribe to aperiodic updates (in Italian) and consult the back
issues starting from [
https://it.wikipedia.org/wiki/Wikipedia:VisualEditor/Cosa_cambia#Posso_rice…
page]
* For the latest news (in English) you can always refer to [
https://www.mediawiki.org/wiki/VisualEditor/status this link].
Curiosities:
* [[:it:w:Utente:Jacopo_Werther|Jacopo Werther]] received a barnstar as
"the first user to create 10 voices on it.wikipedia.org using VisualEditor"
* We are collecting [
https://it.wikipedia.org/wiki/Wikipedia:VisualEditor/Cosa_cambia#Dicono_di_…]
on the characteristics of VisualEditor that the Italian community
prefers. Did you already share yours?
== Wikimedia Italia members contributing to international boards ==
[[:it:w:Utente:Frieda|Frieda Brioschi]]'' (President of Wikimedia Italia)''
has become part of the
[http://meta.wikimedia.org/wiki/GAC#Current_membersGrant Advisory
Committee], the commission made up of volunteers who help
the Wikimedia Foundation in allocating funding.
[[:it:w:Utente:Aubrey|Andrea Zanni]]'' (Head of projects for Wikimedia
Italia)'' announced that a [
https://lists.wikimedia.org/mailman/listinfo/openaccess new international
mailing list] (in English) was born. The list is about Open Access to
scientific literature. Zanni says: "If you're a librarian, a researcher, a
hacker or just a lover of free culture, join us! We'll reflect together on
how to make concrete the research and science of the commons goods ".
== Future appointments ==
Here there are the appointements involving Wikimedia Italia this month. For
the complete calendar, look at
Vi ricordiamo qui gli eventi che coinvolgeranno Wikimedia Italia nell'arco
del prossimo mese, per il calendario completo vi invitiamo
[[Diario_di_bordo|Diario di Bordo]] on our site.
* Grosseto, 16-17 September; Scandicci, 23-24 September: [
http://www.aib.it/struttura/sezioni/toscana/2013/35639-biblioteche-toscane-…
about Wikipedia for librarians and users] during [
http://www.aib.it/attivita/bibliopride/bibliopride2013/'''Bibliopride2013'''],
promoted by the Tuscany Section of AIB (Italian
Library Association).
* 4-5-6 October, Rovereto (TN): [http://conf.openstreetmap.it Annual
Conference] of the Italian community of OpenStreetMap.
* 5 October, Florence: Wikimedia Italy participates in the [
http://www.aib.it/attivita/bibliopride/bibliopride2013/ National Day of
Libraries - Bibliopride 2013].
== Flash news ==
[[File:TESSERA 2013.png|150px|left|]] 2013 member cards are arriving into
the homes of all members of Wikimedia Italia. If you are not yet registered
you can do so by following the directions found [[Iscrizioni|on the site]],
while if you need to communicate a change in your address this is the right
time (write to segreteria(a)wikimedia.it).
''(Member card assembled by Jollyroger - Picture of Nicola D'Orta,
cc-by-sa).''