I need advice, or concrete help, concerning a technical matter. I have been abroad for the past four days, and have been accessing Wikipedia from internet cafes. When I log on, I of course have avoided checking the box that asks if I want the computer to remember by password across sessions. Nevertheless, I have just discovered that the computers I have been using now long me on automatically. I do not really care that someone might end up using my own user name in the future, we can sort it out then. But since I am a sysop I am very concerned about the potential security breach. Anyone going to Wikipedia from this terminal, it seems, will automatically log on as me, and have the ability to delete pages and ban users.
I regret the potential problems this can cause Wikipedia; all I can say is I do not know what went wrong.
Is there a way to make sure that the terminals I have used in the last four days will not log on automatically to my username? What can I do the next time I weant to log on, to make sure that the next user of the terminal will not be able to log on automatically? As I said, I did not check the box, and I didnt see anything under my user preferences or settings that would ensure that I would NOT log on automatically.
I know this is my responsibility, but I am leaving for my field-site tomorrow and will probably not have access to the internet. If someone understands what happened and can fix it, I would appreciate it if they would. In any event, I will have internet access again in a couple of weeks and want to make sure I dont create the same problem...
Steve Rubenstein
Nevertheless, I have just discovered that
the computers I have been using now long me on automatically. I do not really care that someone might end up using my own user name in the future, we can sort it out then.
But since I am a sysop I am very concerned about the potential security breach. Anyone going to Wikipedia from this terminal, it seems, will automatically log on as me, and have the ability to delete pages and ban users.
Change your password - often, if you use public machines. Then the most imporant thing is to clean the cache afterward. Take an extra minute, shut down whatever browser used -- usually explorer.. and then restart it to make sure you cant get back on. This kind of thing happens with email all the time.. I can tell how many times Ive emailed people (from their own accounts) telling them to pull their pants up....:)
__________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
rubenste@ohio.edu wrote:
Is there a way to make sure that the terminals I have used in the last four days will not log on automatically to my username?
The only thing you can do now is to change your password.
In future, perhaps you should clear all the cookies after you have used a public computer. I do that too, even for site where I have no reason to believe such a security flaw exists.
Timwi
rubenste@ohio.edu wrote:
I need advice, or concrete help, concerning a technical matter. I have been abroad for the past four days, and have been accessing Wikipedia from internet cafes. When I log on, I of course have avoided checking the box that asks if I want the computer to remember by password across sessions. Nevertheless, I have just discovered that the computers I have been using now long me on automatically.
Are you sure of that? Note that when you log out (or let the session time out), any pages you've visited while logged in are still in your browser's cache.
If the page doesn't change by the next time you visit, the cached version will be displayed, with your name in the corner, but as far as the wiki is concerned, you're not logged in.
Note also that the wiki _does_ leave a cookie with your username when you log in, so when you come back it puts the last username you used in the login form (but not the password). If you're paranoid, clear the cookies manually when you're finished.
If it *is* automatically logging you in, that could be a problem. More information would help.
-- brion vibber (brion @ pobox.com)
wikipedia-l@lists.wikimedia.org