Anthony wrote:
It does not involve generating hash collisions, but it involves finding various bugs in mediawiki and using them to vandalise, often by injecting javascript. The best description I could find was at Encyclopedia Dramatica, which seems to be taken down (there's a cache if you do a google search for "grawp wikipedia"). There's also a description at http://en.wikipedia.org/wiki/User:Grawp , which does not do justice to the "mad hacker skillz" of this individual and his intent on finding bugs in mediawiki and exploiting them.
Say what? Being able to inject js is a very serious vulnerability. If he's doing this, why haven't I seen any security releases triggered by a vandal finding an XSS? has no one reported it?
The pages you link to seem to indicate he's nothing more than a willy-on-wheels type vandal, who at worst tricked an admin into doing a delete of a page with a very high number of revisions making the server kittens cry for a moment. There's no indication he has "mad hacker skillz" in any way or form (and given the tone of that Encyclopedia Dramatica page, I assume they'd be bragging about it if he did).
-bawolff