Anthony wrote:
It does not involve generating hash collisions, but it
involves
finding various bugs in mediawiki and using them to vandalise, often
by injecting javascript. The best description I could find was at
Encyclopedia Dramatica, which seems to be taken down (there's a cache
if you do a google search for "grawp wikipedia"). There's also a
description at
http://en.wikipedia.org/wiki/User:Grawp , which does
not do justice to the "mad hacker skillz" of this individual and his
intent on finding bugs in mediawiki and exploiting them.
Say what? Being able to inject js is a very serious vulnerability. If
he's doing this, why haven't I seen any security releases triggered by
a vandal finding an XSS? has no one reported it?
The pages you link to seem to indicate he's nothing more than a
willy-on-wheels type vandal, who at worst tricked an admin into doing
a delete of a page with a very high number of revisions making the
server kittens cry for a moment. There's no indication he has "mad
hacker skillz" in any way or form (and given the tone of that
Encyclopedia Dramatica page, I assume they'd be bragging about it if
he did).
-bawolff