Hoi, I am sure that the wiki attitude will save the day.. Someone will just fix it ..
Well spotted :) Thanks, GerardM
On 6/6/07, David Gerard dgerard@gmail.com wrote:
http://www.0x000000.com/?i=330
- d.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
David Gerard wrote:
Hm, this guy talks about what you should or shouldn't do, but has he actually found an actual vulnerability in Wikipedia or MediaWiki?
Timwi wrote:
David Gerard wrote:
Hm, this guy talks about what you should or shouldn't do, but has he actually found an actual vulnerability in Wikipedia or MediaWiki?
No. If he did, there's no doubt he'd blurt it out on his blog before he finished his coffee. But I doubt he has the competence to find such a thing.
He just found some script files that I deliberately made public. Originally they were only available there, but eventually I committed them to svn as well. Next he'll be reporting that he can edit the wiki.
-- Tim Starling
/me wonders if this script was added by Wikimedia.
[TXT] 0x000000 06-Jun-2007 14:23 4
On 06/06/07, Tim Starling tstarling@wikimedia.org wrote:
Timwi wrote:
David Gerard wrote:
Hm, this guy talks about what you should or shouldn't do, but has he actually found an actual vulnerability in Wikipedia or MediaWiki?
No. If he did, there's no doubt he'd blurt it out on his blog before he finished his coffee. But I doubt he has the competence to find such a thing.
He just found some script files that I deliberately made public. Originally they were only available there, but eventually I committed them to svn as well. Next he'll be reporting that he can edit the wiki.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Oh, I thought that that website had hacked Wikimedia. Obviously I misunderstood the article.
On 06/06/07, Tim Starling tstarling@wikimedia.org wrote:
Robert Leverington wrote:
/me wonders if this script was added by Wikimedia.
[TXT] 0x000000 06-Jun-2007 14:23 4
I added it, of course. Who did you think it was? I wanted to make the blog readers feel welcome.
-- Tim Starling
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l
Robert Leverington wrote:
On 06/06/07, Tim Starling tstarling@wikimedia.org wrote:
Robert Leverington wrote:
/me wonders if this script was added by Wikimedia.
[TXT] 0x000000 06-Jun-2007 14:23 4
I added it, of course. Who did you think it was? I wanted to make the blog readers feel welcome.
Oh, I thought that that website had hacked Wikimedia. Obviously I misunderstood the article.
I put our secret site password in the directory as well. Now all they have to do is work out how to use it.
-- Tim Starling
On Wed, Jun 06, 2007 at 03:52:06PM +0100, Tim Starling wrote:
Robert Leverington wrote:
/me wonders if this script was added by Wikimedia.
[TXT] 0x000000 06-Jun-2007 14:23 4
I added it, of course. Who did you think it was? I wanted to make the blog readers feel welcome.
C|N>K
Thanks.
Cheers, -- jr 'really' a
On 6/6/07, Tim Starling tstarling@wikimedia.org wrote:
to svn as well. Next he'll be reporting that he can edit the wiki.
Hmm .. reading through his blog, I don't see *any* vulnerabilities he has discovered -- he reported a couple that were already known, but never anything original. How did this blog even get known?
On 06/06/07, Daniel Cannon cannon.danielc@gmail.com wrote:
On 6/6/07, Tim Starling tstarling@wikimedia.org wrote:
to svn as well. Next he'll be reporting that he can edit the wiki.
Hmm .. reading through his blog, I don't see *any* vulnerabilities he has discovered -- he reported a couple that were already known, but never anything original. How did this blog even get known?
It came up in today's Google blogsearch trawl on "wikipedia".
- d.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Moin,
On Wednesday 06 June 2007 16:15:48 Tim Starling wrote:
Timwi wrote:
David Gerard wrote:
Hm, this guy talks about what you should or shouldn't do, but has he actually found an actual vulnerability in Wikipedia or MediaWiki?
No. If he did, there's no doubt he'd blurt it out on his blog before he finished his coffee. But I doubt he has the competence to find such a thing.
He just found some script files that I deliberately made public. Originally they were only available there, but eventually I committed them to svn as well. Next he'll be reporting that he can edit the wiki.
Tim,
you owe me a new keyboard (actually, an old, vintage CHERRY MX 3000M) and a monitor cleaning kit...
*still laughing*
Tels
- -- Signed on Wed Jun 6 17:33:07 2007 with key 0x93B84C15. Get one of my photo posters: http://bloodgate.com/posters PGP key on http://bloodgate.com/tels.asc or per email.
┌───────┬─────┬───┬───────────────┬─────┬─────────┬───┬─┐ ├─────╴ │ ╷ ╶─┘ ╷ ╵ ╶─┬───┬───┐ ╷ └─╴ ╷ └─┬─╴ ┌─╴ │ ╷ │ │ │ ┌─┬───┴─┴─┐ ╶─┼───┐ ╵ ╷ ╵ ┌─┘ ├─────┴─╴ │ ┌─┘ ┌─┘ │ ╵ │ │ │ ╵ ╶─┐ ╷ └─┐ │ ╷ │ ┌─┴─┬─┘ ┌─┤ ┌─────┬─┘ │ ╶─┴─╴ ├─╴ │ │ └─┐ ┌─┘ ├─╴ ├─┘ │ └─┘ ╷ │ ┌─┘ │ ╵ ┌─╴ │ ╷ └───┬───┤ ╶─┤ ├─╴ └─┘ ┌─┘ ╶─┘ ┌─┴─────┘ ╵ │ ╶─┴───┘ ╶─┴─┴───╴ │ ╶─┴─╴ │ └───────┴───────┴───────────┴───────────────────┴───────┘
wikitech-l@lists.wikimedia.org