Anthony wrote:
It does not involve generating hash collisions, but it involves finding various bugs in mediawiki and using them to vandalise, often by injecting javascript. The best description I could find was at Encyclopedia Dramatica, which seems to be taken down (there's a cache if you do a google search for "grawp wikipedia"). There's also a description at http://en.wikipedia.org/wiki/User:Grawp , which does not do justice to the "mad hacker skillz" of this individual and his intent on finding bugs in mediawiki and exploiting them.
Say what? Being able to inject js is a very serious vulnerability. If he's doing this, why haven't I seen any security releases triggered by a vandal finding an XSS? has no one reported it?
The pages you link to seem to indicate he's nothing more than a willy-on-wheels type vandal, who at worst tricked an admin into doing a delete of a page with a very high number of revisions making the server kittens cry for a moment. There's no indication he has "mad hacker skillz" in any way or form (and given the tone of that Encyclopedia Dramatica page, I assume they'd be bragging about it if he did).
-bawolff
On Sun, Sep 18, 2011 at 7:07 PM, bawolff bawolff+wn@gmail.com wrote:
Anthony wrote:
It does not involve generating hash collisions, but it involves finding various bugs in mediawiki and using them to vandalise, often by injecting javascript. The best description I could find was at Encyclopedia Dramatica, which seems to be taken down (there's a cache if you do a google search for "grawp wikipedia"). There's also a description at http://en.wikipedia.org/wiki/User:Grawp , which does not do justice to the "mad hacker skillz" of this individual and his intent on finding bugs in mediawiki and exploiting them.
Say what? Being able to inject js is a very serious vulnerability. If he's doing this, why haven't I seen any security releases triggered by a vandal finding an XSS? has no one reported it?
I have no idea. How long have you been reading the release notes? This was a few years ago that this happened to me, and the software I was using was probably a year or two old.
I didn't investigate into the details of the bug. I didn't have the time to do that, which is why I just took the site down rather than bother.
The pages you link to seem to indicate he's nothing more than a willy-on-wheels type vandal, who at worst tricked an admin into doing a delete of a page with a very high number of revisions making the server kittens cry for a moment. There's no indication he has "mad hacker skillz" in any way or form (and given the tone of that Encyclopedia Dramatica page, I assume they'd be bragging about it if he did).
As I said, I couldn't find a page which described it in detail. Maybe if you look at archive.org?
On Sun, Sep 18, 2011 at 7:20 PM, Anthony wikimail@inbox.org wrote:
On Sun, Sep 18, 2011 at 7:07 PM, bawolff bawolff+wn@gmail.com wrote:
Anthony wrote: The pages you link to seem to indicate he's nothing more than a willy-on-wheels type vandal, who at worst tricked an admin into doing a delete of a page with a very high number of revisions making the server kittens cry for a moment. There's no indication he has "mad hacker skillz" in any way or form (and given the tone of that Encyclopedia Dramatica page, I assume they'd be bragging about it if he did).
As I said, I couldn't find a page which described it in detail. Maybe if you look at archive.org?
By the way, my comment about "mad hacker skillz" was meant to be sarcastic. The term "script kiddie" is probably more accurate.
I don't know how the person did it. I don't know whether they were *the* Grawp or just a copycat. I don't know if they found a parsing bug, or they found a backdoor through a default password, or if they hacked my account password (*). I even don't know if it was javascript or style sheets or gabagool or whatever the hell. All I know is that he fucked up my site so bad I didn't know how to fix it (other than restoring the database, which I didn't feel like doing). I asked someone to take a look at the site, and he said I was attacked by Grawp and I needed to upgrade my Mediawiki. At that point I said "fuck it, I'm just going to host a few pages at Knol, and just take down the rest".
(*) I believe it was the former, though, because when I looked at the database the page edits were made by a regular user, not by me, and not by a special account.
And all of this is irrelevant. Generating an MD5 collision does not in any way involve "mad hacker skillz".
wikitech-l@lists.wikimedia.org