[WikiEN-l] Please change your passwords.

[Anthony]

On 5/8/07, Tim Starling <tstarling at wikimedia.org> wrote:
> Who are you calling unprofessional? The people who quickly, competently
> and comprehensively fixed the problem on the server side, or the people
> who jumped up and down on the lists and wikis about the need for everyone
> to change their passwords? I think you should make that clear.
>
I think he's talking about the fact that it was so easy to mass crack
passwords in the first place.

On April 26, Brion announced that an attacker was "mass-abusing
accounts with weak passwords"  Then, on or about May 6, an admin
account is cracked.  Doesn't seem like a quick, competent, and
comprehensive fix to me.

I'm not sure any individual in particular is to blame.  I suppose
Brion is supposed to be the one in charge of such things, but in my
opinion he doesn't have the staff or budget to do it.  Maybe he's the
one who has chosen to so much money on hardware and so little on
staff, but I suspect that's more a board thing.

I've suggested before that a lease of servers would make a lot more
sense than all those capital expenditures, and this is a good example
of why that's true.

Anthony