[WikiJA-l] Fwd: [Foundation-l] Password security notes

Aphaia aphaia @ gmail.com
2007年 5月 7日 (月) 23:55:07 UTC


おはようございます、
jawiki の井戸端 (告知) に書いた enwiki でのパスワードクラックと注意勧告の件の詳細です。

英語版ウィキペディアの管理者のなかには "password"
や自分のアカウント名をパスワードにしていた方もいたそうですが、そのような弱いパスワードをお使いの方が万一おられた場合は、変更を強くおすすめします。

とくに管理者の方はパスワードの管理に一層ご留意ください。

---------- Forwarded message ----------
From: Brion Vibber <brion @ wikimedia.org>
Date: May 8, 2007 7:17 AM
Subject: [Foundation-l] Password security notes
To: Wikimedia developers <wikitech-l @ lists.wikimedia.org>
Cc: wikipedia-l @ lists.wikimedia.org, Wikimedia Foundation Mailing List
<foundation-l @ lists.wikimedia.org>, wikien-l @ lists.wikimedia.org


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As noted in other threads on several mailing lists, a few admin accounts
on en.wikipedia have been compromised recently, used to vandalize
high-traffic protected pages.

We're starting to roll out some additional protections against
password-guessing attacks, including but not limited to:

* Additional logging to better detect dictionary-style attacks

* Speed-bump measures against multiple failed logins
[But not that should DoS legitimate users. The traditional "lock out the
account after three tries" would make it trivial to lock out all the
site's sysops -- not wise. :)]

* Weak-password checks on existing sysops on our largest sites. Several
accounts have had their weak passwords invalidated and will need to
reset by mail before logging in again.

* Several targeted blocks against known cracking attempts.


Over the coming days we will additionally be rolling out more automated
password-strength checkers at login / set-password / change-password
time to reduce the danger of guessable passwords.


Please distribute this information as appropriate to your local
projects/languages.

- -- brion vibber (brion @ wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGP6WDwRnhpk1wk44RApO6AJ9q8MXXhYbVAT9+YoTOZgFwv56YbwCdH2MU
ysd+CDuI1knUHJaD1jd8wUo=
=FGTh
-----END PGP SIGNATURE-----

_______________________________________________
foundation-l mailing list
foundation-l @ lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/foundation-l


-- 
KIZU Naoko
  Wikiquote: http://wikiquote.org
  * habent enim emolumentum in labore suo *



WikiJA-l メーリングリストの案内