[Wikimedia-l] Information on "Multiple failed attempts to log in" emails

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Information on "Multiple failed attempts to log in" emails

John Bennett
Hello,

Many of you may have been receiving emails in the last 24 hours warning you
of "Multiple failed attempts to log in" with your account. I wanted to let
you know that the Wikimedia Foundation's Security team is aware of the
situation, and working with others in the organization on steps to decrease
the success of attacks like these.

The exact source is not yet known, but it is not originating from our
systems. That means it is an external effort to gain unauthorized access to
random accounts. These types of efforts are increasingly common for
websites of our reach. A vast majority of these attempts have been
unsuccessful, and we are reaching out personally to the small number of
accounts which we believe have been compromised.

While we are constantly looking at improvements to our security systems and
processes to offset the impact of malicious efforts such as these, the best
method of prevention continues to be the steps each of you take to
safeguard your accounts. Because of this, we have taken steps in the past
to support things like stronger password requirements,[1] and we continue
to encourage everyone to take some routine steps to maintain a secure
computer and account. That includes regularly changing your passwords,[2]
actively running antivirus software on your systems, and keeping your
system software up to date.

My team will continue to investigate this incident, and report back if we
notice any concerning changes. If you have any questions, please contact
the Support and Safety team (susa{{@}}wikimedia.org).

John Bennett
Director of Security, Wikimedia Foundation

[1] https://meta.wikimedia.org/wiki/Password_strength_requirements
[2] https://meta.wikimedia.org/wiki/Special:ChangePassword
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

Fæ
On 4 May 2018 at 01:27, John Bennett <[hidden email]> wrote:

> Hello,
>
> Many of you may have been receiving emails in the last 24 hours warning you
> of "Multiple failed attempts to log in" with your account. I wanted to let
> you know that the Wikimedia Foundation's Security team is aware of the
> situation, and working with others in the organization on steps to decrease
> the success of attacks like these.
>
> The exact source is not yet known, but it is not originating from our
> systems. That means it is an external effort to gain unauthorized access to
> random accounts. These types of efforts are increasingly common for
> websites of our reach. A vast majority of these attempts have been
> unsuccessful, and we are reaching out personally to the small number of
> accounts which we believe have been compromised.
>
> While we are constantly looking at improvements to our security systems and
> processes to offset the impact of malicious efforts such as these, the best
> method of prevention continues to be the steps each of you take to
> safeguard your accounts. Because of this, we have taken steps in the past
> to support things like stronger password requirements,[1] and we continue
> to encourage everyone to take some routine steps to maintain a secure
> computer and account. That includes regularly changing your passwords,[2]
> actively running antivirus software on your systems, and keeping your
> system software up to date.
>
> My team will continue to investigate this incident, and report back if we
> notice any concerning changes. If you have any questions, please contact
> the Support and Safety team (susa{{@}}wikimedia.org).
>
> John Bennett
> Director of Security, Wikimedia Foundation
>
> [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>

Thanks for the update.

Could you please follow up with a public report about incident and the
analysis. There is plenty of data available in the public domain, and
an awful lot of users have been affected, there seems no special
reason to keep the basic analysis a secret even if some
behind-the-scenes changes might need to remain unpublished. I have
raised this as a Phabricator ticket as a prompt.[1]

By the way, the Wikimedia user community is still waiting for the
promised report on the OurMine hack of 11th November 2016. Could you
get on with it please? Leaving users hanging for more than a year for
analysis to get published is not a good look for the WMF, it leaves us
wondering if this type of standard analysis gets done properly or
not.[2]

Links
1. https://phabricator.wikimedia.org/T193846 Publish analysis of
sustained login attack of 3 May 2018
2. https://phabricator.wikimedia.org/T150605 Publish an analysis of
the OurMine hack

Thanks
Fae
--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

Pine W
In reply to this post by John Bennett
Thanks, John. 
Fae, I suggest that we let the WMF folks who are working on this issue extinguish the current fire before asking them to write a report about a previous one. 
I agree that the report about the previous incident is overdue. Perhaps as the current situation becomes calmer (updated metrics and news would be nice to have on the public Phab tickets) some staff can be moved off of the front line and back to the archives.
Pine
( https://meta.wikimedia.org/wiki/User:Pine )
null
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

Nathan Awrich
I get hundreds of these a year (my user name, Nathan, seems to be a popular
target). It would nice to be able to use some sort of multi-factor
authentication, which is actually supported by OAUTH. However, it seems
most projects (including en.wp) restrict use to accounts with elevated
rights. Can anyone explain why these tools can't be made more widely
accessible?

On Sun, May 6, 2018 at 1:24 AM Pine W <[hidden email]> wrote:

> Thanks, John.
> Fae, I suggest that we let the WMF folks who are working on this issue
> extinguish the current fire before asking them to write a report about a
> previous one.
> I agree that the report about the previous incident is overdue. Perhaps as
> the current situation becomes calmer (updated metrics and news would be
> nice to have on the public Phab tickets) some staff can be moved off of the
> front line and back to the archives.
> Pine
> ( https://meta.wikimedia.org/wiki/User:Pine )
> null
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

[Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Shlomi Fish
In reply to this post by John Bennett
On Thu, 3 May 2018 19:27:16 -0500
John Bennett <[hidden email]> wrote:

> Hello,
>
> Many of you may have been receiving emails in the last 24 hours warning you
> of "Multiple failed attempts to log in" with your account. I wanted to let
> you know that the Wikimedia Foundation's Security team is aware of the
> situation, and working with others in the organization on steps to decrease
> the success of attacks like these.
>
> The exact source is not yet known, but it is not originating from our
> systems. That means it is an external effort to gain unauthorized access to
> random accounts. These types of efforts are increasingly common for
> websites of our reach. A vast majority of these attempts have been
> unsuccessful, and we are reaching out personally to the small number of
> accounts which we believe have been compromised.
>
> While we are constantly looking at improvements to our security systems and
> processes to offset the impact of malicious efforts such as these, the best
> method of prevention continues to be the steps each of you take to
> safeguard your accounts. Because of this, we have taken steps in the past
> to support things like stronger password requirements,[1] and we continue
> to encourage everyone to take some routine steps to maintain a secure
> computer and account. That includes regularly changing your passwords,[2]
> actively running antivirus software on your systems, and keeping your
> system software up to date.
>

From my experience, anti-virus programs usually do more harm than good. For
example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked my
entire shlomifish.org domain because it apparently misclassified an executable
download as problematic (and it was built from source using
https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor
so it is unlikely that that is the case.). MS Windows' poor resistance to
malware and the fact that Windows Update is so dysfunctional (see
http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons
why I cannot recommend running it as a desktop, and instead one should use
https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.

A little off topic perhaps, but needs to be said.

> My team will continue to investigate this incident, and report back if we
> notice any concerning changes. If you have any questions, please contact
> the Support and Safety team (susa{{@}}wikimedia.org).
>
> John Bennett
> Director of Security, Wikimedia Foundation
>
> [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> [hidden email] Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>


--
-----------------------------------------------------------------
Shlomi Fish       http://www.shlomifish.org/
http://www.shlomifish.org/open-source/projects/fortune-mod/

If a tree falls down in the middle of the forest, and there’s no one there to
hear it… what colour is the tree?
    — Monkey Island 2: LeChuck’s Revenge

Please reply to list if it's a mailing list post - http://shlom.in/reply .

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Shabab Mustafa
I have been a Linux advocate for almost a decade now and from 'my past
experience', I can tell you have opened a topic of a huge discussion about
people should switch to Linux Desktops (which is off-topic here). But I
respectfully disagree with your statement, "anti-virus programs usually do
more harm than good".

From a conservative viewpoint, some protection is still better to have than
no protection at all. And the example you gave here, an anti-virus
mistakenly classified your domain as a potential threat, makes a weaker
point. By a few mistakes, we cannot cancel out a million of other
successes. A false alarm is yet favourable than no alarm at all.

---
Shabab Mustafa
President
Wikimedia Bangladesh



On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]> wrote:

> On Thu, 3 May 2018 19:27:16 -0500
> John Bennett <[hidden email]> wrote:
>
> > Hello,
> >
> > Many of you may have been receiving emails in the last 24 hours warning
> you
> > of "Multiple failed attempts to log in" with your account. I wanted to
> let
> > you know that the Wikimedia Foundation's Security team is aware of the
> > situation, and working with others in the organization on steps to
> decrease
> > the success of attacks like these.
> >
> > The exact source is not yet known, but it is not originating from our
> > systems. That means it is an external effort to gain unauthorized access
> to
> > random accounts. These types of efforts are increasingly common for
> > websites of our reach. A vast majority of these attempts have been
> > unsuccessful, and we are reaching out personally to the small number of
> > accounts which we believe have been compromised.
> >
> > While we are constantly looking at improvements to our security systems
> and
> > processes to offset the impact of malicious efforts such as these, the
> best
> > method of prevention continues to be the steps each of you take to
> > safeguard your accounts. Because of this, we have taken steps in the past
> > to support things like stronger password requirements,[1] and we continue
> > to encourage everyone to take some routine steps to maintain a secure
> > computer and account. That includes regularly changing your passwords,[2]
> > actively running antivirus software on your systems, and keeping your
> > system software up to date.
> >
>
> From my experience, anti-virus programs usually do more harm than good. For
> example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked
> my
> entire shlomifish.org domain because it apparently misclassified an
> executable
> download as problematic (and it was built from source using
> https://en.wikipedia.org/wiki/CMake and
> https://en.wikipedia.org/wiki/AppVeyor
> so it is unlikely that that is the case.). MS Windows' poor resistance to
> malware and the fact that Windows Update is so dysfunctional (see
> http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the
> reasons
> why I cannot recommend running it as a desktop, and instead one should use
> https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
>
> A little off topic perhaps, but needs to be said.
>
> > My team will continue to investigate this incident, and report back if we
> > notice any concerning changes. If you have any questions, please contact
> > the Support and Safety team (susa{{@}}wikimedia.org).
> >
> > John Bennett
> > Director of Security, Wikimedia Foundation
> >
> > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > [hidden email] Unsubscribe:
> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
>
>
> --
> -----------------------------------------------------------------
> Shlomi Fish       http://www.shlomifish.org/
> http://www.shlomifish.org/open-source/projects/fortune-mod/
>
> If a tree falls down in the middle of the forest, and there’s no one there
> to
> hear it… what colour is the tree?
>     — Monkey Island 2: LeChuck’s Revenge
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Gabriel Thullen
I am also a Linux advocate, and have been so for years (decades?). That
been said, I imagine that there are still more people using Windows XP than
there are people using Linux. Last time I checked (october 2017) it was
something like 5% using XP and less than 1% using linux, all distros
included. We can safely predict that virus outvreaks will be a problem for
linux once it reaches 5% or 10% market share...

Gabe

On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <[hidden email]>
wrote:

> I have been a Linux advocate for almost a decade now and from 'my past
> experience', I can tell you have opened a topic of a huge discussion about
> people should switch to Linux Desktops (which is off-topic here). But I
> respectfully disagree with your statement, "anti-virus programs usually do
> more harm than good".
>
> From a conservative viewpoint, some protection is still better to have than
> no protection at all. And the example you gave here, an anti-virus
> mistakenly classified your domain as a potential threat, makes a weaker
> point. By a few mistakes, we cannot cancel out a million of other
> successes. A false alarm is yet favourable than no alarm at all.
>
> ---
> Shabab Mustafa
> President
> Wikimedia Bangladesh
>
> ​
>
> On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]> wrote:
>
> > On Thu, 3 May 2018 19:27:16 -0500
> > John Bennett <[hidden email]> wrote:
> >
> > > Hello,
> > >
> > > Many of you may have been receiving emails in the last 24 hours warning
> > you
> > > of "Multiple failed attempts to log in" with your account. I wanted to
> > let
> > > you know that the Wikimedia Foundation's Security team is aware of the
> > > situation, and working with others in the organization on steps to
> > decrease
> > > the success of attacks like these.
> > >
> > > The exact source is not yet known, but it is not originating from our
> > > systems. That means it is an external effort to gain unauthorized
> access
> > to
> > > random accounts. These types of efforts are increasingly common for
> > > websites of our reach. A vast majority of these attempts have been
> > > unsuccessful, and we are reaching out personally to the small number of
> > > accounts which we believe have been compromised.
> > >
> > > While we are constantly looking at improvements to our security systems
> > and
> > > processes to offset the impact of malicious efforts such as these, the
> > best
> > > method of prevention continues to be the steps each of you take to
> > > safeguard your accounts. Because of this, we have taken steps in the
> past
> > > to support things like stronger password requirements,[1] and we
> continue
> > > to encourage everyone to take some routine steps to maintain a secure
> > > computer and account. That includes regularly changing your
> passwords,[2]
> > > actively running antivirus software on your systems, and keeping your
> > > system software up to date.
> > >
> >
> > From my experience, anti-virus programs usually do more harm than good.
> For
> > example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked
> > my
> > entire shlomifish.org domain because it apparently misclassified an
> > executable
> > download as problematic (and it was built from source using
> > https://en.wikipedia.org/wiki/CMake and
> > https://en.wikipedia.org/wiki/AppVeyor
> > so it is unlikely that that is the case.). MS Windows' poor resistance to
> > malware and the fact that Windows Update is so dysfunctional (see
> > http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the
> > reasons
> > why I cannot recommend running it as a desktop, and instead one should
> use
> > https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
> >
> > A little off topic perhaps, but needs to be said.
> >
> > > My team will continue to investigate this incident, and report back if
> we
> > > notice any concerning changes. If you have any questions, please
> contact
> > > the Support and Safety team (susa{{@}}wikimedia.org).
> > >
> > > John Bennett
> > > Director of Security, Wikimedia Foundation
> > >
> > > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > [hidden email] Unsubscribe:
> > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> >
> >
> > --
> > -----------------------------------------------------------------
> > Shlomi Fish       http://www.shlomifish.org/
> > http://www.shlomifish.org/open-source/projects/fortune-mod/
> >
> > If a tree falls down in the middle of the forest, and there’s no one
> there
> > to
> > hear it… what colour is the tree?
> >     — Monkey Island 2: LeChuck’s Revenge
> >
> > Please reply to list if it's a mailing list post - http://shlom.in/reply
> .
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Eduardo Testart
Shlomi,

I believe that the problem is with your particular brand of antivirus,
eventhough they all block a bit more or less to prevent certain risks.

Nevertheless, making an extrapolation to every antivirus from the
experience with only one brand, and concluding "they do more harm than
good" based on that, seems a bit off.


Cheers!

El lun., may. 7, 2018 10:02, Gabriel Thullen <[hidden email]> escribió:

> I am also a Linux advocate, and have been so for years (decades?). That
> been said, I imagine that there are still more people using Windows XP than
> there are people using Linux. Last time I checked (october 2017) it was
> something like 5% using XP and less than 1% using linux, all distros
> included. We can safely predict that virus outvreaks will be a problem for
> linux once it reaches 5% or 10% market share...
>
> Gabe
>
> On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <[hidden email]>
> wrote:
>
> > I have been a Linux advocate for almost a decade now and from 'my past
> > experience', I can tell you have opened a topic of a huge discussion
> about
> > people should switch to Linux Desktops (which is off-topic here). But I
> > respectfully disagree with your statement, "anti-virus programs usually
> do
> > more harm than good".
> >
> > From a conservative viewpoint, some protection is still better to have
> than
> > no protection at all. And the example you gave here, an anti-virus
> > mistakenly classified your domain as a potential threat, makes a weaker
> > point. By a few mistakes, we cannot cancel out a million of other
> > successes. A false alarm is yet favourable than no alarm at all.
> >
> > ---
> > Shabab Mustafa
> > President
> > Wikimedia Bangladesh
> >
> > ​
> >
> > On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]>
> wrote:
> >
> > > On Thu, 3 May 2018 19:27:16 -0500
> > > John Bennett <[hidden email]> wrote:
> > >
> > > > Hello,
> > > >
> > > > Many of you may have been receiving emails in the last 24 hours
> warning
> > > you
> > > > of "Multiple failed attempts to log in" with your account. I wanted
> to
> > > let
> > > > you know that the Wikimedia Foundation's Security team is aware of
> the
> > > > situation, and working with others in the organization on steps to
> > > decrease
> > > > the success of attacks like these.
> > > >
> > > > The exact source is not yet known, but it is not originating from our
> > > > systems. That means it is an external effort to gain unauthorized
> > access
> > > to
> > > > random accounts. These types of efforts are increasingly common for
> > > > websites of our reach. A vast majority of these attempts have been
> > > > unsuccessful, and we are reaching out personally to the small number
> of
> > > > accounts which we believe have been compromised.
> > > >
> > > > While we are constantly looking at improvements to our security
> systems
> > > and
> > > > processes to offset the impact of malicious efforts such as these,
> the
> > > best
> > > > method of prevention continues to be the steps each of you take to
> > > > safeguard your accounts. Because of this, we have taken steps in the
> > past
> > > > to support things like stronger password requirements,[1] and we
> > continue
> > > > to encourage everyone to take some routine steps to maintain a secure
> > > > computer and account. That includes regularly changing your
> > passwords,[2]
> > > > actively running antivirus software on your systems, and keeping your
> > > > system software up to date.
> > > >
> > >
> > > From my experience, anti-virus programs usually do more harm than good.
> > For
> > > example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
> blocked
> > > my
> > > entire shlomifish.org domain because it apparently misclassified an
> > > executable
> > > download as problematic (and it was built from source using
> > > https://en.wikipedia.org/wiki/CMake and
> > > https://en.wikipedia.org/wiki/AppVeyor
> > > so it is unlikely that that is the case.). MS Windows' poor resistance
> to
> > > malware and the fact that Windows Update is so dysfunctional (see
> > > http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the
> > > reasons
> > > why I cannot recommend running it as a desktop, and instead one should
> > use
> > > https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
> similar.
> > >
> > > A little off topic perhaps, but needs to be said.
> > >
> > > > My team will continue to investigate this incident, and report back
> if
> > we
> > > > notice any concerning changes. If you have any questions, please
> > contact
> > > > the Support and Safety team (susa{{@}}wikimedia.org).
> > > >
> > > > John Bennett
> > > > Director of Security, Wikimedia Foundation
> > > >
> > > > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > > > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > > [hidden email] Unsubscribe:
> > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > >
> > > --
> > > -----------------------------------------------------------------
> > > Shlomi Fish       http://www.shlomifish.org/
> > > http://www.shlomifish.org/open-source/projects/fortune-mod/
> > >
> > > If a tree falls down in the middle of the forest, and there’s no one
> > there
> > > to
> > > hear it… what colour is the tree?
> > >     — Monkey Island 2: LeChuck’s Revenge
> > >
> > > Please reply to list if it's a mailing list post -
> http://shlom.in/reply
> > .
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > https://meta.wikimedia.org/wiki/Wikimedia-l
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Shlomi Fish
Hi,

On Mon, 07 May 2018 13:20:22 +0000
Eduardo Testart <[hidden email]> wrote:

> Shlomi,
>
> I believe that the problem is with your particular brand of antivirus,
> eventhough they all block a bit more or less to prevent certain risks.
>
> Nevertheless, making an extrapolation to every antivirus from the
> experience with only one brand, and concluding "they do more harm than
> good" based on that, seems a bit off.
>

this was just one example. I have heard of many similar problems with others.
Just try subscribing to gimp-user ( https://www.gimp.org/mail_lists.html ) or
chatting on freenode for a while and you will see.


>
> Cheers!
>
> El lun., may. 7, 2018 10:02, Gabriel Thullen <[hidden email]> escribió:
>
> > I am also a Linux advocate, and have been so for years (decades?). That
> > been said, I imagine that there are still more people using Windows XP than
> > there are people using Linux. Last time I checked (october 2017) it was
> > something like 5% using XP and less than 1% using linux, all distros
> > included. We can safely predict that virus outvreaks will be a problem for
> > linux once it reaches 5% or 10% market share...
> >
> > Gabe
> >
> > On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <[hidden email]>
> > wrote:
> >  
> > > I have been a Linux advocate for almost a decade now and from 'my past
> > > experience', I can tell you have opened a topic of a huge discussion  
> > about  
> > > people should switch to Linux Desktops (which is off-topic here). But I
> > > respectfully disagree with your statement, "anti-virus programs usually  
> > do  
> > > more harm than good".
> > >
> > > From a conservative viewpoint, some protection is still better to have  
> > than  
> > > no protection at all. And the example you gave here, an anti-virus
> > > mistakenly classified your domain as a potential threat, makes a weaker
> > > point. By a few mistakes, we cannot cancel out a million of other
> > > successes. A false alarm is yet favourable than no alarm at all.
> > >
> > > ---
> > > Shabab Mustafa
> > > President
> > > Wikimedia Bangladesh
> > >
> > > ​
> > >
> > > On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]>  
> > wrote:  
> > >  
> > > > On Thu, 3 May 2018 19:27:16 -0500
> > > > John Bennett <[hidden email]> wrote:
> > > >  
> > > > > Hello,
> > > > >
> > > > > Many of you may have been receiving emails in the last 24 hours  
> > warning  
> > > > you  
> > > > > of "Multiple failed attempts to log in" with your account. I wanted  
> > to  
> > > > let  
> > > > > you know that the Wikimedia Foundation's Security team is aware of  
> > the  
> > > > > situation, and working with others in the organization on steps to  
> > > > decrease  
> > > > > the success of attacks like these.
> > > > >
> > > > > The exact source is not yet known, but it is not originating from our
> > > > > systems. That means it is an external effort to gain unauthorized  
> > > access  
> > > > to  
> > > > > random accounts. These types of efforts are increasingly common for
> > > > > websites of our reach. A vast majority of these attempts have been
> > > > > unsuccessful, and we are reaching out personally to the small number  
> > of  
> > > > > accounts which we believe have been compromised.
> > > > >
> > > > > While we are constantly looking at improvements to our security  
> > systems  
> > > > and  
> > > > > processes to offset the impact of malicious efforts such as these,  
> > the  
> > > > best  
> > > > > method of prevention continues to be the steps each of you take to
> > > > > safeguard your accounts. Because of this, we have taken steps in the  
> > > past  
> > > > > to support things like stronger password requirements,[1] and we  
> > > continue  
> > > > > to encourage everyone to take some routine steps to maintain a secure
> > > > > computer and account. That includes regularly changing your  
> > > passwords,[2]  
> > > > > actively running antivirus software on your systems, and keeping your
> > > > > system software up to date.
> > > > >  
> > > >
> > > > From my experience, anti-virus programs usually do more harm than
> > > > good.  
> > > For  
> > > > example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently  
> > blocked  
> > > > my
> > > > entire shlomifish.org domain because it apparently misclassified an
> > > > executable
> > > > download as problematic (and it was built from source using
> > > > https://en.wikipedia.org/wiki/CMake and
> > > > https://en.wikipedia.org/wiki/AppVeyor
> > > > so it is unlikely that that is the case.). MS Windows' poor resistance  
> > to  
> > > > malware and the fact that Windows Update is so dysfunctional (see
> > > > http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the
> > > > reasons
> > > > why I cannot recommend running it as a desktop, and instead one should  
> > > use  
> > > > https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or  
> > similar.  
> > > >
> > > > A little off topic perhaps, but needs to be said.
> > > >  
> > > > > My team will continue to investigate this incident, and report back  
> > if  
> > > we  
> > > > > notice any concerning changes. If you have any questions, please  
> > > contact  
> > > > > the Support and Safety team (susa{{@}}wikimedia.org).
> > > > >
> > > > > John Bennett
> > > > > Director of Security, Wikimedia Foundation
> > > > >
> > > > > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > > > > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > > > > _______________________________________________
> > > > > Wikimedia-l mailing list, guidelines at:
> > > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > > > [hidden email] Unsubscribe:
> > > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > > <mailto:[hidden email]?subject=unsubscribe>  
> > > >
> > > >
> > > > --
> > > > -----------------------------------------------------------------
> > > > Shlomi Fish       http://www.shlomifish.org/
> > > > http://www.shlomifish.org/open-source/projects/fortune-mod/
> > > >
> > > > If a tree falls down in the middle of the forest, and there’s no one  
> > > there  
> > > > to
> > > > hear it… what colour is the tree?
> > > >     — Monkey Island 2: LeChuck’s Revenge
> > > >
> > > > Please reply to list if it's a mailing list post -  
> > http://shlom.in/reply 
> > > .  
> > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > https://meta.wikimedia.org/wiki/Wikimedia-l
> > > > New messages to: [hidden email]
> > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>  
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > wiki/Wikimedia-l
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >  
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>  
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> [hidden email] Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>


--
-----------------------------------------------------------------
Shlomi Fish       http://www.shlomifish.org/
https://github.com/shlomif/what-you-should-know-about-automated-testing

One of my most productive days was throwing away 1,000 lines of code.
    — Ken Thompson (Attributed)

Please reply to list if it's a mailing list post - http://shlom.in/reply .

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Shlomi Fish
In reply to this post by Gabriel Thullen
Hi Gabriel,

On Mon, 7 May 2018 14:02:44 +0100
Gabriel Thullen <[hidden email]> wrote:

> I am also a Linux advocate, and have been so for years (decades?). That
> been said, I imagine that there are still more people using Windows XP than
> there are people using Linux. Last time I checked (october 2017) it was
> something like 5% using XP and less than 1% using linux, all distros
> included. We can safely predict that virus outvreaks will be a problem for
> linux once it reaches 5% or 10% market share...
>

Most linux viruses have never outbroke and never caused much harm. Linux can be
susceptible to other forms of malware such as worms or rootkits, but it hasyet
to exhibit a large scale virus epidemic and it isnt because it wasn't tried.
Linux is an attractive target because many servers run on it. See also
https://duckduckgo.com/?q=linux+viruses&ia=web

Regards,

Shlomi

> Gabe
>
> On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <[hidden email]>
> wrote:
>
> > I have been a Linux advocate for almost a decade now and from 'my past
> > experience', I can tell you have opened a topic of a huge discussion about
> > people should switch to Linux Desktops (which is off-topic here). But I
> > respectfully disagree with your statement, "anti-virus programs usually do
> > more harm than good".
> >
> > From a conservative viewpoint, some protection is still better to have than
> > no protection at all. And the example you gave here, an anti-virus
> > mistakenly classified your domain as a potential threat, makes a weaker
> > point. By a few mistakes, we cannot cancel out a million of other
> > successes. A false alarm is yet favourable than no alarm at all.
> >
> > ---
> > Shabab Mustafa
> > President
> > Wikimedia Bangladesh
> >
> > ​
> >
> > On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]> wrote:
> >  
> > > On Thu, 3 May 2018 19:27:16 -0500
> > > John Bennett <[hidden email]> wrote:
> > >  
> > > > Hello,
> > > >
> > > > Many of you may have been receiving emails in the last 24 hours
> > > > warning  
> > > you  
> > > > of "Multiple failed attempts to log in" with your account. I wanted to  
> > > let  
> > > > you know that the Wikimedia Foundation's Security team is aware of the
> > > > situation, and working with others in the organization on steps to  
> > > decrease  
> > > > the success of attacks like these.
> > > >
> > > > The exact source is not yet known, but it is not originating from our
> > > > systems. That means it is an external effort to gain unauthorized  
> > access  
> > > to  
> > > > random accounts. These types of efforts are increasingly common for
> > > > websites of our reach. A vast majority of these attempts have been
> > > > unsuccessful, and we are reaching out personally to the small number of
> > > > accounts which we believe have been compromised.
> > > >
> > > > While we are constantly looking at improvements to our security
> > > > systems  
> > > and  
> > > > processes to offset the impact of malicious efforts such as these, the  
> > > best  
> > > > method of prevention continues to be the steps each of you take to
> > > > safeguard your accounts. Because of this, we have taken steps in the  
> > past  
> > > > to support things like stronger password requirements,[1] and we  
> > continue  
> > > > to encourage everyone to take some routine steps to maintain a secure
> > > > computer and account. That includes regularly changing your  
> > passwords,[2]  
> > > > actively running antivirus software on your systems, and keeping your
> > > > system software up to date.
> > > >  
> > >
> > > From my experience, anti-virus programs usually do more harm than good.  
> > For  
> > > example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked
> > > my
> > > entire shlomifish.org domain because it apparently misclassified an
> > > executable
> > > download as problematic (and it was built from source using
> > > https://en.wikipedia.org/wiki/CMake and
> > > https://en.wikipedia.org/wiki/AppVeyor
> > > so it is unlikely that that is the case.). MS Windows' poor resistance to
> > > malware and the fact that Windows Update is so dysfunctional (see
> > > http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the
> > > reasons
> > > why I cannot recommend running it as a desktop, and instead one should  
> > use  
> > > https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar.
> > >
> > > A little off topic perhaps, but needs to be said.
> > >  
> > > > My team will continue to investigate this incident, and report back if  
> > we  
> > > > notice any concerning changes. If you have any questions, please  
> > contact  
> > > > the Support and Safety team (susa{{@}}wikimedia.org).
> > > >
> > > > John Bennett
> > > > Director of Security, Wikimedia Foundation
> > > >
> > > > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > > > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > > [hidden email] Unsubscribe:
> > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>  
> > >
> > >
> > > --
> > > -----------------------------------------------------------------
> > > Shlomi Fish       http://www.shlomifish.org/
> > > http://www.shlomifish.org/open-source/projects/fortune-mod/
> > >
> > > If a tree falls down in the middle of the forest, and there’s no one  
> > there  
> > > to
> > > hear it… what colour is the tree?
> > >     — Monkey Island 2: LeChuck’s Revenge
> > >
> > > Please reply to list if it's a mailing list post - http://shlom.in/reply 
> > .  
> > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > https://meta.wikimedia.org/wiki/Wikimedia-l
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>  
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> >  
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> [hidden email] Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>


--
-----------------------------------------------------------------
Shlomi Fish       http://www.shlomifish.org/
http://youtu.be/xZLwtc9x4yA - Anime in Real Life!! (Parody)

E‐mail, web feeds, and doing something productive — choose two.

Please reply to list if it's a mailing list post - http://shlom.in/reply .

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Thyge
"Imagine a world, where all windows installations have turned off their
antivirus protection"!

Regards,
Thyge

Den man. 7. maj 2018 kl. 17.09 skrev Shlomi Fish <[hidden email]>:

> Hi Gabriel,
>
> On Mon, 7 May 2018 14:02:44 +0100
> Gabriel Thullen <[hidden email]> wrote:
>
> > I am also a Linux advocate, and have been so for years (decades?). That
> > been said, I imagine that there are still more people using Windows XP
> than
> > there are people using Linux. Last time I checked (october 2017) it was
> > something like 5% using XP and less than 1% using linux, all distros
> > included. We can safely predict that virus outvreaks will be a problem
> for
> > linux once it reaches 5% or 10% market share...
> >
>
> Most linux viruses have never outbroke and never caused much harm. Linux
> can be
> susceptible to other forms of malware such as worms or rootkits, but it
> hasyet
> to exhibit a large scale virus epidemic and it isnt because it wasn't
> tried.
> Linux is an attractive target because many servers run on it. See also
> https://duckduckgo.com/?q=linux+viruses&ia=web
>
> Regards,
>
> Shlomi
>
> > Gabe
> >
> > On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <[hidden email]
> >
> > wrote:
> >
> > > I have been a Linux advocate for almost a decade now and from 'my past
> > > experience', I can tell you have opened a topic of a huge discussion
> about
> > > people should switch to Linux Desktops (which is off-topic here). But I
> > > respectfully disagree with your statement, "anti-virus programs
> usually do
> > > more harm than good".
> > >
> > > From a conservative viewpoint, some protection is still better to have
> than
> > > no protection at all. And the example you gave here, an anti-virus
> > > mistakenly classified your domain as a potential threat, makes a weaker
> > > point. By a few mistakes, we cannot cancel out a million of other
> > > successes. A false alarm is yet favourable than no alarm at all.
> > >
> > > ---
> > > Shabab Mustafa
> > > President
> > > Wikimedia Bangladesh
> > >
> > > ​
> > >
> > > On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]>
> wrote:
> > >
> > > > On Thu, 3 May 2018 19:27:16 -0500
> > > > John Bennett <[hidden email]> wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > Many of you may have been receiving emails in the last 24 hours
> > > > > warning
> > > > you
> > > > > of "Multiple failed attempts to log in" with your account. I
> wanted to
> > > > let
> > > > > you know that the Wikimedia Foundation's Security team is aware of
> the
> > > > > situation, and working with others in the organization on steps
> to
> > > > decrease
> > > > > the success of attacks like these.
> > > > >
> > > > > The exact source is not yet known, but it is not originating from
> our
> > > > > systems. That means it is an external effort to gain unauthorized
> > > access
> > > > to
> > > > > random accounts. These types of efforts are increasingly common for
> > > > > websites of our reach. A vast majority of these attempts have been
> > > > > unsuccessful, and we are reaching out personally to the small
> number of
> > > > > accounts which we believe have been compromised.
> > > > >
> > > > > While we are constantly looking at improvements to our security
> > > > > systems
> > > > and
> > > > > processes to offset the impact of malicious efforts such as these,
> the
> > > > best
> > > > > method of prevention continues to be the steps each of you take to
> > > > > safeguard your accounts. Because of this, we have taken steps in
> the
> > > past
> > > > > to support things like stronger password requirements,[1] and we
> > > continue
> > > > > to encourage everyone to take some routine steps to maintain a
> secure
> > > > > computer and account. That includes regularly changing your
> > > passwords,[2]
> > > > > actively running antivirus software on your systems, and keeping
> your
> > > > > system software up to date.
> > > > >
> > > >
> > > > From my experience, anti-virus programs usually do more harm than
> good.
> > > For
> > > > example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
> blocked
> > > > my
> > > > entire shlomifish.org domain because it apparently misclassified an
> > > > executable
> > > > download as problematic (and it was built from source using
> > > > https://en.wikipedia.org/wiki/CMake and
> > > > https://en.wikipedia.org/wiki/AppVeyor
> > > > so it is unlikely that that is the case.). MS Windows' poor
> resistance to
> > > > malware and the fact that Windows Update is so dysfunctional (see
> > > > http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are
> the
> > > > reasons
> > > > why I cannot recommend running it as a desktop, and instead one
> should
> > > use
> > > > https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
> similar.
> > > >
> > > > A little off topic perhaps, but needs to be said.
> > > >
> > > > > My team will continue to investigate this incident, and report
> back if
> > > we
> > > > > notice any concerning changes. If you have any questions, please
> > > contact
> > > > > the Support and Safety team (susa{{@}}wikimedia.org).
> > > > >
> > > > > John Bennett
> > > > > Director of Security, Wikimedia Foundation
> > > > >
> > > > > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > > > > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > > > > _______________________________________________
> > > > > Wikimedia-l mailing list, guidelines at:
> > > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > > > [hidden email] Unsubscribe:
> > > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > > <mailto:[hidden email]?subject=unsubscribe>
>
> > > >
> > > >
> > > > --
> > > > -----------------------------------------------------------------
> > > > Shlomi Fish       http://www.shlomifish.org/
> > > > http://www.shlomifish.org/open-source/projects/fortune-mod/
> > > >
> > > > If a tree falls down in the middle of the forest, and there’s no
> one
> > > there
> > > > to
> > > > hear it… what colour is the tree?
> > > >     — Monkey Island 2: LeChuck’s Revenge
> > > >
> > > > Please reply to list if it's a mailing list post -
> http://shlom.in/reply
> > > .
> > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at:
> > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > https://meta.wikimedia.org/wiki/Wikimedia-l
> > > > New messages to: [hidden email]
> > > > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
>
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > wiki/Wikimedia-l
> > > New messages to: [hidden email]
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> > >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > [hidden email] Unsubscribe:
> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
>
>
> --
> -----------------------------------------------------------------
> Shlomi Fish       http://www.shlomifish.org/
> http://youtu.be/xZLwtc9x4yA - Anime in Real Life!! (Parody)
>
> E‐mail, web feeds, and doing something productive — choose two.
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Anti-viruses [was Re: Information on "Multiple failed attempts to log in" emails]

Gabriel Thullen
The main reason we have virus outbreaks is the way a lot of users click on
email attachments and on programs they have just downloaded from the net.
Users are warned time and time again, but they do it anyway. Once we get a
large enough base of desktop linux users, we will have the same problems.

We are safe for now...

On Mon, May 7, 2018 at 5:53 PM, Thyge <[hidden email]> wrote:

> "Imagine a world, where all windows installations have turned off their
> antivirus protection"!
>
> Regards,
> Thyge
>
> Den man. 7. maj 2018 kl. 17.09 skrev Shlomi Fish <[hidden email]>:
>
> > Hi Gabriel,
> >
> > On Mon, 7 May 2018 14:02:44 +0100
> > Gabriel Thullen <[hidden email]> wrote:
> >
> > > I am also a Linux advocate, and have been so for years (decades?). That
> > > been said, I imagine that there are still more people using Windows XP
> > than
> > > there are people using Linux. Last time I checked (october 2017) it was
> > > something like 5% using XP and less than 1% using linux, all distros
> > > included. We can safely predict that virus outvreaks will be a problem
> > for
> > > linux once it reaches 5% or 10% market share...
> > >
> >
> > Most linux viruses have never outbroke and never caused much harm. Linux
> > can be
> > susceptible to other forms of malware such as worms or rootkits, but it
> > hasyet
> > to exhibit a large scale virus epidemic and it isnt because it wasn't
> > tried.
> > Linux is an attractive target because many servers run on it. See also
> > https://duckduckgo.com/?q=linux+viruses&ia=web
> >
> > Regards,
> >
> > Shlomi
> >
> > > Gabe
> > >
> > > On Mon, May 7, 2018 at 1:51 PM, Shabab Mustafa <
> [hidden email]
> > >
> > > wrote:
> > >
> > > > I have been a Linux advocate for almost a decade now and from 'my
> past
> > > > experience', I can tell you have opened a topic of a huge discussion
> > about
> > > > people should switch to Linux Desktops (which is off-topic here).
> But I
> > > > respectfully disagree with your statement, "anti-virus programs
> > usually do
> > > > more harm than good".
> > > >
> > > > From a conservative viewpoint, some protection is still better to
> have
> > than
> > > > no protection at all. And the example you gave here, an anti-virus
> > > > mistakenly classified your domain as a potential threat, makes a
> weaker
> > > > point. By a few mistakes, we cannot cancel out a million of other
> > > > successes. A false alarm is yet favourable than no alarm at all.
> > > >
> > > > ---
> > > > Shabab Mustafa
> > > > President
> > > > Wikimedia Bangladesh
> > > >
> > > > ​
> > > >
> > > > On Mon, May 7, 2018 at 5:56 PM Shlomi Fish <[hidden email]>
> > wrote:
> > > >
> > > > > On Thu, 3 May 2018 19:27:16 -0500
> > > > > John Bennett <[hidden email]> wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > Many of you may have been receiving emails in the last 24 hours
> > > > > > warning
> > > > > you
> > > > > > of "Multiple failed attempts to log in" with your account. I
> > wanted to
> > > > > let
> > > > > > you know that the Wikimedia Foundation's Security team is aware
> of
> > the
> > > > > > situation, and working with others in the organization on steps
> > to
> > > > > decrease
> > > > > > the success of attacks like these.
> > > > > >
> > > > > > The exact source is not yet known, but it is not originating from
> > our
> > > > > > systems. That means it is an external effort to gain unauthorized
> > > > access
> > > > > to
> > > > > > random accounts. These types of efforts are increasingly common
> for
> > > > > > websites of our reach. A vast majority of these attempts have
> been
> > > > > > unsuccessful, and we are reaching out personally to the small
> > number of
> > > > > > accounts which we believe have been compromised.
> > > > > >
> > > > > > While we are constantly looking at improvements to our security
> > > > > > systems
> > > > > and
> > > > > > processes to offset the impact of malicious efforts such as
> these,
> > the
> > > > > best
> > > > > > method of prevention continues to be the steps each of you take
> to
> > > > > > safeguard your accounts. Because of this, we have taken steps in
> > the
> > > > past
> > > > > > to support things like stronger password requirements,[1] and we
> > > > continue
> > > > > > to encourage everyone to take some routine steps to maintain a
> > secure
> > > > > > computer and account. That includes regularly changing your
> > > > passwords,[2]
> > > > > > actively running antivirus software on your systems, and keeping
> > your
> > > > > > system software up to date.
> > > > > >
> > > > >
> > > > > From my experience, anti-virus programs usually do more harm than
> > good.
> > > > For
> > > > > example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently
> > blocked
> > > > > my
> > > > > entire shlomifish.org domain because it apparently misclassified
> an
> > > > > executable
> > > > > download as problematic (and it was built from source using
> > > > > https://en.wikipedia.org/wiki/CMake and
> > > > > https://en.wikipedia.org/wiki/AppVeyor
> > > > > so it is unlikely that that is the case.). MS Windows' poor
> > resistance to
> > > > > malware and the fact that Windows Update is so dysfunctional (see
> > > > > http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are
> > the
> > > > > reasons
> > > > > why I cannot recommend running it as a desktop, and instead one
> > should
> > > > use
> > > > > https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or
> > similar.
> > > > >
> > > > > A little off topic perhaps, but needs to be said.
> > > > >
> > > > > > My team will continue to investigate this incident, and report
> > back if
> > > > we
> > > > > > notice any concerning changes. If you have any questions, please
> > > > contact
> > > > > > the Support and Safety team (susa{{@}}wikimedia.org).
> > > > > >
> > > > > > John Bennett
> > > > > > Director of Security, Wikimedia Foundation
> > > > > >
> > > > > > [1] https://meta.wikimedia.org/wiki/Password_strength_
> requirements
> > > > > > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > > > > > _______________________________________________
> > > > > > Wikimedia-l mailing list, guidelines at:
> > > > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > > > > [hidden email] Unsubscribe:
> > > > > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > > > <mailto:[hidden email]?subject=
> unsubscribe>
> >
> > > > >
> > > > >
> > > > > --
> > > > > -----------------------------------------------------------------
> > > > > Shlomi Fish       http://www.shlomifish.org/
> > > > > http://www.shlomifish.org/open-source/projects/fortune-mod/
> > > > >
> > > > > If a tree falls down in the middle of the forest, and there’s no
> > one
> > > > there
> > > > > to
> > > > > hear it… what colour is the tree?
> > > > >     — Monkey Island 2: LeChuck’s Revenge
> > > > >
> > > > > Please reply to list if it's a mailing list post -
> > http://shlom.in/reply
> > > > .
> > > > >
> > > > > _______________________________________________
> > > > > Wikimedia-l mailing list, guidelines at:
> > > > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > > > https://meta.wikimedia.org/wiki/Wikimedia-l
> > > > > New messages to: [hidden email]
> > > > > Unsubscribe:
> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > > > <mailto:[hidden email]?subject=
> unsubscribe>
> >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > > wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> > > > wiki/Wikimedia-l
> > > > New messages to: [hidden email]
> > > > Unsubscribe: https://lists.wikimedia.org/
> mailman/listinfo/wikimedia-l,
> > > > <mailto:[hidden email]?subject=unsubscribe>
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list, guidelines at:
> > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to:
> > > [hidden email] Unsubscribe:
> > > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > <mailto:[hidden email]?subject=unsubscribe>
> >
> >
> > --
> > -----------------------------------------------------------------
> > Shlomi Fish       http://www.shlomifish.org/
> > http://youtu.be/xZLwtc9x4yA - Anime in Real Life!! (Parody)
> >
> > E‐mail, web feeds, and doing something productive — choose two.
> >
> > Please reply to list if it's a mailing list post - http://shlom.in/reply
> .
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:[hidden email]?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/
> wiki/Wikimedia-l
> New messages to: [hidden email]
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:[hidden email]?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

Gergo Tisza
In reply to this post by Nathan Awrich
On Sun, May 6, 2018 at 11:24 PM Nathan <[hidden email]> wrote:

> I get hundreds of these a year (my user name, Nathan, seems to be a popular
> target). It would nice to be able to use some sort of multi-factor
> authentication, which is actually supported by OAUTH. However, it seems
> most projects (including en.wp) restrict use to accounts with elevated
> rights. Can anyone explain why these tools can't be made more widely
> accessible?
>

Lack of usability around recovering a lost second factor (and not losing it
in the first place) AIUI. Right now only developers can reset the second
factor; that does not scale to all Wikimedia editors.
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

Fæ
In reply to this post by Fæ
Dear Security group of the Wikimedia Foundation,

The community has been patiently waiting for *113 days* for an
analysis to be published for the login attack of 3 May 2018.

The community has been waiting for *650 days* (that's around one year
and 10 months) for an analysis of the OurMine hack to be published.

We are repeatedly, and at times rudely, advised by WMF employees to
raise Phabricator tickets for these types of task, which now appears
to be deliberately bad advice if the tickets can remain open but
languish as "Needs Triage" and ignored by the WMF for a period of
years or indefinitely until the community conveniently forgets about
them.

The OurMine hack was an important breach of Wikimedia project
security, and though the precise details may not be smart to make
public as this might risk becoming guidance for future hackers, nobody
can object to a potted summary and analysis of how severe the attack
was, and what types of steps the WMF has taken to ensure this will
never be repeated.

Links
1. https://phabricator.wikimedia.org/T193846 Publish analysis of
sustained login attack of 3 May 2018
2. https://phabricator.wikimedia.org/T150605 Publish an analysis of
the OurMine hack (11 November 2016)

Thank you for helping out with better community communication,
Fae
--
[hidden email] https://commons.wikimedia.org/wiki/User:Fae

On Fri, 4 May 2018 at 10:40, Fæ <[hidden email]> wrote:

>
> On 4 May 2018 at 01:27, John Bennett <[hidden email]> wrote:
> > Hello,
> >
> > Many of you may have been receiving emails in the last 24 hours warning you
> > of "Multiple failed attempts to log in" with your account. I wanted to let
> > you know that the Wikimedia Foundation's Security team is aware of the
> > situation, and working with others in the organization on steps to decrease
> > the success of attacks like these.
> >
> > The exact source is not yet known, but it is not originating from our
> > systems. That means it is an external effort to gain unauthorized access to
> > random accounts. These types of efforts are increasingly common for
> > websites of our reach. A vast majority of these attempts have been
> > unsuccessful, and we are reaching out personally to the small number of
> > accounts which we believe have been compromised.
> >
> > While we are constantly looking at improvements to our security systems and
> > processes to offset the impact of malicious efforts such as these, the best
> > method of prevention continues to be the steps each of you take to
> > safeguard your accounts. Because of this, we have taken steps in the past
> > to support things like stronger password requirements,[1] and we continue
> > to encourage everyone to take some routine steps to maintain a secure
> > computer and account. That includes regularly changing your passwords,[2]
> > actively running antivirus software on your systems, and keeping your
> > system software up to date.
> >
> > My team will continue to investigate this incident, and report back if we
> > notice any concerning changes. If you have any questions, please contact
> > the Support and Safety team (susa{{@}}wikimedia.org).
> >
> > John Bennett
> > Director of Security, Wikimedia Foundation
> >
> > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements
> > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: [hidden email]
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
>
> Thanks for the update.
>
> Could you please follow up with a public report about incident and the
> analysis. There is plenty of data available in the public domain, and
> an awful lot of users have been affected, there seems no special
> reason to keep the basic analysis a secret even if some
> behind-the-scenes changes might need to remain unpublished. I have
> raised this as a Phabricator ticket as a prompt.[1]
>
> By the way, the Wikimedia user community is still waiting for the
> promised report on the OurMine hack of 11th November 2016. Could you
> get on with it please? Leaving users hanging for more than a year for
> analysis to get published is not a good look for the WMF, it leaves us
> wondering if this type of standard analysis gets done properly or
> not.[2]
>
> Links
> 1. https://phabricator.wikimedia.org/T193846 Publish analysis of
> sustained login attack of 3 May 2018
> 2. https://phabricator.wikimedia.org/T150605 Publish an analysis of
> the OurMine hack
>
> Thanks
> Fae
> --
> [hidden email] https://commons.wikimedia.org/wiki/User:Fae

_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>
Reply | Threaded
Open this post in threaded view
|

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

Dennis During
Wouldn't disclosure in a public forum of any details of such an attack
potentially inform the attackers and would-be imitators of the success or
lack thereof of the attack, of its methods, and of detection and cleanup
methods?

On Sat, Aug 25, 2018 at 12:21 PM, Fæ <[hidden email]> wrote:

> Dear Security group of the Wikimedia Foundation,
>
> The community has been patiently waiting for *113 days* for an
> analysis to be published for the login attack of 3 May 2018.
>
--
Dennis C. During
_______________________________________________
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: [hidden email]
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:[hidden email]?subject=unsubscribe>