Wouldn't disclosure in a public forum of any details of such an attack
potentially inform the attackers and would-be imitators of the success or
lack thereof of the attack, of its methods, and of detection and cleanup
methods?
On Sat, Aug 25, 2018 at 12:21 PM, Fæ wrote:
> Dear Security group of
Dear Security group of the Wikimedia Foundation,
The community has been patiently waiting for *113 days* for an
analysis to be published for the login attack of 3 May 2018.
The community has been waiting for *650 days* (that's around one year
and 10 months) for an analysis of the OurMine hack to
On Sun, May 6, 2018 at 11:24 PM Nathan wrote:
> I get hundreds of these a year (my user name, Nathan, seems to be a popular
> target). It would nice to be able to use some sort of multi-factor
> authentication, which is actually supported by OAUTH. However, it seems
> most
I get hundreds of these a year (my user name, Nathan, seems to be a popular
target). It would nice to be able to use some sort of multi-factor
authentication, which is actually supported by OAUTH. However, it seems
most projects (including en.wp) restrict use to accounts with elevated
rights. Can
Thanks, John.
Fae, I suggest that we let the WMF folks who are working on this issue
extinguish the current fire before asking them to write a report about a
previous one.
I agree that the report about the previous incident is overdue. Perhaps as the
current situation becomes calmer (updated
On 4 May 2018 at 01:27, John Bennett wrote:
> Hello,
>
> Many of you may have been receiving emails in the last 24 hours warning you
> of "Multiple failed attempts to log in" with your account. I wanted to let
> you know that the Wikimedia Foundation's Security team is
Hello,
Many of you may have been receiving emails in the last 24 hours warning you
of "Multiple failed attempts to log in" with your account. I wanted to let
you know that the Wikimedia Foundation's Security team is aware of the
situation, and working with others in the organization on steps to