Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-08-25 Thread Dennis During
Wouldn't disclosure in a public forum of any details of such an attack potentially inform the attackers and would-be imitators of the success or lack thereof of the attack, of its methods, and of detection and cleanup methods? On Sat, Aug 25, 2018 at 12:21 PM, Fæ wrote: > Dear Security group of

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-08-25 Thread
Dear Security group of the Wikimedia Foundation, The community has been patiently waiting for *113 days* for an analysis to be published for the login attack of 3 May 2018. The community has been waiting for *650 days* (that's around one year and 10 months) for an analysis of the OurMine hack to

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-05-13 Thread Gergo Tisza
On Sun, May 6, 2018 at 11:24 PM Nathan wrote: > I get hundreds of these a year (my user name, Nathan, seems to be a popular > target). It would nice to be able to use some sort of multi-factor > authentication, which is actually supported by OAUTH. However, it seems > most

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-05-06 Thread Nathan
I get hundreds of these a year (my user name, Nathan, seems to be a popular target). It would nice to be able to use some sort of multi-factor authentication, which is actually supported by OAUTH. However, it seems most projects (including en.wp) restrict use to accounts with elevated rights. Can

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-05-05 Thread Pine W
Thanks, John.  Fae, I suggest that we let the WMF folks who are working on this issue extinguish the current fire before asking them to write a report about a previous one.  I agree that the report about the previous incident is overdue. Perhaps as the current situation becomes calmer (updated

Re: [Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-05-04 Thread
On 4 May 2018 at 01:27, John Bennett wrote: > Hello, > > Many of you may have been receiving emails in the last 24 hours warning you > of "Multiple failed attempts to log in" with your account. I wanted to let > you know that the Wikimedia Foundation's Security team is

[Wikimedia-l] Information on "Multiple failed attempts to log in" emails

2018-05-03 Thread John Bennett
Hello, Many of you may have been receiving emails in the last 24 hours warning you of "Multiple failed attempts to log in" with your account. I wanted to let you know that the Wikimedia Foundation's Security team is aware of the situation, and working with others in the organization on steps to