On Thu, 3 May 2018 19:27:16 -0500 John Bennett <jbenn...@wikimedia.org> wrote:
> Hello, > > Many of you may have been receiving emails in the last 24 hours warning you > of "Multiple failed attempts to log in" with your account. I wanted to let > you know that the Wikimedia Foundation's Security team is aware of the > situation, and working with others in the organization on steps to decrease > the success of attacks like these. > > The exact source is not yet known, but it is not originating from our > systems. That means it is an external effort to gain unauthorized access to > random accounts. These types of efforts are increasingly common for > websites of our reach. A vast majority of these attempts have been > unsuccessful, and we are reaching out personally to the small number of > accounts which we believe have been compromised. > > While we are constantly looking at improvements to our security systems and > processes to offset the impact of malicious efforts such as these, the best > method of prevention continues to be the steps each of you take to > safeguard your accounts. Because of this, we have taken steps in the past > to support things like stronger password requirements,[1] and we continue > to encourage everyone to take some routine steps to maintain a secure > computer and account. That includes regularly changing your passwords,[2] > actively running antivirus software on your systems, and keeping your > system software up to date. > From my experience, anti-virus programs usually do more harm than good. For example, https://en.wikipedia.org/wiki/Norton_AntiVirus recently blocked my entire shlomifish.org domain because it apparently misclassified an executable download as problematic (and it was built from source using https://en.wikipedia.org/wiki/CMake and https://en.wikipedia.org/wiki/AppVeyor so it is unlikely that that is the case.). MS Windows' poor resistance to malware and the fact that Windows Update is so dysfunctional (see http://www.shlomifish.org/humour/bits/facts/Windows-Update/ ) are the reasons why I cannot recommend running it as a desktop, and instead one should use https://en.wikipedia.org/wiki/Linux#Desktop - desktop linux or similar. A little off topic perhaps, but needs to be said. > My team will continue to investigate this incident, and report back if we > notice any concerning changes. If you have any questions, please contact > the Support and Safety team (susa{{@}}wikimedia.org). > > John Bennett > Director of Security, Wikimedia Foundation > > [1] https://meta.wikimedia.org/wiki/Password_strength_requirements > [2] https://meta.wikimedia.org/wiki/Special:ChangePassword > _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and > https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: > Wikimedia-l@lists.wikimedia.org Unsubscribe: > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ http://www.shlomifish.org/open-source/projects/fortune-mod/ If a tree falls down in the middle of the forest, and there’s no one there to hear it… what colour is the tree? — Monkey Island 2: LeChuck’s Revenge Please reply to list if it's a mailing list post - http://shlom.in/reply . _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>