The accounts could be compromised just using a brute force attacks
which would be running for a long time. Since user would never know
their account is being cracked, they would likely never bother with
making their password more strong, neither report it somewhere. If I
was an inactive sysop and I received a message that someone has done
500 000 login attempts over night, I would likely ask some bureaucrat
to remove my sysop flag, since I don't even need it.

That's not possible now.

Regarding the hacked accounts, there were some in past, there was
evidence of that on english wikipedia AFAIK. I still don't see "damage
is not so big" as reason to drop work on improving the security.

On Wed, Apr 4, 2012 at 10:39 AM, Thomas Morton
<morton.tho...@googlemail.com> wrote:
>>
>> > Again, Just theatrical security, Most people tend to use the same
>> > passwords everywhere, if this was the case for said Sysop, Their email
>> > is also compromised. Also this would require wikis to have email
>> > sending setup, as well as the user to have confirmed theirs.
>> >
>>
>> That's the problem of user if they use same password, but I believe
>> that any users with any sense for security don't do that, sysops could
>> be instructed to use different password than in their email.
>>
>> >> This would be much simpler and it would actually make hacking
>> >> to sysop accounts much harder.
>> >
>> > Not really, per my point above.
>> >
>>
>> It would per my point above your point.
>>
>
>
> The problem here is that it doesn't really discuss how a sysop account has
> been compromised; via the email account? Via some more direct method?
>
> As pointed out it is somewhat security theatre.
>
> Besides; you're looking for a problem to fit the solution. On English
> Wikipedia compromised accounts are, in themselves, rare occurrences. And
> compromised sysop accounts rarer (read; I've never seen one!).
>
> We discussed this at length when implementing the age-desysoping, and
> agreed it wasn't an entirely failsafe method against compromise. But it
> does provide a level of scrutiny to a  returning sysop; and really that is
> all that is needed. The amount of damage a compromised sysop account could
> do isn't critical and they can be stopped relatively easily - if they have
> scrutiny.
>
> This is the best form of security.
>
> Tom
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply via email to