Misplaced Pages

:Bureaucrats' noticeboard - Misplaced Pages

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by Salvidrim! (talk | contribs) at 16:09, 4 November 2015 (Recovery: re). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 16:09, 4 November 2015 by Salvidrim! (talk | contribs) (Recovery: re)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Advice, administrator elections (AdE), requests for adminship (RfA), bureaucratship (RfB), and past request archives
Administrators
Bureaucrats
AdE/RfX participants
History & statistics
Useful pages
Noticeboards
Misplaced Pages's centralized discussion, request, and help venues. For a listing of ongoing discussions and current requests, see the dashboard. For a related set of forums which do not function as noticeboards see formal review processes.
General
Articles,
content
Page handling
User conduct
Other
Category:Misplaced Pages noticeboards
    		 Centralized discussion
    Bureaucrat tasks
    Archiving icon
    Bureaucrats' noticeboard archives

    1, 2, 3, 4, 5, 6, 7, 8, 9, 10
    11, 12, 13, 14, 15, 16, 17, 18, 19, 20
    21, 22, 23, 24, 25, 26, 27, 28, 29, 30
    31, 32, 33, 34, 35, 36, 37, 38, 39, 40
    41, 42, 43, 44, 45, 46, 47, 48, 49, 50


    This page has archives. Sections older than 5 days may be automatically archived by Lowercase sigmabot III.
    To contact bureaucrats to alert them of an urgent issue, please post below.
    For sensitive matters, you may contact an individual bureaucrat directly by e-mail.You may use this tool to locate recently active bureaucrats. Click here to add a new section Shortcuts

    The Bureaucrats' noticeboard is a place where items related to the Bureaucrats can be discussed and coordinated. Any user is welcome to leave a message or join the discussion here. Please start a new section for each topic.

    This is not a forum for grievances. It is a specific noticeboard addressing Bureaucrat-related issues. If you want to know more about an action by a particular bureaucrat, you should first raise the matter with them on their talk page. Please stay on topic, remain civil, and remember to assume good faith. Take extraneous comments or threads to relevant talk pages.

    If you are here to report that an RFA or an RFB is "overdue" or "expired", please wait at least 12 hours from the scheduled end time before making a post here about it. There are a fair number of active bureaucrats; and an eye is being kept on the time remaining on these discussions. Thank you for your patience.

    To request that your administrator status be removed, initiate a new section below.

    Crat tasks
    RfAs 0
    RfBs 0
    Overdue RfBs 0
    Overdue RfAs 0
    BRFAs 14
    Approved BRFAs 0
    Requests for adminship and bureaucratship update
    No current discussions. Recent RfAs, recent RfBs: (successful, unsuccessful)
    It is 04:52:01 on January 22, 2025, according to the server's time and date.


    Inactive admins for October 2015

    The following admins can be desysopped for inactivity:

    Thanks to all of them for their service to Misplaced Pages. Graham87 07:44, 1 November 2015 (UTC)

     Done. WJBscribe (talk) 16:34, 1 November 2015 (UTC)

    Misplaced Pages:Requests for adminship/Yamaguchi先生

    Resolved

    The candidate in Misplaced Pages:Requests for adminship/Yamaguchi先生 is not active so has been unable to respond to questions. His editing pattern indicates that he doesn't edit weekends, and perhaps he didn't consider the significance of that when the RfA started. Or perhaps he is ill or unable to get online. We don't know. But folks are starting to vote oppose based on that. As he is not available to respond to concerns, and we don't really know why, would it be appropriate to suspend the RfA over the weekend? SilkTork 10:11, 1 November 2015 (UTC)

    I'd say not. If he is unavailable, he can address those opposes when he gets back, and if he has decided to not respond, the voters can take that into account. Worm(talk) 10:18, 1 November 2015 (UTC)
    Per Worm and further the candidate does not appear to edit regularly on weekends as per Timecard and after going through Yamaguchi's contributions during the last month shows the editor does not edit on weekends and it does appear to be his/her normal editing pattern .Pharaoh of the Wizards (talk) 10:25, 1 November 2015 (UTC)

    -Sysop

    Will a crat please remove my Sysop bit? Thanks, Tiptoety 20:38, 3 November 2015 (UTC)

     Done I am surprised to see this. :( Thank you for your long service, Tiptoety. Acalamari 21:09, 3 November 2015 (UTC)
    Acalamari, putting aside my own surprise, is there precedent for having a non-administrator with CheckUser privileges? Regardless of the answer, is that what Tiptoety actually wants?--Bbb23 (talk) 00:15, 4 November 2015 (UTC)
    Checkuser requires passing an RfA (or being elected to ArbCom, although the latter has never happened without the former). Tiptoety passed an RfA -- my understanding or the letter of the policy is that resigning the sysop bit doesn't require also resiging as a Checkuser. I don't think there is an existing precendent. Of course, Tiptoety's wishes may lean that way anyways, I'm just answering your first question.  · Salvidrim! ·  00:22, 4 November 2015 (UTC)
    I assumed that Tiptoety had requested removal on Meta but I didn't think to check; I've now checked and he has indeed made such a request. Acalamari 00:24, 4 November 2015 (UTC)
    Ah, that makes sense, thanks. Now I can go back to being saddened by the departure.--Bbb23 (talk) 01:28, 4 November 2015 (UTC)
    I believed that there indeed was someone who resigned sysop but kept CU/OS flag(s) for a while. I can't remember who it is at the moment though so I can be wrong. -- KTC (talk) 13:13, 4 November 2015 (UTC)

    Compromised accounts

    • Account compromised. Please desysop. Login details for millions of accounts from various data breaches have been readily available in the public domain for months now. A small list can be seen here. If you use the same password across multiple websites including Misplaced Pages, your account might have already been compromised. Please force a password reset for all admin and functionary accounts across wikimedia projects immediately. Salv, sad to see an admin account with both UTRS and OTRS access using a 6 digit number as password.  · Salvidrim! ·  08:28, 4 November 2015 (UTC)
    • Posting from another admin account to show how widespread this is. Please use a different password for your Misplaced Pages account, especially if you are an administrator or a functionary. WMF, at the very least consider implementing 2FA for accounts with advanced permissions. Meanwhile, desysop this one and CU other admin accounts to check for any unauthorized access. I assure you, there is no malicious intention on my part, just letting y’all know about this in the most effective way. OhanaUnited, please don't use your dob as your password - anywhere. OhanaUnited 08:33, 4 November 2015 (UTC)
      I have temporarily blocked these two accounts, and will desysop IAR if I see any admin actions from either. I've notified Arbcom with a view to a level 1 temporary desysop. Worm(talk) 08:48, 4 November 2015 (UTC)

    I have desysopped both accounts. If there are consequences for not waiting for the go ahead from ArbCom so be it. My reason for desysopping straight away is that these accounts have now been exposed to the world as compromised, with information provided about their passwords and hints about how to find them. The person who did so (thanks for bringing this to our attention) does not say that they changed the passwords, which means that anyone can still log into them and (at the very least) view deleted edits, which is not acceptable. WJBscribe (talk) 09:01, 4 November 2015 (UTC)

    Follow up

    I believe that when we last had a crop of compromised accounts (4 back in May 2007 as I recall), the developers ran a password cracker over all admin accounts to identify those with weak passwords. It sounds like we should do that again. I also think we should consider sending a talkpage message (and possibly email) to every admin reminding them of the need for a secure password, and asking them to change their password to one they do not use on other websites. WJBscribe (talk) 10:14, 4 November 2015 (UTC)

    I would support this, definitely. Worm(talk) 10:15, 4 November 2015 (UTC)
    I've dropped Maggie a line about the password cracker idea, happy to take point on that if someone else can follow up on the reminders. Worm(talk) 10:24, 4 November 2015 (UTC)
    Agreed and agreed. --Dweller (talk) 10:19, 4 November 2015 (UTC)
    All functionaries have been notified to change their passwords as they get the email. -- Amanda (aka DQ) 10:27, 4 November 2015 (UTC)
    Agreed. I can't believe that there are admin accounts with 6 digit passwords... Sam Walton (talk) 10:38, 4 November 2015 (UTC)
    I would argue against running a cracker on the password file. It's a personal privacy breach and poor security protocol. After a breach like this a better plan would be to expire the Misplaced Pages passwords and require strong password replacements. It's never a good idea to create the very index that hackers want to see especially if the concern is multi-site that WP can't control (i.e. Misplaced Pages secures an admin account by exposing his bank account). It would be rather embarrassing as well as a liability if Misplaced Pages's crack program exposed editors third-party passwords in any fashion, even internally. --DHeyward (talk) 10:42, 4 November 2015 (UTC)
    I don't think it is a personal privacy issue. A password is revealed to Misplaced Pages when you create an account with it, it is not private information. If the same party you revealed it to attempts to guess it for their internal security that is not an invasion of your privacy, it is the organization protecting itself. I think you will find it a fairly common practice for anyone with advanced permissions to have their password audited in most organizations. HighInBC 15:49, 4 November 2015 (UTC)
    How about a forced new system which won't accept a password if it does not contain atleast one "caps" word and one "number" with no less than 8 characters...simple solution no?--Stemoc 10:46, 4 November 2015 (UTC)
    @Stemoc: Note that those requirements (Capital, digit, lower case + weird character, 8 minimum) are not really the strongest type of passwords, you end up with passwords like: Banana1! (the location of capital, number and character are often the same), besides that those passwords are harder to remember (causing people to write them down somewhere). Strong passwords are easy to remember but lengthy. Using a sentence or set of random words is optimal (bananacookietablecoffeeexception, 5 words to remember for you, but difficult to crack due to length). Basvb (talk) 13:49, 4 November 2015 (UTC)
    XKCD saying the same Worm(talk) 13:56, 4 November 2015 (UTC)
    Where do you think I got it from? However a minimum length for passwords is a good idea, I just created an account with "1" as password, that is a bit too short imo. Basvb (talk) 14:24, 4 November 2015 (UTC)
    I'm all in favour of WMF trying to brute-force the password hashes, as they did before. However, let's remember the problem on this occasion is not the short passwords per se, but using the same password elsewhere. A request to change your password again, for this was done relatively recently, should really stress this point. -- zzuuzz 10:47, 4 November 2015 (UTC)
    How about instead of doing all this password changing and brute-force attacks, the WMF just implement two-factor authentication for all those with syop flags. That should solve a lot of issues. --Stabila711 (talk) 11:04, 4 November 2015 (UTC)
    I've always been in support of adding 2FA (opt-in at the very least), and so is the community. Sam Walton (talk) 11:10, 4 November 2015 (UTC)
    All the password complexity requirements in the world aren't going to jack when you use the same password elsewhere, and Adobe someone flubs it due to poor database security and security design. 2FA should be mandatory for all advanced permissions holders, and optionally available to anyone else that wants to use it. Lankiveil 11:15, 4 November 2015 (UTC).
    It seems like the 2FA Phab task is at the bottom of a big pile of CentralAuth related requests. Sam Walton (talk) 11:22, 4 November 2015 (UTC)
    Tbf, its not like their "wikipedia" accounts were hacked, no need to strengthen the WMF servers just because both users used the same pass for their wiki as well as for another site where the hacking was carried out...As of now, all i can recommend is for all Canada based users to change their passwords as both users were from canada so it was something they both are part of in canada which was hacked--Stemoc 11:26, 4 November 2015 (UTC)

    Maybe another approach would be to require all admins to certify: (i) that they have a password that meets certain minimum complexity requirements; and (ii) that the password is not used for anything else. It could be understood that if the certification proves untrue, accounts will be permanently desysopped and admins will need to pass a fresh RfA to regain them. A page could be created for admins to signs within a period of time (say 2 months) for admins to sign the page. After 2 months, admins who haven't signed would be temporarily desysopped until they sign up. Is that going too far? WJBscribe (talk) 11:31, 4 November 2015 (UTC)

    That's too far away, I think. You cannot prove the truth of it. — regards, Revi 11:35, 4 November 2015 (UTC)
    I can't say I like that idea, it seems very reactionary - when it comes down to it, there's only so much damage an admin can do. This was dealt with quickly, and would have been dealt with even faster if there had been any visible abuse of the admin tool. There's a big difference between recommending a course of action and enforcing one in this manner. The last thing I want to do is discourage people from signing up to be an admin, and something like that might. Worm(talk) 11:39, 4 November 2015 (UTC)
    Concur: hackers thieves and vandals who get passwords are fair more likely to be going after banks and online vendors that Misplaced Pages, and only admins who have been declared their real world identification would be vulnerable even if their password was in the wild. Do we know if wikimedia software detects multiple failed login attempts? NE Ent 11:50, 4 November 2015 (UTC) updated NE Ent 12:09, 4 November 2015 (UTC)
    I'm positive you didn't mean any harm, Ent, but Eric S. Raymond would not like you referring to these people as "hackers", and I don't really either. Ritchie333 12:05, 4 November 2015 (UTC)
    IIRC, there is ratelimiting preventing login if you fail to login for few times from given IP address for a given period of time. I don't remember the specific rules, though. — regards, Revi 12:18, 4 November 2015 (UTC)

    I just saw the note on AN. For what it's worth, on other sites where I have been an admin or mod, we ran password cracking utilities and any staff member that came up positive got 2 days to change it. If they didn't, they would be banned until a) they told us they changed it and b) a crack was unsuccessful. Standard procedure, if you ask me. I would recommend anyone who comes up with a bad password to be identified by email, NOT talk page (the last thing you want is people looking and thinking "ooh, easy admin account to crack!") As for "there's only so much damage an admin can do" - well I don't think there's any technical reason an admin can't unblock JarlaxleArtemis or undelete any amount of G10 attack pages so they can be copypasted elsewhere on the net, and while no admin would normally do that, a compromised account who doesn't care about desysopping much is like a bull in a china shop and can scare editors away really quickly, who'll then require some serious diplomacy to win back. Mind you, think of how much damage a compromised 'crat or steward account can do! Ritchie333 11:52, 4 November 2015 (UTC)

    • The real danger is in unlogged actions. A compromised admin account could quietly read deleted content that may compromise privacy and nobody would ever notice. As an admin I see deleted private info ranging from names to credit card numbers before oversight gets to it. We can't assume that a compromised admin account would be evident. HighInBC 15:55, 4 November 2015 (UTC)
    Both accounts seem to be globally locked. Anyways, one of them was a crat on Wikispecies, and an ORTS member. That is terrible. But even brute force won't help if the password is strong by itself, but used on another side with a security leak. Those cases of bad security will most likely not be found out until it is too late.--Müdigkeit (talk) 13:10, 4 November 2015 (UTC)
    • 2FA is the obvious solution that most environments serious about security have already implemented. Misplaced Pages has taken the "just good enough" approach to security long enough. We used to not even use SSL on the login page. Add the option to upload a PGP public key and require that a simple challenge be passed on each login. You simple encrypt a random string to the user's key and demand that they repeat the decrypted version back. Simple to program and incredibly effective. HighInBC 15:51, 4 November 2015 (UTC)

    Recovery

    This is Salv, from an alt. I have successfully gotten a password reset but until my account is no longer globally locked, I cannot login with the temporary password in order to change it to a new random (longer this time) string I've had at least one arb text me and I'd be more than happy to speak with anyome anywhere on the phone or elsewhere if someone needs more confirmation. I'm off to work now but I'll comment morr at length on Misplaced Pages security as soon as I have some time to sit down and collect my thoughts. Salvidrim (talk) 13:22, 4 November 2015 (UTC)

    If the Arb who you are in contact with can email me to confirm they are happy you are in control of your account via WP (or any other Steward) then someone will unlock your account. QuiteUnusual (talk) 14:48, 4 November 2015 (UTC)
    The Arb in question (DQ, if you must know) may not be available quickly, so I've e-mailed the stewards list and remain available to confirm my identity with any other available arbitrator. The only one who could currently access the Salvidrim! account (if it wasn't globally locked) would be myself, with the temporary password I've had reset and which is sitting in my e-mail. I can't take of a better way to prove it than with my sweet, angelic face (it's been a rough morning). :) Salvidrim (talk) 15:19, 4 November 2015 (UTC)
    What a nice picture. Based on various convincing evidence I've unlocked the account - thanks. QuiteUnusual (talk) 15:32, 4 November 2015 (UTC)
    I've unblocked - feel free to serve seafood if I've done this out of process, but I think a steward's confirmation and global unlock should be okay, right? Ritchie333 15:37, 4 November 2015 (UTC)
    I was just chatting to Salvidrim off wiki to double check - would rather he'd have confirmed he was back in control (he couldn't reset the password due to the locked account) before we did it, but I'm sure we'll be fine and he'll shout out if he doesn't get control back. Worm(talk) 15:41, 4 November 2015 (UTC)
    (edit conflict)Thanks... I guess? ;) I can confirm I am back in control of my account and have obviously changed the password for something that is more in line with my current personal-password-policy. The next step is for ArbCom to give their greenlight as far as resysopping goes, and then I'll have to get my UTRS and OTRS accounts reactivated (they were shut down preventively but they already had different passwords anyways).  · Salvidrim! ·  15:39, 4 November 2015 (UTC)
    It would suck even more if ArbCom said this was a cloud desysop and you could only get it back through an RfA. That would be icing on the cake. :p—Chat:Online 15:46, 4 November 2015 (UTC)
    This has happened before. If I remember correctly that bit was not automatically given back due to failure to secure their admin account. I am not sure if this is what is going to happen this time though. HighInBC 15:57, 4 November 2015 (UTC)
    In any event, I have changed my Misplaced Pages password to something completely random, that I can no longer remember.—Chat:Online 15:48, 4 November 2015 (UTC)
    Make sure you change your email passwords too. Especially if they are similar to the passwords you used on other sites. I know it's a pain, but that is a way to gain new passwords. Dave Dial (talk) 16:00, 4 November 2015 (UTC)
    I'm going to be creating random passwords for all of my important accounts that I usually only access on a single set of devices.—Chat:Limited Access 16:05, 4 November 2015 (UTC)
    My e-mail password is basically the key to me entire life so it's literally the most secure thing I own -- the actual password is encrypted using SHA-2 from a secret, random string that is committed to memory (took me a week of constant mnemonic training). ;)  · Salvidrim! ·  16:09, 4 November 2015 (UTC)
    Categories:
    Misplaced Pages:Bureaucrats' noticeboard Add topic