WMF admits security fails

Wikimedia fundraising, financial issues (and improprieties), expenditures, contracting, and corporate relations.
Post Reply
Renée Bagslint
Posts: 274
Joined: Sat Nov 25, 2017 1:43 pm

WMF admits security fails

Post by Renée Bagslint » Sat Apr 14, 2018 11:14 am

The only thing the WMF really takes responsibility for is keeping the servers running. They aren't too bad at that, although they seem not to be that good at getting value for money, but the lights are almost always on. However, twice in recent weeks they have had to admit to not having kept them safe. In March, Gregory Varnum admitted, in email sneaked out on a Friday afternoon, that "a CentralNotice banner appeared to some logged-out users viewing English Wikipedia pages. The banner contained JavaScript hosted by Facebook, which allowed Facebook to collect traffic data from those who visited a page with a banner." Just to make things worse, "The banner was prepared by the Wikimedia Foundation" who presumably had failed to audit the script they were serving up to readers on their own site. This week, the hapless Gregory also had to admit that "the Wikimedia Foundation was notified by an outside security expert that they had discovered public access to what was intended to be a private mailing list".

These are pretty egregious security failures. Will heads roll, Dr Coleman? Apparently not: WMF is "reviewing potential internal procedural changes to prevent future incidents". So that's all right then.

User avatar
Auggie
Posts: 375
Joined: Sat Feb 25, 2017 2:00 pm

Re: WMF admits security fails

Post by Auggie » Sat Apr 14, 2018 6:08 pm

heads rolling :lol:

unlikely.

So now Facebook is monetizing Wikipedia? Interesting. I wonder if Maher is hoping for a cushy job to fall into in the future, and Facebook is local so things would work out nicely for her.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests