atom feed17 messages in org.wikimedia.lists.foundation-l[Foundation-l] Code detecting bots?
FromSent OnAttachments
Nicholas MoreauAug 2, 2007 6:18 am 
David GerardAug 2, 2007 6:38 am 
Gregory MaxwellAug 2, 2007 7:11 am 
Nicholas MoreauAug 2, 2007 7:19 am 
Thomas DaltonAug 2, 2007 7:23 am 
Dan RosenthalAug 2, 2007 7:41 am 
David GerardAug 2, 2007 7:53 am 
Thomas DaltonAug 2, 2007 9:18 am 
Gregory MaxwellAug 2, 2007 10:15 am 
Gregory MaxwellAug 2, 2007 10:24 am 
Gregory MaxwellAug 2, 2007 10:26 am 
Thomas DaltonAug 2, 2007 10:51 am 
Brion VibberAug 2, 2007 6:21 pm 
Brion VibberAug 2, 2007 6:22 pm 
Gregory MaxwellAug 2, 2007 7:00 pm 
Brion VibberAug 2, 2007 9:56 pm 
Uber HalogenAug 3, 2007 6:55 am 
Subject:[Foundation-l] Code detecting bots?
From:Gregory Maxwell (gmax@gmail.com)
Date:Aug 2, 2007 7:11:13 am
List:org.wikimedia.lists.foundation-l

On 8/2/07, David Gerard <dgerard at gmail.com> wrote:

On 02/08/07, Nicholas Moreau <nicholasmoreau at gmail.com> wrote:

Does the MediaWiki software, or any independently-running 'bots, look for code placed into pages of the Foundation projects? This article claims that we're a security risk... http://www.itworldcanada.com/a/News/036ff0b8-a384-4019-944c-bf09be58eec5.html

Rubbish. I've commented accordingly.

Only mostly rubbish:

People can, and have, externally linked to malicious software from our sites.

Of course, that can happen anywhere on the net and users (and their browser software) should be smart enough not to execute such code, but Wikipedia looks rather respectable so people may be more inclined to bypass security measures based on something on our site.

At the moment there are 209 external links to .exe files from the main namespace of English Wikipedia.

I don't think we should worry about malicious software specifically. Instead view any external link to malicious code as part of the larger problem of weak oversight of external links.

A while back I ran clamav against all 'executable' looking external links and found one nasty file. It would be really nice if the mechanism that updates externalinks table spat out a running log of external link additions and removals that we could hook an ongoing scanner into.

It's also possible to rename malicious content as one of our accepted formats for upload and upload it. If you client will execute an 'exe' renamed to 'ogg' and sent with the Ogg mime type your client is broken, but broken clients do exist. I do not recall ever seeing an example of something malicious distributed that way on our sites.