[Engineering] PLEASE READ: (unsuccesful) compromise attempt
C. Scott Ananian
cananian at wikimedia.org
Thu Jun 15 19:34:48 UTC 2017
For the record, this is the email I got, with the URL completely removed
for extra safety. Tugs on all the right heartstrings, but I was
immediately suspicious because why would *I* be the sole recipient here? I
don't work on any of the involved projects, and someone trying to find the
right person at WMF for a query would usually cc half a dozen
likely-looking sorts, not just target a single random engineer. But those
social miscues might be corrected for the next similar attempt.
The URL also contained the typo "wikimedla" for "wikimedia", FWIW.
--scott
==
From: Joshua Wilson <joshuaswillson at gmail.com>
Date: Thu, 15 Jun 2017 10:26:36 -0700
Message-ID: <CAMDs6ATYL51iRctY0cjp6d2hjeTZPNqmLTksXm-NLr2_TAnS9Q at mail.gmail.com>
Subject: Log File Exposed in Integration
To: CAnanian at wikimedia.org
Content-Type: text/plain; charset="UTF-8"
Greetings All,
I am writing to inform you of a possible information link involving the
Wikimedia Integration
server for production services. It appears that the log files for several
builds leak potentially sensitive cookies and tokens that could allow a
remote attacker to authenticate to the Wikimedia Phabricator instance, or
the Integration (Jenkins) Server.
An example files is referenced below.
<CSA: url removed>
I am a junior security researcher searching for an entry level security
position, so if you know of someone who may be hiring, or are hiring for a
security position, feel free to reply and ask for my resume.
Kind Regards,
Joshua S. Wilson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/engineering/attachments/20170615/7a2a8100/attachment.html>
More information about the Engineering
mailing list