Aug 10, 2010

OMG we have been hacked. OH: Not really

Today, some people on the internet discovered the properties of a wiki: editing pages. Just like the Chaos Communication Conference (CCC) and other similar conferences, we deployed a wiki so that users could actively contribute to the conference. Schedule workshops, share traveltips, help us make wallpapers and upload them etc... etc...

Although critical pages are locked down, a lot of pages can be used by our volunteers and visitors. That's the nature of a wiki and the purpose is to be interactive with the community. The downside is that sometimes people misinterpret this as the possibility to do evil and vandalism. Like @securityshell discovered today.

Yes, although we have quite good antibot protection, we are not protected against these kind of people. We could lock the wiki further down, but that is against the open nature of our wiki. It only wastes the time of our wikiadmin who is a volunteer by itself with a real full-time job and hobbies.

Making text insertions and putting iframe code in it (which displays as normal text) and doesn't work and taking screenshots of it on your blog, claiming our website contains malware, well, is not much proof at all. If you know anything about mediawiki is that you can't insert code like that. Above all, it's a total waste of time, of you, of us. We can assure you, no harm was done except wasting the time of our wikiadmin to undo some wiki vandalism. We would hate it to make the wiki less accessible. Go to wikipedia, the 26C3 or the 27C3 wiki soon and have fun there as well. It won't make you a lot of friends in the community. So please stop.

Best Regards
The sysadmin

1 comment:

  1. I hope da d3v1l will participate and share some more of his 31337 zero days.