CCC discusses security, part 2: it's good in theory

  • Steve Jobs: Does anyone have any other ideas on potential security tools?
  • Steve Jobs: @Fisher price, do you think this is a good idea?
  • Skepticism: have you asked staff about this?
  • Steve Jobs: No.
  • Fisher price: The thing about the image security tool is that you could design a script to scan the image and return something like safe/unsafe, but somebody could also modify it to return ALL data from the image, including source, server, etc. which could possibly lead to another export
  • Steve Jobs: It would be a userscript.
  • Fisher price: Exploit**
  • Steve Jobs: No staff permission needed, aside from edit evaluations.
  • Fisher price: I think it's good in theory, but some logistics still need straightening out
  • Steve Jobs: yay
  • Skepticism: so would that be restricted in use to admins or anyone?
  • Steve Jobs: anyone who is not staff.
  • Skepticism: you won't let staff use it?
  • Steve Jobs: Staff would be restricted, but that's a licensing issue.
  • Steve Jobs: VirusTotal has restrictions on commercial use.
  • Steve Jobs: But regular users would be fine.
  • Fisher price: How would you prevent anybody from getting any info besides safe/unsafe?
  • Steve Jobs: We'd be relying on the security of the MediaWiki system.
  • Steve Jobs: Which is admittedly crap.

CCC discusses security, part 1: PNG viruses

  • ~ Steve Jobs has joined the chat ~
  • Steve Jobs: helloz
  • Steve Jobs: I had a random idea//
  • Steve Jobs: We've had several security breaches over the last few years, here on Wikia.
  • Skepticism: what 2 factor?
  • Steve Jobs: With that in mind, I have an idea: let's make some community security tools.
  • Skepticism: enjoy waiting on rappy to approve those
  • Fisher price: Community security tools? Fun
  • Steve Jobs: Does anybody think it would be a good idea?
  • Skepticism: so how viable is that?
  • Steve Jobs: pretty viable.
  • Fisher price: What are some ideas for these tools? What would they be, exactly? @Steve Jobs
  • Steve Jobs: I actually have an idea for one.
  • Steve Jobs: The first idea is a tool for Special:Upload and Files.
  • Steve Jobs: We'd make a community tool that plugs into the VirusTotal API, and
  • Steve Jobs: let's a user scan any file they find suspicious.
  • Skepticism: idk how that would get past js review
  • Steve Jobs: The same way other stuff does.
  • Fisher price: Though, couldn't that be abused to find vulnerabilities?
  • Steve Jobs: We edit, submit, and complain about the delay.
  • Steve Jobs: Umm, how would that be abused?
  • Steve Jobs: It's literally nothing more than running a virus scanner on some stuff that's already available to the user.
  • Fisher price: You were talking about scanning a file on Wikia for threats, right?
  • Steve Jobs: yes
  • Steve Jobs: public files.
  • Sassy ass mod: yall know you can't get viruses from .pngs right
  • Steve Jobs: Umm
  • Steve Jobs: Actually, you can.
  • Steve Jobs: It's easier with JPG, but PNGs can have malware payloads.
  • Fisher price: There could easily be somebody to create another script to not return not just a safe/unsafe message, but all the image, source, etc info
  • Steve Jobs: It would only detect some of the potential malware, but I think it's a good idea as a proof of concept.
  • Sassy ass mod: ok honey
  • Fisher price: Which a script could then be developed to exploit such data found
  • Steve Jobs: We'd only be running the script on files that are public anyway.
  • Fisher price: Leading to another breach via .png, ironically
  • Skepticism: ^
  • Steve Jobs: Like this one: http://codelyoko.wikia.com/wiki/File:Fighter_Jet.jpg

VERY IMPORTANT BREAKING NEWS!

  • Ron Burgundy: VERY IMPORTANT BREAKING NEWS!
  • Captain lucidity: No.
  • Ron Burgundy: Captain, I am serious
  • Ron Burgundy: This is important
  • Captain lucidity: You are not.
  • Ron Burgundy: On polandball wiki,
  • Ron Burgundy: There is korean.
  • Captain lucidity: Okay??
  • Ron Burgundy: It is impossible to translate
  • Captain lucidity: Google, bro.
  • Mod: http://translate.google.com
  • Korean translator: im on the case
  • Ron Burgundy: Yeah but it doesnt work there
  • Korean translator: what page is it?
  • Korean translator: im gonna try and to translate it
  • Ron Burgundy: ''위대한! 김정은동지ㄷㅜㅇ!''
  • "Korean" translator: '' Great! C ㅜㅇ Comrade Kim Jong-un! '
  • Ron Burgundy: That dialect is north korean
  • Ron Burgundy: CTO?
  • "Korean" translator: yeah
  • Ron Burgundy: We need to know what it means?
  • Ron Burgundy: Is it an equivalent to Long Live?
  • Mod: https://translate.google.com/#auto/en/''%EC%9C%84%EB%8C%80%ED%95%9C!%20%EA%B9%80%EC%A0%95%EC%9D%80%EB%8F%99%EC%A7%80%E3%84%B7%E3%85%9C%E3%85%87!''
  • Ron Burgundy: ''Long Live the great comrade Kim Jong Un!''?
  • "Korean" "translator": yeah thats what he is saying
  • "Korean" "translator": he maybe trolling
  • Mod: it's not the end of the world guys
  • Ron Burgundy: ''great! Comrade Kim Jong Un end! ''
  • Mod: it's not like kim jong un is going to declare war on america through polandball wiki
  • Pyongyang: Hey Mod you don't know that
  • Pyongyang: Kim Jong Un is pretty crafty
  • Mod: kim jong un is not particularly crafty
  • "Pyongyang": Okay maybe not
  • Disgusted: ew Kim Jong un
  • Disgusted: Kim Jong un is a Gay ass (donkey)
  • Mod: look no one is a fan of kim jong un but can we avoid calling him a gay ass