Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Privacy The Internet

Wikipedia Leaks Some Users' Passwords 238

Posted by Zonk from the not-a-good-trend dept.
JJ Budion writes "If you've signed up for an account on Wikipedia.org, you may want to check this page to make sure you're not on there. It seems certain users with identical password hashes can find other user names with the same password, and Wikipedia (despite being alerted) has done nothing about the problem for the last year. A good (although slightly inflammatory) description of the problem can be found here. This is probably a good occasion to remember to use strong passwords (apparently only users with common passwords, like dictionary words, are affected)."
This discussion has been archived. No new comments can be posted.

Wikipedia Leaks Some Users' Passwords More

Wikipedia Leaks Some Users' Passwords

Comments Filter:

  • A few points (Score:5, Interesting)

    by daveschroeder ( 516195 ) * on Tuesday May 31, 2005 @02:53PM (#12686446)
    To be clear, this isn't a case of Wikipedia "leaking" passwords or allowing some kind of exploit via technical means; this is Tim Starling deciding to specifically and literally publish a list of usernames that share the same password, ostensibly for the purpose of revealing trolls and flooders with multiple accounts.

    From the looks of a few of the lists (RickK, RíckK, RìckK, RiÄkK, RïckK, RiÄkK; Mäximus Rex, Maximus Rex, MaximusRex; JíangSlumDawg, JiangFlungDung; LlortTheehtTroll, LlörtTheehtTröll; The Two Trolls,The Fellowship of the Troll,The Return of the Troll,The Trolls of Navarone,Troll Silent, Troll Deep,The Trolling Stones, RangelaND Visa CONtroll), it would appear that some of these are indeed obvious duplicate accounts (whether or not they're "trolls" is, I imagine, beside the point).

    But it seems that he also caught a bunch of innocent folks who just happen to share the same password, not beyond the realm of comprehension for a password used for an "online" non-financial, non-critical site on a service with thousands of users. The submission makes it seem like Wikipedia knew about some kind of "exploit" and did nothing; rather, it seems like Wikipedia is content to let potential, and indeed confirmed in one case as admitted on the page [wikipedia.org], abuse of innocent users' privacy continue in the name of exposing possible (admittedly annoying) trolls. (That's my own take on the situation, anyway.)

    Interestingly, Wikimedia's (draft?) Privacy Policy [wikimedia.org] says:

    Many aspects of the Wikimedia projects community interactions depend on the reputation and respect that is built up through a history of valued contributions. User passwords are the only guarantee of the integrity of a user's edit history. All users are encouraged to select strong passwords and to never share them. No one shall knowingly expose the password of another user to public release either directly or indirectly.

    It appears that, in this case, Wikimedia itself is implicitly "knowingly" releasing passwords to the public. One of the many problems with a community site for which there is no central responsible authority. Anyone who hasn't yet would do themselves well to read the summary of the issue [slashdot.org] linked in the submission.
    • If you had bothered to check your facts, you would see that Tim Starling's list was made last July, well before the privacy policy was written. Also, the impetus for him doing this was to catch one particularly troublesome user who was known to use sockpuppets accounts like this all the time.
      • 1. The fact that the list was made prior is irrelevant, because as soon as any privacy policy containing that excerpt regarding passwords was even marginally in effect, an egregious violation of said policy should be remedied. Are you telling me that every continuing violation of the privacy policy should be allowed to continue, simply because it existed before the privacy policy...?

        2. I know exactly what the impetus was, as I stated specifically numerous times in my post. That still doesn't excuse overly
        • "That still doesn't excuse overly broad and public dragnets that will invariably catch some innocent people at the same time."

          Would you care to identify a single innnocent person caught up in this? I thought not. I'll let you get back to your baseless inflammatory ranting now.
          • If you have no problem with Wiki{p,m}edia violating its own privacy policy, regardless of when it was created, and regardless whether the users are trolls/sockpuppets, etc., knock yourself out.
            • Please show me where in the privacy policy it says that it was meant to be retroactive. The policy *does* say that: Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers If this policy had existed in July when Tim made this list, things would have been much different. The list would, in all liklihood, have been sent to the ar
              • The discussion is academic at this point, but most reasonable people would likely agree that ongoing violations of privacy policy should not get "grandfathered in", as it were, when a privacy policy goes into effect or changes. Sure, you can't change the past, but this isn't the past: this is the present, and the page, which itself is the manifestation of the privacy violation, still exists. If anything, it would be a responsible statement on the part of Wikimedia to remove the page, in light of the privacy
              • Further, from here [wikipedia.org]:

                Also, I did some quick checks, and it appears there are some non-trolls on the list, e.g. User:Perrak.--Eloquence* 19:28, May 31, 2005 (UTC)

                Given that you've found at least one non-troll on the list, I think the privacy concerns mentioned on Slashdot have been well validated. It's not just theoretical, it's real. I'm just astonished to find out that something like this happened here, and I'm more than a little bothered by the fact that everyone seems to keep apologizing for this danger
                • If you retroactively apply the privacy policy (which makes no mention of being retroactive), AND you ignore the fact that this user left before the policy was even formulated, then one user (out of 109) might have had his privacy violated by telling everybody his hash matched another user's. And this merits a slashdot front-page story?
                  • Again, I don't think that a privacy policy needs to specifically state anything about being retroactive in order to apply to potentially ongoing violations the policy in its current form, even if you argue that it's old information, that it happened before the privacy policy, etc.

                    Front page slashdot story? No, definitely not. ;-)

                  • And this merits a slashdot front-page story?

                    Not to mention a couple of hundred comments from trolls saying, "See? I told you Wikipedia would never work! They need to make a lot of changes if they want to be considered professional. I'm so snooty I could never contribute to a project like this!

                    It's a slashdot tradition, now.

    • this is Tim Starling deciding to specifically and literally publish a list of usernames that share the same password, ostensibly for the purpose of revealing trolls and flooders with multiple accounts.

      No, it's a developer using an "ends justifies the means" argument to catch sock puppet accounts created by people too stupid to assign them unique passwords.

      Unfortunately, he didn't think "gee, this might catch some legitimate users off guard", and as a side effect, we see that Wikipedia developers didn't

  • Well, good for me! (Score:5, Funny)

    by TheRealMindChild ( 743925 ) on Tuesday May 31, 2005 @02:54PM (#12686454) Homepage Journal
    I guess it is a good thing that I use "TheCowJumpedOverMyMotherInLaw" as my password... no one will ever figure that one out
    • The key thing about making strong passwords that they do (but don't explicitly state) is that acronym passwords with occasional letter substitution are very strong, and easy to remember. They took the letter substitution to an extreme (and thus making it harder to remember as well), but the key is that acronyms are mostly random (they're letter and capitalization weighted, and don't usually contain numbers/symbols, but they're overall quite good compared to other types of easily rememberable passwords).

      Ju
    • You're right!
      "TheCowJumpedOntoMyMotherInLawAndCrushedHe r" seems to be a more popular password.
    • Thank goodness for me that I use "MyMotherInLawJumpedOverTheMoon" on my account...
  • Please make yourself a new account or two. Seriously, the rather inflammatory summary didn't tip off the on-duty editor that this might not be that big a deal? 100 names out of how many? Gimmie a break.

    Additionally, every single post I've seen associated with this looks like someone just looking to drum up trouble for Wikipedia. Look at the list, and you'll notice that a lot of them, yes, are copies. And if they're not copies, you should have used a better password anyways, there's not even numbers in those... On top of that, the developer in charge of that little page seems like quite a decent fellow.

    Shame to you for not editing that summary a bit.
    • If you don't like the summary bit, go ahead and edit it. Oh wait...
    • you should have used a better password anyways, there's not even numbers in those...

      Those aren't passwords. Wikipedia hashes the passwords. The titles are the name of one user in each group. The summary's assertion about strong passwords is irrelevant; the only thing they compared was the password hashes.
      • mod parent up, he's right.

        Just get this into your head: no passwords have been leaked! If two of the accounts in each section where not created by the same person, then the password would be compromized (the other person would know it's the same as his/her own). But that's the only problem.

        My guess would be that this would be true for at most two pairs of accounts on that page. Bit probably, none at all.
        • then the password would be compromized (the other person would know it's the same as his/her own).

          ... and, as these are passwords were singled out because at least one of the accounts was used for vandalism, chances are that the "other person" is the kind of person who you really don't want to knowingly share a password with.

          My guess would be that this would be true for at most two pairs of accounts on that page. Bit probably, none at all.

          All depends on how smart/mischievous the vandals were. If the

  • Wiki-passwords? (Score:5, Funny)

    by pianorain ( 888377 ) on Tuesday May 31, 2005 @02:56PM (#12686473)
    Bah...you mean that I can't edit other people's passwords too?

  • I've said it before (Score:2, Funny)

    by Anonymous Coward
    and I'll say hit again, hotgrits is not a safe password

  • "News"? (Score:5, Informative)

    by TripMaster Monkey ( 862126 ) * on Tuesday May 31, 2005 @02:57PM (#12686480)

    Um...didn't this happen like a year ago?
    • Yes, but K5 had a story in the queue [kuro5hin.org] (warning, may go away) yesterday so some /. whore had to post an executive review for the masses.

      Cheers,
      -- RLJ

      • Of course, the K5 story was probably inspired by the Slashdot comment posted on May 29th which the story links to. Or maybe some Slashdot reader submitted the story after reading the comment.

  • Shame on Wiki (Score:4, Insightful)

    by goldspider ( 445116 ) on Tuesday May 31, 2005 @02:57PM (#12686482) Homepage
    If they're going to succeed in portraying Wikipedia as a mature, reliable alternative to traditional encyclopedias, then they aught to make damned sure that their ducks are in a row. Their disregard of customer concerns is a shameful.

    If, in the long-term, Wikipedia's image is tarnished by this, it is well-deserved.

  • the two guys (Score:5, Funny)

    by Anonymous Coward on Tuesday May 31, 2005 @02:58PM (#12686487)
    the two guys with "Ilovetehfatchicks" as their password who showed up on each others list are just looking at each other right now. They know the other guy knows, but nobody else does, so the uncomfortable, pregnant, silence continues.

  • ...To "tr0ll" I guess.
  • Cue the spaceballs references ...

  • Passwords... (Score:2, Funny)

    by aicrules ( 819392 )
    Perhaps they should try this:

    http://en.wikipedia.org/wiki/Password_policy [wikipedia.org]

    to try to avoid this:

    http://en.wikipedia.org/wiki/Password_cracking [wikipedia.org]

  • 40 years of UNIX (Score:5, Insightful)

    by Jeffrey Baker ( 6191 ) on Tuesday May 31, 2005 @02:58PM (#12686496)
    Salt, anyone?
    • I think I'm too young to get this reference. Anyone care to englighten me?
      • When creating a hash it is often a good idea to add a little random data (ie. salt) to the input so that people can't infer a correct passwd simply by comparing hashes, as happened in this Wikipedia case. There's no need to add salt in all cases of hashing but it's a good idea when dealing with sensitive information.

        In case anyone's wondering, you obviously need to store the salt somewhere but it's of no use unless you know the original password to add it to. In other words, reversing the hash with the sal

      • Re:40 years of UNIX (Score:2, Informative)

        by odsign ( 535843 )
        In a non-bonehead password scheme, user passwords are stored after running them through a one-way hash function. A quantity of random data can be added to the password before hashing, to prevent identical passwords from producing the same hash, thus revealing the fact that they are identical. This is called a salt, and can be left out in the open. To check a password, you put the entered password and the unprotected salt together, hash them, and check the value against that stored.
    • Forget the LONG-WINDED tales of "salt". It's like this: You cook up something good, and to tweek it just the right about, you add a pinch of SALT. Think about it.

  • Doesn't know diddly about hashing (Score:5, Informative)

    by fuzzy12345 ( 745891 ) on Tuesday May 31, 2005 @02:59PM (#12686503)
    Anyone who thinks its a hash collision problem, but that only people with 'weak' passwords will be affected doesn't understand hashing.

    Anyone who, in this day and age, writes a system whereby two users assign themselves the same password and end up with the same hashed password ought to be shot. Add a little SALT!

  • I really believe this is an abuse of privileges, or a gross security oversite by Tim Starling. Knowing this information, I could likely gain access to these users' accounts on other, completely unrelated systems. Suppose I was on one of those lists (I'm not). Immediately, I know the password of everyone in my group. Now, suppose I start searching other sites, like /. for those usernames. Think they might use the same password on two different systems?
    • Think they might use the same password on two different systems?

      Not me! You couldn't hack into my account that way! No siree! I always use different passwords for each site that I'm on. That way, even if the site is unscrupulous I have nothing to worry about on the other 500 sites I have accounts on.

      Unfortunately, to remember them all I just use the name of the site as the password for my account.
      • Prefacing your password with the name of the site is nto always a bad idea , for expample Wikipedia100Greenbottlestandingonthetreatmentgroun ds1000metersaway .. that was one of my old paswords(changed a bit) I use things like that to trigger memorys of the password .
        Actualy i use the name of the site at the start then have a song to remember the rest of the password.
    • Suppose I was on one of those lists

      The only way you could be that is if you were a troll who had created multiple sockpuppet accounts.
    • Immediately, I know the password of everyone in my group.

      Big deal. Everyone in each group is the same person. That was the point of the list...to find "sock-puppets," people who create multiple accounts for the purpose of harassing, getting around bans, etc.

      You already presumably know your own password.
      • Big deal. Everyone in each group is the same person

        According to the theory of the person who compiled the list. And there's abolutely no chance -- nuh-uh, none -- that these passwords might be common because they're common words.
    • And then you could use that knowlege to tarnish the reputation of a troll.



      (RTFA to see whose passwords they gave out.)
    • No, you don't know the password, because the password is not written on that page. The password for all those users are unknown, the title for each group is just one of the members of each group. Once again the über-reporting of /. strikes back.
  • "Alright, what are the three most commonly used passwords?"

    "Love, secret, and uh, sex. But not in that order, necessarily, right?"

    "Yeah but don't forget God. System operators love to use God. It's that whole male ego thing."

    Personally, I like to use "Tehl33th4x0rb0y", because it satisfieds the strong password requirement ;)

  • Good thing my password is *********.

    • I use my dog's name as my password. (Score:2, Funny)

      by Anonymous Coward
      I use my dog's name as my password.
      My dog's name is currently "rV4q-p2", but I change it every 90 days.

    • Obligatory bash.org (Score:4, Funny)

      by nganju ( 821034 ) on Tuesday May 31, 2005 @03:45PM (#12686997)
      Cthon98> hey, if you type in your pw, it will show as stars
      Cthon98> ********* see!
      AzureDiamond> hunter2
      AzureDiamond> doesnt look like stars to me
      Cthon98> *******
      Cthon98> thats what I see
      AzureDiamond> oh, really?
      Cthon98> Absolutely
      AzureDiamond> you can go hunter2 my hunter2-ing hunter2
      AzureDiamond> haha, does that look funny to you?
      Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
      AzureDiamond> thats neat, I didnt know IRC did that
      Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
      AzureDiamond> awesome!
      AzureDiamond> wait, how do you know my pw?
      Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
      AzureDiamond> oh, ok.

  • Apparently this is over a year old and is being spun by the article submitter.

  • No passwords leaked (Score:3, Informative)

    by fredrikj ( 629833 ) * on Tuesday May 31, 2005 @03:16PM (#12686681) Homepage
    Quote:

    All the accounts listed on this page have been created solely for the purpose of trolling, and this page was set up to make it easier to determine whether two troll accounts belong to the same person.

    No passwords have been leaked, and the only people affected are trolls.

  • You're missing the point (Score:5, Informative)

    by Geoffreyerffoeg ( 729040 ) on Tuesday May 31, 2005 @03:20PM (#12686727)
    1) Those heading titles aren't the passwords themselves, just one member from the group. The original passwords are encrypted and unknown. These are users with the same hash. Nobody knows if they used a password like "my_pass_word" or like "ar49B!4Nc&&". Password strength is irrelevant. Besides, the developers of any site always have access to your password hashes, since someone needs full read access to the databases.

    2) A quick glance at those lists shows that they're all duplicate ("sock-puppet") accounts, and they're mostly from trolls. If you haven't watched Wikipedia much, you may not know the illustrious story of the sock-puppets, but even seemingly unrelated names (e.g., Lir and Pizza Puzzle) are widely believed to be the same user.

    3) This story is what they call "FUD". If someone finds a valid user's account among these, then tell the user, and say that you found one (you don't have to say who). Until then, since the page appears to be all sock puppets, don't assume that there are innocent civilians caught in the collateral damage. As the page says, "all the accounts listed on this page have been created solely for the purpose of trolling." Only when that claim is disproven does the page become a worry.

    -- User:Geoffrey on Wikipedia
    • 3) This story is what they call "FUD". If someone finds a valid user's account among these, then tell the user, and say that you found one (you don't have to say who). Until then, since the page appears to be all sock puppets, don't assume that there are innocent civilians caught in the collateral damage. As the page says, "all the accounts listed on this page have been created solely for the purpose of trolling." Only when that claim is disproven does the page become a worry.

      Because, y'know, guilty until

    • Re:You're missing the point (Score:4, Insightful)

      by idontgno ( 624372 ) on Tuesday May 31, 2005 @03:45PM (#12686994) Journal
      Those heading titles aren't the passwords themselves, just one member from the group. The original passwords are encrypted and unknown. These are users with the same hash.

      Yes, and as such everyone in the same heading now knows the password for everyone else in the same heading. Given the high likelihood that many of the accounts are trolls, that means if innocent Wikipedian "you" happen to share a password with a troll, that troll knows it now. Lucky you.

      they're mostly from trolls.

      What, only "mostly"? Not a very strong assertion in the face of a potential privacy violation. C'mon, if you're gonna assert that you intend to "out" only the trolls, you need to stick to the story. Admitting that the list is "mostly" trolls is admitting that the list is "partially" innocents. Who have now been screwed.

      As the page says, "all the accounts listed on this page have been created solely for the purpose of trolling."

      Well, then, obviously there's no story. Silly us. The creator of the page says there's no innocents listed, therefore there are no innocents listed.

      In related news, Microsoft Windows is the most secure server OS EVAR!!! MS's Marketing department sed so!

      Only when that claim is disproven does the page become a worry.

      No, in a sane world, the page is a worry until the counterclaim is positively proven: that there are demonstrably no innocent user IDs on the page.

      Until then, I'm gonna watch that page and its automated incarnation (if it occurs) very carefully. I have been a moderately active Wikipedian up until now, but if I'm gonna get carpet-bombed just because I accidentally move in next door to a troll, I'll find someplace else to contribute.

      • What, only "mostly"? Not a very strong assertion in the face of a potential privacy violation. C'mon, if you're gonna assert that you intend to "out" only the trolls, you need to stick to the story. Admitting that the list is "mostly" trolls is admitting that the list is "partially" innocents. Who have now been screwed.

        You say that like it is a bad thing. Did you know that to have someone put to death in the USA there can be doubt as to that persons innocence and they will still fry 'em until they are de

        • The point is that this is Wikipedia, I do not expect my info to be secure,

          That's a bad attitude to take. You might not care whether your account is secure, but you should still expect it to be.

      • Until then, I'm gonna watch that page and its automated incarnation (if it occurs) very carefully.

        I hope you watch carefully enough to discover that there is no automated incarnation, that the page is a year old, and that the developer involved agreed that there were security issues, apologized, and will not do it again.

        After that your watch may get somewhat boring.

  • Strong! (Score:2)

    by fm6 ( 162816 )
    ...apparently only users with common passwords, like dictionary words, are affected...
    Well duh! A strong password is something like "vtu1vjkn" (which I just generated using RoboForm [roboform.com]). Hard to imagine that getting duplicated by accident.

  • This whole story is flamebait (Score:5, Interesting)

    by Raul654 ( 453029 ) on Tuesday May 31, 2005 @03:31PM (#12686828) Homepage
    First, this was not a technical flaw - this was one developer intentionally looking for identical password hashes. Second, this is not news - the page in question was created last July as a one time thing to flush out trolls.

    Why would we publish a list of account with identical passwords? Because certain trolls are known to register multiple accounts with the same password, and use them to troll, vote stuff, and all sorts of other unpleasant activities. Of course, many times, it is not hard to guess who those accounts belong to based on editing habits, but of course the trolls in question will deny it. But being matched by password was a one-time way to shoot through all their lies. This whole story is old, and the summery is horrible biased.

  • YHBT HAND (Score:5, Informative)

    by timstarling ( 736114 ) on Tuesday May 31, 2005 @03:42PM (#12686958) Homepage
    A few other people have said it, but you may as well hear it from the source.

    That was the only time I published such lists. They were constructed by searching the database for password matches with the few most active trolls on Wikipedia at the time. People complained about the possibility that innocent users with weak passwords might have been affected. I conceded the point, apologised, and promised not to do it again. The issue was played up at the time by the trolls who were exposed -- not surprisingly, I wasn't winning any friends in that camp. Those same trolls still whinge about the existence of the page today.

    At the time, some people wanted the page deleted to protect any innocent people who might have been listed. The majority wanted the page kept as evidence against the trolls. I had no opinion either way, and so let the page remain in accordance with community wishes.

    Nobody has ever identified a non-troll account on that page. No innocent person has complained to me that they were affected. None of the accounts (aside from the known troll accounts) had any identifying information associated with them.
    • Way to stick to your guns dude. You have to be pragmatic in situations like these, and I think you did the right thing. This whole article should be modded -1 flamebait.
  • The page of troll names has been around July of last year [wikipedia.org], and according to the author, is a careful collection of verified troll usernames. The passwords are NOT leaked. The user has simply created a page to collect verified troll accounts (using password hash matches, among other tools). Odds are that the person submitting this to Slashdot and K5 was one of the trolls, themselves. Ha, and Slashdot fell for it! Major troll victory.

    Repeat, the passwords were not leaked... But, if my Wikipedia password is l

  • Tempest in a teapot (Score:5, Informative)

    by Eloquence ( 144160 ) on Tuesday May 31, 2005 @03:47PM (#12687012)
    The gist of the story, which refers to an event from July 2004 (many of the users in question have since left), is correct: there may be legitimate accounts on this list of 109 account names. However, about 90% of them are from identified and well-known trolls and problem users. It's important to know that it's relatively easy for us to block a user, but it's also relatively easy for that user to come back under a new name, especially if they use dynamic IP addresses. Many trolls also like to impersonate others (many of the listed accounts are obvious impersonations of famous Wikipedians).

    Unfortunately, Tim at the time didn't run a password checker against the hashes, which could have thrown weak passwords out of the list and thereby prevented legitimate accounts from being included with reasonable effectiveness.

    The submitter clearly has an axe to grind (and may well be identical to the comment poster). No similar lookup has taken place since July 2004, so this story is a tempest in a teapot.

    I would agree with the criticism in one regard: The decision not to delete the page was mistaken. One problem was that the deletion request came from a troll, which made a lot of people vote to keep the page "by default." The other problem is that the technical arguments to delete the page came in too late to make a difference.

    In any case, as noted, this was months ago, has not been repeated since then, and any non-troll among the listed accounts can simply change their password. We're not talking about credit card data here, anyway -- creating a Wikipedia account takes 20 seconds and doesn't even require a valid email address. All that it contains are a bunch of user preferences.

  • is easy; salt your hashes.

    For each user, generate a string of bits that is at least your cipher block length (160 bits for SHA1, IIRC)... save that string (cleartext) to the user profile. Then when you hash the password, add the "salt" to the end.

    password + salt will always hash to the same value. And no two users with the same password will have the same hash. Problem solved.

  • Two lessons here: (Score:3, Insightful)

    by callipygian-showsyst ( 631222 ) on Tuesday May 31, 2005 @03:59PM (#12687143) Homepage
    1. You should never have a password appear in a publically readable "hash" or URL parameter, even if it's one-way encrypted

    2. You should NEVER use a password for a site that's the same as an important password

    I tend to have three tiers of password:

    1. "junk" passwords for non-critical sites (like /. or nytimes registration) that don't really matter

    2. secure passwords for web-based email, etc, that I wouldn't want getting out

    3. High-security passwords for banking, etc (these are different for each site, and I write them down and keep the list in my safe.)

  • An Outrage! (Score:2, Insightful)

    by Anonymous Coward
    That worthless Microsoft..., wait I mean switch to Lin..., I mean stupid DMCA lawyer...oh nevermind, someone that we all like is at fault, we'll ignore it.

  • Wow! (Score:2)

    by nagora ( 177841 )
    Single least important security breach EVER!

    Imagine: there's some chance that someone could use this to reduce the reliability of data on Wikipedia! The horror, the horror...

    TWW

Slashdot Top Deals

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Close