In the last two years, Wikia has had at least 4 major security breaches; and those are just the ones that we, the users, know about. Because of these incidents, Wikia has finally started giving a crap about security. There have been some major improvements. However, security is still significantly lacking here on Wikia. Many issues still exist.
Of the MANY security issues that still exist, here are my personal favorites:
- HTTPS is still not supported, despite being in alleged development for years.
- The code audits are not properly performed. I have seen insecure code pass.
- Files are not scanned when uploaded, despite the possibility of a malicious payload.
- Policy is inconsistently enforced.
- External resources are loaded over insecure means, when…
As many of you are already aware, Wikia is disabling verbatim for a handful of cases: mainly for loading .js pages, and for a few other situations. However, I bring ugly news. This is just phase one. Wikia is planning on removing Verbatim entirely. As many of you know, this will mean migrating a lot of code. Some features will be impossible to port. This plan was revealed to me by a staff member who emailed me. Here are the emails:
- Tim Quievryn, Sep 18, 2:56 AM:
- Hello Deadcoder,
- Thanks for contacting Wikia.
- Since the JS restriction was put in place, it does seem as though we have had some wonkiness with Verbatim sometimes failing to load. However, I'm going to level with you - we are removing Verbatim from our servers in the next few weeks. We…
Hello, I'm Deadcoder. Most of you know me for my work and episode review blog on the Code Lyoko Wiki. But today, I'm blogging about a serious matter that's important to every Wikia user, from anon accounts to Wikia staff, to everyone in between: Security. In this post, I'll post 3 additional security tips that you can follow to make your communities safer. If you want more tips, read this post: User blog:Deadcoder/5 Security and Safety Tips For Wikia Users.
0. Have a wiki security policy. This rule is for Wiki leaders. As a leader of your community, you have a duty to ensure the well being of your community, and part of this is protecting user safety. With that in mind, you should have established policies to protect users in your wiki. You…Read more >
Hello, I'm Deadcoder. Most of you know me for my work and episode review blog on the Code Lyoko Wiki. But today, I'm blogging about a serious matter that's important to every Wikia user, from anon accounts to Wikia staff, to everyone in between: Security. In this post, I'll post 5 security tips that you can follow to make your communities safer.
0: Use HTTPS whenever possible. Most links that go somewhere other than the same website start with a set of letters, followed by a colon and two slashes, such as "http://", "https://", or "ftp://". This is the Protocol of the link. Whenever possible, use https instead of http. The difference with https is that the transmission is encrypted and authenticated. This means that third party scum "NSA" h…Read more >