Page MenuHomePhabricator

Jcross (Jennifer Cross)
Project Manager

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Jul 1 2019, 6:26 PM (23 w, 1 d)
Availability
Available
IRC Nick
jencross
LDAP User
Unknown
MediaWiki User
JCross (WMF) [ Global Accounts ]

Recent Activity

Mon, Dec 9

Jcross added a comment to T239940: Security review of OAuth 2.0 patches.

Hi @CCicalese_WMF - can you please let us know if this is the only patch set you'd like us to look at? https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/OAuth/+/550847/

Mon, Dec 9, 4:28 PM · MediaWiki-extensions-OAuth, Security-Team-Reviews, CPT Initiatives (OAuth 2.0)
Jcross added a comment to T240010: Security Review For Wikipedia Previews.

Hi @SBisson - can you please let us know what your target deployment date is?

Mon, Dec 9, 4:18 PM · Inuka-Team, Security-Team-Reviews

Wed, Nov 20

Jcross closed T227726: Security review of preact 8.4.2, a subtask of T225577: Audit component library for MobileFrontend's security, as Declined.
Wed, Nov 20, 5:25 PM · Readers-Web-Backlog (Tracking), MobileFrontend (MobileFrontend and MinervaNeue architecture), Technical-Debt
Jcross closed T227726: Security review of preact 8.4.2 as Declined.

We are waiting decisions from the Frontend working group and declining until the direction being taken is more clear.

Wed, Nov 20, 5:25 PM · Readers-Web-Backlog (Tracking), Security-Team-Reviews

Mon, Nov 18

Jcross closed T238268: How to best contact the WMF Security team? as Resolved.

Happy @sbassett could help, and as he mentioned we'll be adding more and refining in the near future. Cheers :)

Mon, Nov 18, 5:54 PM · Security-Team

Nov 4 2019

Jcross created T237321: New subtask #2 for Chase.
Nov 4 2019, 9:05 PM · Security-Team
Jcross created T237320: New Subtask #1 for Chase.
Nov 4 2019, 9:05 PM · Security-Team

Oct 29 2019

Jcross added a comment to T235720: Security concept review for newcomer tasks on Special:Homepage.

Excellent news @JTannerWMF - James is on it and we should have an update for you soon.

Oct 29 2019, 9:32 PM · Privacy, Growth-Team (Current Sprint), GrowthExperiments-Homepage, Security-Team-Reviews

Oct 28 2019

Jcross added a comment to T235720: Security concept review for newcomer tasks on Special:Homepage.

Hi @JTannerWMF - we've taken a look at this and once WMF-Legal has wrapped up their review we should only need a few days at most.

Oct 28 2019, 5:34 PM · Privacy, Growth-Team (Current Sprint), GrowthExperiments-Homepage, Security-Team-Reviews

Oct 25 2019

Jcross added a comment to T235720: Security concept review for newcomer tasks on Special:Homepage.

Hi @JTannerWMF, @sbassett beat me to the punch! We'll make a point of reviewing on Monday at our triage meeting and I'll be sure to touch base with you when we know what our timeline will look like.

Oct 25 2019, 9:25 PM · Privacy, Growth-Team (Current Sprint), GrowthExperiments-Homepage, Security-Team-Reviews

Oct 21 2019

Jcross moved T208188: RFC: Partial opt-out method for Content security policy from In Progress to Incoming on the Security-Team board.
Oct 21 2019, 7:10 PM · ContentSecurityPolicy, TechCom-RFC, TechCom, Security-Team, Security

Oct 15 2019

Jcross triaged T235309: Assess the possibility of data release from a public health related research conducted by WMF and formal collaborators as Medium priority.
Oct 15 2019, 5:38 PM · Privacy, WMF-Legal, Security-Team, Data-release
Jcross assigned T235309: Assess the possibility of data release from a public health related research conducted by WMF and formal collaborators to JFishback_WMF.
Oct 15 2019, 5:05 PM · Privacy, WMF-Legal, Security-Team, Data-release
Jcross triaged T234987: Increase pbkdf2 parameter strengths (2019) as Low priority.
Oct 15 2019, 5:04 PM · Wikimedia-Site-requests, MediaWiki-Authentication-and-authorization, Security-Team, Security

Oct 4 2019

Jcross triaged T143969: Unable to mirror repository from git.legoktm.com into diffusion as Medium priority.
Oct 4 2019, 4:59 PM · cloud-services-team (Kanban), Security-Team, Striker, Phabricator
Jcross moved T143969: Unable to mirror repository from git.legoktm.com into diffusion from Incoming to Watching on the Security-Team board.
Oct 4 2019, 4:59 PM · cloud-services-team (Kanban), Security-Team, Striker, Phabricator
Jcross added a comment to T133735: Formalize procedures for doing security releases of MediaWiki extensions.

As an initial approach to get better visibility around security issues for bundled and deployed extensions, we plan to send this supplementary announcement: https://phabricator.wikimedia.org/T232113

Oct 4 2019, 4:57 PM · Documentation, Security-Team
Jcross triaged T133735: Formalize procedures for doing security releases of MediaWiki extensions as Medium priority.
Oct 4 2019, 4:52 PM · Documentation, Security-Team
Jcross triaged T217123: Add tests/CI to wikimedia/security/puppet as Lowest priority.
Oct 4 2019, 4:51 PM · Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO, Security-Team, Continuous-Integration-Config
Jcross moved T217123: Add tests/CI to wikimedia/security/puppet from Incoming to Watching on the Security-Team board.
Oct 4 2019, 4:51 PM · Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO, Security-Team, Continuous-Integration-Config
Jcross added a comment to T217123: Add tests/CI to wikimedia/security/puppet.

There is nothing in the repo and we do not know what plans Chase had / has for this. We will move to our "watching" column for the time being.

Oct 4 2019, 4:51 PM · Release-Engineering-Team (CI & Testing services), Release-Engineering-Team-TODO, Security-Team, Continuous-Integration-Config
Jcross triaged T214378: Check simple format constraints (no grouping) in PHP instead of SPARQL as Medium priority.
Oct 4 2019, 4:45 PM · Security-Team, Wikidata-Campsite, Wikibase-Quality-Constraints, Wikidata
Jcross triaged T150902: SMS based 2FA as Low priority.
Oct 4 2019, 4:42 PM · Security-Team
Jcross moved T150902: SMS based 2FA from Incoming to Watching on the Security-Team board.
Oct 4 2019, 4:42 PM · Security-Team
Jcross triaged T217351: Require original source file(s) to be committed with minified files as Medium priority.
Oct 4 2019, 4:40 PM · JavaScript, Security-Team, Security
Jcross moved T218618: Consider disabling Chrome Lite pages for Wikipedia on Chrome on mobile with Cache-Control: no-transform from Watching to Incoming on the Security-Team board.
Oct 4 2019, 4:38 PM · Performance-Team (Radar), WMF-Legal, Security-Team, Privacy
Jcross triaged T218618: Consider disabling Chrome Lite pages for Wikipedia on Chrome on mobile with Cache-Control: no-transform as Medium priority.
Oct 4 2019, 4:38 PM · Performance-Team (Radar), WMF-Legal, Security-Team, Privacy
Jcross moved T218618: Consider disabling Chrome Lite pages for Wikipedia on Chrome on mobile with Cache-Control: no-transform from Incoming to Watching on the Security-Team board.
Oct 4 2019, 4:38 PM · Performance-Team (Radar), WMF-Legal, Security-Team, Privacy
Jcross added a comment to T231954: Increase session length for OTRS ticket system.

Upon review, Security Team is untagging as we will not be working on this ticket.

Oct 4 2019, 4:34 PM · OTRS
Jcross removed a project from T231954: Increase session length for OTRS ticket system: Security-Team.
Oct 4 2019, 4:34 PM · OTRS
Jcross triaged T221887: Ignore css in displaytitle when $wgRestrictDisplayTitle is enabled as Medium priority.
Oct 4 2019, 4:32 PM · Security-Team, User-notice, Patch-For-Review, MediaWiki-Parser
Jcross moved T221887: Ignore css in displaytitle when $wgRestrictDisplayTitle is enabled from Incoming to Watching on the Security-Team board.
Oct 4 2019, 4:32 PM · Security-Team, User-notice, Patch-For-Review, MediaWiki-Parser
Jcross added a comment to T224445: Permit hidden attribute in Sanitizer.

Upon review, Security Team is untagging as we will not be working on this ticket.

Oct 4 2019, 4:22 PM · MediaWiki-Parser
Jcross removed a project from T224445: Permit hidden attribute in Sanitizer: Security-Team.
Oct 4 2019, 4:21 PM · MediaWiki-Parser
Jcross moved T227242: Deploy WebAuthn to Wikimedia Wikis from In Progress to Watching on the Security-Team board.
Oct 4 2019, 4:20 PM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Wikimedia-Extension-setup, Wikimedia-extension-review-queue, Release-Engineering-Team (Deployment services), Security-Team, Wikimedia-Site-requests
Jcross moved T227242: Deploy WebAuthn to Wikimedia Wikis from Incoming to In Progress on the Security-Team board.
Oct 4 2019, 4:17 PM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Wikimedia-Extension-setup, Wikimedia-extension-review-queue, Release-Engineering-Team (Deployment services), Security-Team, Wikimedia-Site-requests
Jcross triaged T227242: Deploy WebAuthn to Wikimedia Wikis as Medium priority.
Oct 4 2019, 4:17 PM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Wikimedia-Extension-setup, Wikimedia-extension-review-queue, Release-Engineering-Team (Deployment services), Security-Team, Wikimedia-Site-requests
Jcross added a comment to T227824: Feedback/comment on LibUp 2.0 plans/architecture/changes.

Security Team has reviewed and is untagging to remove from team backlog as we will not be actively working on the ticket. This was reviewed in a Concept Review: https://phabricator.wikimedia.org/T227820

Oct 4 2019, 4:15 PM · LibUp
Jcross removed a project from T227824: Feedback/comment on LibUp 2.0 plans/architecture/changes: Security-Team.
Oct 4 2019, 4:14 PM · LibUp

Sep 24 2019

Jcross closed T150605: Publish an analysis of the OurMine hack as Resolved.

Due to the explanation in T150605#4580720, the Security Team is resolving this task.

Sep 24 2019, 3:08 PM · Security-Team, Wikimedia-Incident
Jcross added a project to T150605: Publish an analysis of the OurMine hack: Security-Team.
Sep 24 2019, 3:07 PM · Security-Team, Wikimedia-Incident

Sep 23 2019

Jcross added a comment to T150605: Publish an analysis of the OurMine hack.

@Aklapper - as I said in my comment above, we were clearly mistaken. We are happy to perform any work that is needed.

Sep 23 2019, 10:57 PM · Security-Team, Wikimedia-Incident
Jcross added a comment to T218956: Should we deploy sshguard on external IP addresses?.

Hi everyone,

Sep 23 2019, 10:23 PM · User-crusnov
Jcross added a comment to T150605: Publish an analysis of the OurMine hack.

Hi @Aklapper - apologies for any confusion. In a team meeting where we were working on cleaning up our workboard, we made the (apparently erroneous) assumption that this ticket had already been addressed and was no longer being worked on. If you could please let me know what additional actions are needed on this ticket I would be happy to keep things moving forward.

Sep 23 2019, 10:21 PM · Security-Team, Wikimedia-Incident
Jcross moved T221272: Expose new ipblocks.ipb_sitewide column to the replicas from Incoming to Our Part Is Done on the Security-Team board.
Sep 23 2019, 4:56 PM · cloud-services-team (Kanban), Data-Services, Security-Team, Anti-Harassment
Jcross moved T213088: Security Credentialing Efforts from Incoming to Our Part Is Done on the Security-Team board.
Sep 23 2019, 4:56 PM · Security-Team, Epic
Jcross moved T230796: Deploy countermeasures to stop ongoing spambot attack at es.wikiquote 2019-08-20 [public task] from Incoming to Our Part Is Done on the Security-Team board.
Sep 23 2019, 4:56 PM · User-MarcoAurelio, Wikimedia-General-or-Unknown, Security-Team, Security
Jcross moved T232353: Remove mmarble from wmf LDAP group from Incoming to Our Part Is Done on the Security-Team board.
Sep 23 2019, 4:56 PM · Security-Team, LDAP-Access-Requests
Jcross moved T233516: password too short should nag only once and then remember from Incoming to Our Part Is Done on the Security-Team board.
Sep 23 2019, 4:54 PM · Security-Team, MediaWiki-User-login-and-signup
Jcross closed T213088: Security Credentialing Efforts as Resolved.

Resolving for the time being. Will revisit should the desire to pursue arise.

Sep 23 2019, 4:42 PM · Security-Team, Epic
Jcross moved T232348: Offboard Michal Anna from Security Team from Incoming to In Progress on the Security-Team board.
Sep 23 2019, 4:37 PM · Security-Team
Jcross removed a project from T227008: Draft golang security best practices documentation: Security-Team.
Sep 23 2019, 4:29 PM · user-sbassett
Jcross removed a project from T218956: Should we deploy sshguard on external IP addresses?: Security-Team.
Sep 23 2019, 4:29 PM · User-crusnov
Jcross removed a project from T150605: Publish an analysis of the OurMine hack: Security-Team.
Sep 23 2019, 4:25 PM · Security-Team, Wikimedia-Incident
Jcross closed T193769: Thousands of failed login attempts (wrong password) as Resolved.

As nothing additional is required on this task, the Security Team is resolving. Please feel free to submit a new ticket should additional / further action be required.

Sep 23 2019, 4:23 PM · Security-Team
Jcross moved T70982: Remove inappropriate X-Hacker HTTP header served on sites hosted by Automattic from To Follow Up to Waiting on the Security-Team board.
Sep 23 2019, 4:12 PM · Security-Team, wikimediafoundation.org, WMF-Legal, Wikimedia-Blog
Jcross moved T202080: Publish the source for phabricator-antivandalism from To Follow Up to Waiting on the Security-Team board.
Sep 23 2019, 4:12 PM · Release-Engineering-Team-TODO, Release-Engineering-Team (Development services), Security-Team, User-MModell, Phabricator
Jcross moved T150605: Publish an analysis of the OurMine hack from To Follow Up to Waiting on the Security-Team board.
Sep 23 2019, 4:12 PM · Security-Team, Wikimedia-Incident
Jcross moved T193769: Thousands of failed login attempts (wrong password) from To Follow Up to Waiting on the Security-Team board.
Sep 23 2019, 4:12 PM · Security-Team
Jcross closed T193846: Publish analysis of sustained login attack of 3 May 2018, a subtask of T193769: Thousands of failed login attempts (wrong password), as Resolved.
Sep 23 2019, 4:11 PM · Security-Team
Jcross closed T193846: Publish analysis of sustained login attack of 3 May 2018 as Resolved.

The Security Team agrees and resolving this task for the time being.

Sep 23 2019, 4:11 PM · Security-Team
Jcross moved T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki from Epics in progress to Waiting on the Security-Team board.
Sep 23 2019, 4:07 PM · ContentSecurityPolicy, Core Platform Team Legacy (Watching / External), TechCom-RFC (TechCom-Approved), Patch-For-Review, Epic, Security-Team
Jcross moved T28508: Content Security Policy (CSP) from In Progress to Waiting on the Security-Team board.
Sep 23 2019, 4:07 PM · ContentSecurityPolicy, Front-end-Standards-Group, Security, Security-Team, WorkType-NewFunctionality, MediaWiki-General
Jcross moved T28508: Content Security Policy (CSP) from Epics in progress to In Progress on the Security-Team board.
Sep 23 2019, 4:07 PM · ContentSecurityPolicy, Front-end-Standards-Group, Security, Security-Team, WorkType-NewFunctionality, MediaWiki-General

Sep 10 2019

Jcross added a comment to T227346: Security readiness review for the MachineVision extension.

The team has taken a look at this feels we can provide a basic review by your target deployment date, but that a more in-depth look may need to happen post-launch. We hope that this will work for you and your team - please let us know if you have any questions or concerns and we'll be in touch as we move forward.

Sep 10 2019, 5:17 PM · MW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Patch-For-Review, user-sbassett, Security-Team-Reviews, Product-Infrastructure-Team-Backlog, Machine vision

Sep 9 2019

Jcross edited Description on Security.
Sep 9 2019, 7:06 PM
Jcross edited Description on Security.
Sep 9 2019, 7:06 PM
Jcross edited Description on Security-Team.
Sep 9 2019, 5:18 PM
Jcross edited Description on Security-Team.
Sep 9 2019, 5:14 PM
Jcross edited Description on Security-Team.
Sep 9 2019, 5:14 PM
Jcross edited Description on Security-Team.
Sep 9 2019, 5:12 PM
Jcross edited Description on Security-Team.
Sep 9 2019, 5:12 PM
Jcross edited Description on Security-Team.
Sep 9 2019, 5:11 PM
Jcross updated the task description for T232348: Offboard Michal Anna from Security Team.
Sep 9 2019, 4:01 PM · Security-Team

Sep 4 2019

Jcross edited Description on Vuln-InsufficientMonitoring.
Sep 4 2019, 7:25 PM
Jcross edited Description on Vuln-VulnComponent.
Sep 4 2019, 7:24 PM
Jcross edited Description on Vuln-SerDe.
Sep 4 2019, 7:22 PM
Jcross edited Description on Vuln-XSS.
Sep 4 2019, 7:19 PM
Jcross edited Description on Vuln-Misconfiguration.
Sep 4 2019, 7:03 PM
Jcross edited Description on Vuln-Authn/Session.
Sep 4 2019, 6:58 PM
Jcross edited Description on Vuln-Authn/Session.
Sep 4 2019, 6:58 PM
Jcross edited Description on Vuln-MissingAuthz.
Sep 4 2019, 6:53 PM
Jcross edited Description on Vuln-XXE.
Sep 4 2019, 6:51 PM
Jcross edited Description on Vuln-Infoleak.
Sep 4 2019, 6:48 PM
Jcross edited Description on Vuln-CachePollution.
Sep 4 2019, 4:25 PM
Jcross edited Description on Vuln-SerDe.
Sep 4 2019, 4:24 PM
Jcross edited Description on Vuln-InsufficientMonitoring.
Sep 4 2019, 4:23 PM
Jcross edited Description on Vuln-XXE.
Sep 4 2019, 4:22 PM
Jcross set the image for Vuln-XXE to F30222778: profile.
Sep 4 2019, 4:19 PM
Jcross set the image for Vuln-SerDe to F30222773: profile.
Sep 4 2019, 4:18 PM
Jcross set the image for Vuln-InsufficientMonitoring to F30222766: profile.
Sep 4 2019, 4:18 PM
Jcross set the image for Vuln-CachePollution to F30222764: profile.
Sep 4 2019, 4:18 PM
Jcross updated the image for Vuln-VulnComponent from F3361159: profile to F30222762: profile.
Sep 4 2019, 4:17 PM

Aug 29 2019

Jcross removed a member for Security-Team: mmarble.
Aug 29 2019, 3:01 PM
Jcross removed a watcher for Security-Team-Reviews: mmarble.
Aug 29 2019, 3:00 PM
Jcross placed T207246: Do a security audit of *.planet.wikimedia.org up for grabs.
Aug 29 2019, 2:54 PM · Security-Team-Reviews

Aug 21 2019

Jcross added a comment to T227591: Security Concept Review for the machine vision middleware project.

Thank you for the quick reply @Mholloway - please just let us know when we can be of further assistance. Cheers!

Aug 21 2019, 3:08 PM · user-sbassett, Machine vision, Product-Infrastructure-Team-Backlog, Security-Team-Reviews
Jcross added a comment to T222806: Security Review for Vega 5 and Vega-Lite JavaScript Libraries.

Thank you for the quick reply @Yurik ! Please let us know when we are needed for additional review. Cheers.

Aug 21 2019, 3:06 PM · Security-Team-Reviews, Upstream, JavaScript, Maps, MediaWiki-extensions-Graph

Aug 20 2019

Jcross added a comment to T222806: Security Review for Vega 5 and Vega-Lite JavaScript Libraries.

Hi @Yurik - will we be providing additional review for you or may I close this ticket? Please let us know, and thank you!

Aug 20 2019, 5:44 PM · Security-Team-Reviews, Upstream, JavaScript, Maps, MediaWiki-extensions-Graph
Jcross added a comment to T227209: Security Review For Parsoid-PHP.

@Reedy - could use your eyes on this. Thank you!

Aug 20 2019, 5:35 PM · Parsoid-PHP, Security-Team-Reviews