Page MenuHomePhabricator

chasemp (Chase)
securityAdministrator

Projects (15)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Sep 16 2014, 11:39 AM (272 w, 6 d)
Roles
Administrator
Availability
Available
IRC Nick
chasemp
LDAP User
Rush
MediaWiki User
CPettet (WMF) [ Global Accounts ]

Current: security architect

Past: security engineer, engineering manager, lead operations engineer, operations engineer

Local changes.
for upgrades

Recent Activity

Today

chasemp closed T240247: audit flea tasks for security-team tag and relevance as Invalid.

Weird dupe

Mon, Dec 9, 7:54 PM · Security-Team
chasemp created PM.
Mon, Dec 9, 6:10 PM
chasemp triaged T240247: audit flea tasks for security-team tag and relevance as Medium priority.
Mon, Dec 9, 6:07 PM · Security-Team
chasemp triaged T240245: Create an SOP for handling of Cloud/Toolforge open vulnerability issues as Medium priority.
Mon, Dec 9, 6:05 PM · Security-Team, Security, Cloud-VPS, Toolforge
chasemp moved T118774: No way to force a user to change their password if it's invalid from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:36 PM · Security-Team, MW-1.33-notes (1.33.0-wmf.21; 2019-03-12), Security, MediaWiki-User-login-and-signup
chasemp moved T208477: Move "privileged account' concept into MediaWiki core from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:35 PM · Security-Team, Patch-For-Review, MediaWiki-Debug-Logger, MediaWiki-Authentication-and-authorization, Security
chasemp moved T207777: audit password policy check for constant time string comparisons from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:35 PM · Security-Team, MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Google-Code-in-2018, MediaWiki-User-management, Security
chasemp moved T199688: Decide if H141 ("Add security tag when Security flag is set to Software security bug") is needed or not from Incoming to Waiting on the Security-Team board.
Mon, Dec 9, 5:34 PM · Security-Team, Phabricator, Security
chasemp moved T209749: Allow privileged accounts to determine if an account has enrolled in 2FA from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:33 PM · Security-Team, Security, MediaWiki-extensions-OATHAuth, Trust-and-Safety
chasemp moved T189641: Service for checking the Pwned Passwords database from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:32 PM · Security-Team, Core Platform Team Legacy (Watching / External), Services (watching), User-Tgr, WMF-Legal, Security, MediaWiki-User-login-and-signup, MediaWiki-Authentication-and-authorization, Security-General
chasemp moved T150903: Alert ops/security on many 2FA failures from Incoming to Waiting on the Security-Team board.
Mon, Dec 9, 5:32 PM · Security-Team, MediaWiki-extensions-OATHAuth, Security, User-chasemp
chasemp moved T179901: Create a tmp directory just for MediaWiki from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:32 PM · Security-Team, Performance-Team (Radar), serviceops, Security, MediaWiki-General
chasemp moved T189531: All Wikimedia developer services should use single sign-on from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:30 PM · Security-Team, Security, User-Tgr, Wikimedia-Hackathon-2018, Wikimedia-General-or-Unknown, Epic
chasemp moved T207297: Phan SecurityCheck-XSS and SecurityCheck-SQLInjection errors in SecurePoll extension from Incoming to Back Orders on the Security-Team board.
Mon, Dec 9, 5:30 PM · Core Platform Team, Security-Team, MediaWiki-extensions-SecurePoll, Security
chasemp moved T213131: New ORES model relies on translatewiki.net API, which is not hosted on WMF production from Incoming to Watching on the Security-Team board.
Mon, Dec 9, 5:29 PM · Security-Team, Security, Scoring-platform-team, translatewiki.net, ORES
chasemp triaged T150526: BotPasswords: grant all rights as High priority.
Mon, Dec 9, 5:24 PM · MediaWiki-Authentication-and-authorization, Security
chasemp triaged T117905: Put secret info into an object, so they don't appear in stack traces as Low priority.
Mon, Dec 9, 5:23 PM · Security, MediaWiki-General, Security-General
chasemp triaged T118774: No way to force a user to change their password if it's invalid as Medium priority.
Mon, Dec 9, 5:23 PM · Security-Team, MW-1.33-notes (1.33.0-wmf.21; 2019-03-12), Security, MediaWiki-User-login-and-signup
chasemp triaged T123243: Ability to alert when we get a sudden increase in bad passwords for privileged accounts as Medium priority.
Mon, Dec 9, 5:22 PM · User-chasemp, Security-team-backlog, Security
chasemp triaged T128911: Update Sentry to 8.2.2 as High priority.
Mon, Dec 9, 5:22 PM · Security, Sentry
chasemp triaged T134306: add automatic checks/test for suppressed content as a security measure as Medium priority.
Mon, Dec 9, 5:22 PM · MediaWiki-Core-Testing, Security, MediaWiki-Revision-deletion, Security-General
chasemp triaged T136101: Rethink AuthManager::securitySensitiveOperationStatus as Medium priority.
Mon, Dec 9, 5:22 PM · Security, MediaWiki-Authentication-and-authorization
chasemp triaged T137016: Allow more than 1 password reset per 24 hours as Medium priority.
Mon, Dec 9, 5:22 PM · Security, MediaWiki-Authentication-and-authorization
chasemp triaged T143015: Consider different "keep me logged in" login lengths for different user groups as Medium priority.
Mon, Dec 9, 5:21 PM · MediaWiki-User-login-and-signup, Security
chasemp triaged T150562: Be able to force OATHAuth for certain user groups as Medium priority.
Mon, Dec 9, 5:21 PM · Security, Trust-and-Safety, Stewards-and-global-tools, MediaWiki-extensions-OATHAuth
chasemp triaged T150903: Alert ops/security on many 2FA failures as Medium priority.
Mon, Dec 9, 5:20 PM · Security-Team, MediaWiki-extensions-OATHAuth, Security, User-chasemp
chasemp triaged T151011: Add password generator to account creation / password change form as Low priority.
Mon, Dec 9, 5:20 PM · User-Tgr, Security, MediaWiki-User-login-and-signup
chasemp triaged T153454: Enable BotPasswords (or similar feature) for web/interactive access as Medium priority.
Mon, Dec 9, 5:20 PM · Security, Security-General, MediaWiki-Authentication-and-authorization
chasemp triaged T153691: Strengthen two factor authentication by making it concurrent instead of sequential during the authentication process as Medium priority.
Mon, Dec 9, 5:20 PM · Security, MediaWiki-Authentication-and-authorization, MediaWiki-extensions-OATHAuth
chasemp triaged T159611: thumb.php should use the ImgAuthBeforeStream hook as Medium priority.
Mon, Dec 9, 5:19 PM · Security, Multimedia, Commons, MediaWiki-File-management
chasemp triaged T160387: Support Strict Secure Cookies as Medium priority.
Mon, Dec 9, 5:18 PM · Security, MediaWiki-Authentication-and-authorization
chasemp triaged T163583: <video>/<source>/<track> sanitization for media as Medium priority.
Mon, Dec 9, 5:18 PM · MW-1.30-release-notes (WMF-deploy-2017-05-23_(1.30.0-wmf.2)), MediaWiki-Parser, TimedMediaHandler, Patch-For-Review, Security
chasemp triaged T164189: Add a show password button as Low priority.
Mon, Dec 9, 5:18 PM · Security, Security-General, Accessibility, Design, MediaWiki-User-login-and-signup
chasemp triaged T165059: Change incorrect informations on the login form of phab-01.wmflabs.org as Low priority.
Mon, Dec 9, 5:17 PM · Security, VPS-project-Phabricator
chasemp triaged T169027: Provide iframe sandboxing for rich-media extensions (defense in depth) as Medium priority.
Mon, Dec 9, 5:16 PM · Security, Security-General, Technical-Debt, Commons, MediaWiki-File-management, Multimedia
chasemp triaged T171563: Only allow MediaWiki, Gadget, and User namespace pages to be treated as JS or CSS (no project namespace, etc.) as Medium priority.
Mon, Dec 9, 5:16 PM · Security, Security-team-backlog, MediaWiki-Page-protection, JavaScript
chasemp triaged T178010: missing character equivalencies: ÈÉÊẼÌÍÏÓÒÔÕ∅Q̃ÚŰÜŨ as Low priority.
Mon, Dec 9, 5:15 PM · Equivset, Security, AntiSpoof
chasemp triaged T179901: Create a tmp directory just for MediaWiki as Medium priority.
Mon, Dec 9, 5:14 PM · Security-Team, Performance-Team (Radar), serviceops, Security, MediaWiki-General
chasemp triaged T180886: AuthManager special pages should honor $wgSecureLogin as Medium priority.
Mon, Dec 9, 5:14 PM · Security, MediaWiki-Authentication-and-authorization
chasemp triaged T180896: Allow functionaries to reset second factor on low-risk accounts as Medium priority.
Mon, Dec 9, 5:14 PM · MediaWiki-extensions-OATHAuth, Security, Trust-and-Safety, WMF-Legal, MW-1.34-notes (1.34.0-wmf.1; 2019-04-16)
chasemp triaged T181317: Streamline process for uploading private files to public tasks as Medium priority.
Mon, Dec 9, 5:13 PM · Security, Security-General, Phabricator
chasemp triaged T181690: Track external JS libraries in MediaWiki in a way that allows vulnerability detection as Medium priority.
Mon, Dec 9, 5:13 PM · Security, MediaWiki-General, JavaScript
chasemp triaged T182198: Retrieve showing a "skin" property in "user_properties" table on DB replicas as Medium priority.
Mon, Dec 9, 5:13 PM · Security-Team, Security, Data-Services
chasemp triaged T183420: Authentication data should not be available through the normal DB abstraction layer as Medium priority.
Mon, Dec 9, 5:12 PM · Security, MediaWiki-Authentication-and-authorization
chasemp triaged T184389: Broken oracle link on config-invalid-db-server-oracle as Medium priority.
Mon, Dec 9, 5:12 PM · Security, MediaWiki-Installer, Oracle Database
chasemp triaged T184432: Add .mw-numlink class to numlinks at Special:Whatlinkshere as Medium priority.
Mon, Dec 9, 5:12 PM · Security, MediaWiki-Special-pages
chasemp triaged T184458: Floats are badly interpreted in SQL when locale is not English as Low priority.
Mon, Dec 9, 5:11 PM · Security, Wikimedia-Rdbms
chasemp triaged T187617: Add security.txt to Wikimedia sites? as Low priority.
Mon, Dec 9, 5:10 PM · Security-team-backlog, Documentation, Wikimedia-General-or-Unknown, Security
chasemp triaged T187669: Static PCRE ReDoS validator as Medium priority.
Mon, Dec 9, 5:09 PM · Security, MediaWiki-General, Security-General
chasemp triaged T187749: Make it possible to use code from an external repository for editor-controlled Javascript/CSS as Medium priority.
Mon, Dec 9, 5:09 PM · Security-Team, Wikimedia-Hackathon-2019, Security, Wikimedia-Hackathon-2018, Patch-For-Review, MediaWiki-extension-requests, User-Tgr, Security-General, JavaScript, MediaWiki-extensions-Gadgets
chasemp added a project to T189531: All Wikimedia developer services should use single sign-on : Security-Team.

@MoritzMuehlenhoff seems like maybe some merging of this stuff into T233921 and co would make sense?

Mon, Dec 9, 5:08 PM · Security-Team, Security, User-Tgr, Wikimedia-Hackathon-2018, Wikimedia-General-or-Unknown, Epic
chasemp triaged T189531: All Wikimedia developer services should use single sign-on as High priority.
Mon, Dec 9, 5:06 PM · Security-Team, Security, User-Tgr, Wikimedia-Hackathon-2018, Wikimedia-General-or-Unknown, Epic
chasemp triaged T189641: Service for checking the Pwned Passwords database as Low priority.
Mon, Dec 9, 5:06 PM · Security-Team, Core Platform Team Legacy (Watching / External), Services (watching), User-Tgr, WMF-Legal, Security, MediaWiki-User-login-and-signup, MediaWiki-Authentication-and-authorization, Security-General
chasemp triaged T192207: Security related Static Analysis as Medium priority.
Mon, Dec 9, 5:04 PM · Security-Team, Security-team-backlog, MediaWiki-Codesniffer, Security
chasemp triaged T194398: Require elevated session security for giving elevated permissions as Medium priority.
Mon, Dec 9, 5:03 PM · MediaWiki-extensions-OAuth, Security-team-backlog, Security
chasemp triaged T196602: Streamline MW security release process as Medium priority.
Mon, Dec 9, 5:01 PM · Security-Team, MediaWiki-Releasing, Security
chasemp triaged T196892: Raw HTML in page descriptions as Medium priority.
Mon, Dec 9, 5:00 PM · Security-Team, Product-Infrastructure-Team-Backlog, Wikidata, MediaWiki-extensions-WikibaseClient, Security, Mobile-Content-Service
chasemp triaged T197087: Remove or limit edituserjs and similar rights as Medium priority.
Mon, Dec 9, 4:56 PM · Security, MediaWiki-Interface
chasemp triaged T197130: Document MediaWiki elevated security feature as Medium priority.
Mon, Dec 9, 4:56 PM · Security, MediaWiki-General, Documentation
chasemp triaged T197136: Tie certain user rights to elevated security as High priority.
Mon, Dec 9, 4:56 PM · Security, MediaWiki-User-management
chasemp triaged T197137: Editing sitewide JS/CSS pages should require elevated security as High priority.
Mon, Dec 9, 4:56 PM · Security, MediaWiki-User-management, MediaWiki-Interface
chasemp triaged T197150: User right changes should require elevated security as Medium priority.
Mon, Dec 9, 4:56 PM · MediaWiki-User-management, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, Security
chasemp triaged T197153: Make some providers optional for reauthentication as Medium priority.
Mon, Dec 9, 4:55 PM · User-Tgr, Patch-For-Review, Security, MediaWiki-Authentication-and-authorization
chasemp triaged T197158: CheckUser should require elevated security as Medium priority.
Mon, Dec 9, 4:55 PM · CheckUser, Stewards-and-global-tools, Security
chasemp triaged T197160: All security-sensitive MediaWiki functionality should require elevated security as Medium priority.
Mon, Dec 9, 4:55 PM · Security, User-Tgr, Epic, MediaWiki-Authentication-and-authorization, Security-General
chasemp triaged T199688: Decide if H141 ("Add security tag when Security flag is set to Software security bug") is needed or not as Medium priority.
Mon, Dec 9, 4:54 PM · Security-Team, Phabricator, Security
chasemp triaged T200878: Users should be warned againts putting arbitrary code to personal scripts as Medium priority.
Mon, Dec 9, 4:53 PM · Security, MediaWiki-General, Security-General
chasemp triaged T201052: Local interface-admin need to be sysop for some operations as High priority.
Mon, Dec 9, 4:53 PM · Security, MediaWiki-General, Security-General, Trust-and-Safety
chasemp triaged T201166: Warn when using local consumers as Medium priority.
Mon, Dec 9, 4:53 PM · MediaWiki-extensions-OAuth, Security
chasemp triaged T201784: Implement option "require two-factor authentication only for dangerous actions" as Medium priority.
Mon, Dec 9, 4:53 PM · MediaWiki-extensions-OATHAuth, Security, MediaWiki-Authentication-and-authorization
chasemp triaged T202028: Central auth fails when using "site isolation" in Google Chrome and Chromium or "first-party isolation" in Firefox as Medium priority.
Mon, Dec 9, 4:52 PM · Browser-Support-Firefox, Browser-Support-Google-Chrome, Security, MediaWiki-extensions-CentralAuth
chasemp triaged T202244: CentralNotice provides a means for non interface-admins to bypass new CSS/JS restrictions as High priority.
Mon, Dec 9, 4:52 PM · Security-Team, Fr-CentralNotice-translations, Fundraising-Backlog, MediaWiki-extensions-CentralNotice, Trust-and-Safety, Security, JavaScript
chasemp triaged T202900: Content model based permission checks do not use the actual content model on undelete/import as Medium priority.
Mon, Dec 9, 4:50 PM · Security, MediaWiki-Page-deletion, MediaWiki-Export-or-Import
chasemp triaged T203210: Extension:RSS shouldn't invent its own way to escape and parse things as Medium priority.
Mon, Dec 9, 4:50 PM · Security-Team, phan-taint-check-plugin, Technical-Debt, Security, MediaWiki-extensions-RSS
chasemp triaged T203912: HotCat loads code that can be edited without editsitejs right as Medium priority.
Mon, Dec 9, 4:49 PM · Security-Team, Wikimedia-General-or-Unknown, JavaScript, Security
chasemp triaged T204279: Fine-grained Sanitizer control as High priority.
Mon, Dec 9, 4:48 PM · Security, Parsing-Team, Parsoid
chasemp triaged T207297: Phan SecurityCheck-XSS and SecurityCheck-SQLInjection errors in SecurePoll extension as High priority.
Mon, Dec 9, 4:45 PM · Security-Team, Core Platform Team, MediaWiki-extensions-SecurePoll, Security
chasemp triaged T207777: audit password policy check for constant time string comparisons as Medium priority.
Mon, Dec 9, 4:44 PM · Security-Team, MW-1.33-notes (1.33.0-wmf.8; 2018-12-11), Google-Code-in-2018, MediaWiki-User-management, Security
chasemp added a project to T208477: Move "privileged account' concept into MediaWiki core: Security-Team.
Mon, Dec 9, 4:42 PM · Security-Team, Patch-For-Review, MediaWiki-Debug-Logger, MediaWiki-Authentication-and-authorization, Security
chasemp triaged T208477: Move "privileged account' concept into MediaWiki core as Medium priority.
Mon, Dec 9, 4:42 PM · Security-Team, Patch-For-Review, MediaWiki-Debug-Logger, MediaWiki-Authentication-and-authorization, Security
chasemp triaged T208667: Tie reauthentication (login with elevated security) to a specific security level as Medium priority.
Mon, Dec 9, 4:42 PM · Patch-For-Review, MediaWiki-Authentication-and-authorization, Security
chasemp triaged T208668: Do not ask for password on reauthentication when 2FA is enabled as Medium priority.
Mon, Dec 9, 4:41 PM · MediaWiki-extensions-OATHAuth, MediaWiki-Authentication-and-authorization, Security
chasemp triaged T208823: Support asynchronous reauthentication as Medium priority.
Mon, Dec 9, 4:41 PM · User-Tgr, MediaWiki-Authentication-and-authorization, Security
chasemp triaged T209556: In AuthManager, avoid encrypted storage of the password in the session as Medium priority.
Mon, Dec 9, 4:41 PM · Security-Team, Security, MediaWiki-Authentication-and-authorization
chasemp triaged T209579: MediaWiki should log user out of all sessions when going to Special:Userlogout as Medium priority.
Mon, Dec 9, 4:40 PM · MediaWiki-Authentication-and-authorization, Security
chasemp triaged T209749: Allow privileged accounts to determine if an account has enrolled in 2FA as Medium priority.
Mon, Dec 9, 4:40 PM · Security-Team, Security, MediaWiki-extensions-OATHAuth, Trust-and-Safety
chasemp triaged T210909: Introduce secure mode to MediaWiki as Medium priority.
Mon, Dec 9, 4:35 PM · MediaWiki-Authentication-and-authorization, Security
chasemp triaged T212911: My account was removed from the Wikimedia Github group as Medium priority.
Mon, Dec 9, 4:33 PM · Security
chasemp triaged T213010: Moves circumvent the requirement to have createpagemainns as Medium priority.
Mon, Dec 9, 4:33 PM · Security, MediaWiki-extensions-ArticleCreationWorkflow
chasemp added a project to T213131: New ORES model relies on translatewiki.net API, which is not hosted on WMF production: Security-Team.
Mon, Dec 9, 4:33 PM · Security-Team, Security, Scoring-platform-team, translatewiki.net, ORES
chasemp triaged T213131: New ORES model relies on translatewiki.net API, which is not hosted on WMF production as High priority.
Mon, Dec 9, 4:32 PM · Security-Team, Security, Scoring-platform-team, translatewiki.net, ORES
chasemp triaged T214375: Update installer to check for an AES library as Medium priority.
Mon, Dec 9, 4:30 PM · MediaWiki-Installer, Security, MediaWiki-Authentication-and-authorization
chasemp triaged T214445: Support Sodium in MediaWiki session encryption as Medium priority.
Mon, Dec 9, 4:30 PM · MediaWiki-Authentication-and-authorization, Security
chasemp triaged T215046: RfC: Use Github login for mediawiki.org as Medium priority.
Mon, Dec 9, 4:30 PM · User-Tgr, Privacy, Security, TechCom-RFC, Wikimedia-General-or-Unknown, GitHub-Mirrors
chasemp triaged T218449: Determine new password requirements for MediaWiki core as Medium priority.
Mon, Dec 9, 4:26 PM · MediaWiki-Authentication-and-authorization, Security, MediaWiki-User-login-and-signup
chasemp triaged T218926: MediaWiki-Vagrant complains about insecure NIC setting as Medium priority.
Mon, Dec 9, 4:21 PM · Security, MediaWiki-Vagrant
chasemp triaged T220481: Reenable l10update in production as Medium priority.
Mon, Dec 9, 4:15 PM · Release-Engineering-Team (Deployment services), Release-Engineering-Team-TODO, Security, MediaWiki-extensions-LocalisationUpdate
chasemp triaged T223831: Wikidata Recoin statement publishing button disappears after subject has been selected as Medium priority.
Mon, Dec 9, 4:09 PM · Wikidata.org, Security, Wikidata
chasemp triaged T223840: Can/should *.wmflabs.org be added to the default-src Content Security Policy? as Medium priority.
Mon, Dec 9, 4:09 PM · Cloud-Services, Privacy, Security, Wikimedia-Site-requests
chasemp triaged T224059: Should https://meta.wikimedia.org/wiki/Special:Contact/Stewards require a login as Medium priority.
Mon, Dec 9, 4:08 PM · MediaWiki-extensions-ContactPage, Stewards-and-global-tools, Security