Wikipedia:Wikipedia Signpost/2016-04-01/Technology report



HTTPS was a good start. But to be really secure, it's not enough.

The FBI's attacks against the Tor network have been in the news this week. In events reminiscent of the famous Operation Onymous, the FBI seized control of a web server and then used it to compromise the browsers of visitors to the site.

Could the same thing happen to Wikipedia? Absolutely. We follow industry standard best practice in keeping our servers secure, but this is in an industry where "best practice" means running code which is not known to be vulnerable. The more ignorant you are about the code you are running, the more secure you are. The mind boggles.

Just about every layer of our software stack has had security vulnerabilities of one kind or another disclosed and fixed, and yet we keep using it, because there is no alternative. And Pwn2Own proves every year that there is no reason to trust our web browsers.

Of course, the tools of the trade are not restricted to law enforcement. Anyone with patience and talent can find and exploit vulnerabilities. So what do you do if you want to learn about dancing mania but you don't want to expose your computer to complete compromise? Reduce the attack surface:

Wikimedia is pleased to announce the launch of a Telnet [telnet://telnet.wmflabs.org gateway to Wikipedia].

Sorry, there are no images, but you don't want them anyway, libpng vulnerabilities will own your phone.

If you care about privacy, you should access the gateway via the Tor hidden service at  port 23. If you care about security, maybe you shouldn't. Who knows what vulnerabilities are hidden in the Tor client? Maybe it's best to run the Tor proxy on a separate server in an air-gapped, soundproof room, connected only by an optically-isolated RS-232 link to your secure laptop.

When it comes to choosing the Telnet client, there are two main approaches.

One is to use old, small, well-tested code, generally recognised to be safe, in the desperate hope that with enough eyes, all bugs are shallow. In this vein you might consider the BSD telnet client, running on a Linux virtual terminal console.

The BSD telnet client was written in about 1983, and is available in all major Linux distributions. Its manpage lists only a single bug: "The source code is not comprehensible." Well, surely in 33 years at least one person must have comprehended it by now and reviewed it for security, right? Right?

While you admire the pretty colours in your Linux console, you might reflect on the fact that they are brought to you by C code which interprets terminal escape sequences while running in Ring 0.

The other approach is defense in depth. Perhaps JTelnet, with an extremely restrictive Java security policy which denies all local access, running as an unprivileged user in a chroot in a VM.

We'll leave the details up to you. Stay safe, folks.

For more information about connecting and further technical details, please see the wiki page.

P.S.: please don't ask for a web gateway to the Telnet server. That really misses the point.

Tim Starling is lead platform architect on the parsing team at the Wikimedia Foundation