[thelist] Open Source government wikis

[John DeStefano]

I don't believe that the wiki security hype is all bunk.  Because the
nature of the wiki-world is open and collaborative, its platform is
trusting in nature, too trusting at times for certain use cases.  It's
wonderful to facilitate and invite open collaboration on the web, but
just because lots of folks are using a piece of software doesn't make
it secure.

As an admin for a government-funded facility, I inherited a TWiki
installation that was littered with security holes and had recently
been hacked, all while under constant moderation.  Upon investigation,
I found that the installation had been hacked several times before
using different methods, one incident having taken place two years
before anyone here raised a red flag or even suspected a problem.  And
this particular installation was on a "closed" site, where only
registered members could post.  Hackers took advantage of "read-only"
features to find ways in, not only to the posted data but to the user
databases, in which they were able to create "admin" level users by
injecting commands in a simple search field.

Wikis provide excellent ways to share information and collaborate, but
I would advise against blind faith in their inherent authentication
and security mechanisms.

Sometimes, information isn't all hype.

~John

> From: "Steven Streight" <steven.streight at gmail.com>
> To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
> Date: Mon, 5 Feb 2007 09:47:31 -0600
> Subject: Re: [thelist] Open Source government wikis
> Wikinomic thinking is based on expanding the pool of talent, effort,
> insight, far beyond the walls of the corporation. See IBM and Linux as a
> fairly good example.
>
> On 2/5/07, Steven Streight <steven.streight at gmail.com> wrote:
> >
> > Wiki vandalism is highly over-hyped. It's similar to preventing comment
> > spam and spambot drippings on blogs. For blogs, you use comment moderation,
> > perhaps a captcha in rare and extreme cases of botnet spam attacks.
> >
> > For wikis, you simply make it semi-public, in other words, only authorized
> > team members can edit anything, but the pool of team members can expand as
> > they are invited or as they request to be contributors.
> >
> > I suggest everyone interested in collab to read WIKINOMICS by Don Tapscott
> > (author of The Digital Economy) and discover how even goldmining was
> > crowdsourced by Goldcorp, Inc, and many other stories.
> >
> > On 2/5/07, Julian Rickards <julian.rickards at gmail.com> wrote:
> > >
> > > Out of curiousity, thinking of Wikipedia and the problems it
> > > occassionally
> > > has with "vandalism", why would you consider a wiki for this type of
> > > organization?
> > >
> > > On 05/02/07, Steven Streight < steven.streight at gmail.com> wrote:
> > > >
> > > > If anyone has set up wikis for local/state government collaboration
> > > > projects, I'd love to have links to the wikis and to articles about
> > > it. Am
> > > > wanting to start a wiki for a major new institution, affliated with a
> > > > local
> > > > university and a high ranking public servant, revolving around
> > > integrity
> > > > and
> > > > ethics in government leadership.
> > > >