[00:05:41] I would open a task on Phabricator for that ([[phab:]]) [00:05:41] https://meta.miraheze.org/wiki/phab: [00:05:41]

https://phabricator.miraheze.org/ [00:05:42] [url] Main Page | phabricator.miraheze.org [00:05:43] [url] Phab - Miraheze Meta | meta.miraheze.org [00:50:04] I don't have rights to create a project on Phabricator [01:13:19] RobertSterbal: You need to make a task, not a project [01:13:36] go to "Maniphest" and click Create Task in the top right [09:12:34] damn :( [09:12:45] I had a javascript bookmarklet that turn latex $$ into

tags
[09:12:47] but i lost it...
[09:16:18] ah i found it
[09:16:22] but tags are not working for some reason
[09:17:39] it turned < to <
[09:19:14] wait it was my scripts fault, it works now
[16:51:48] Sounds good.
[20:30:45] SRE have released a security disclosure regarding a recent incident affecting our mail system. See https://meta.miraheze.org/w/index.php?diff=188538&oldid=188531&rcid=656960 for more information.
[20:30:48] [url] Difference between revisions of "Community noticeboard" - Miraheze Meta | meta.miraheze.org
[20:35:41] Thank you for the transparency 👍
[20:38:41] RhinosF1: Your transparency is much appreciated.
[20:39:08] It's SRE's aim
[20:39:35] We need to admit when things don't go great
[20:40:17] thankfully this wasn't a huge breach, just a misconfigured mail account
[20:40:20] Ugo,  on PC yet?
[20:41:01] Agent: people could and did send spam emails via our mail servers from any random email
[20:41:41] I don't know if anyone got fooled by the spam but fraud can have big costs
[20:43:14] The emails I saw amount to extortion
[20:43:38] @RhinosF1 Any reason T&S wasn’t consulted on a disclosure that relates to a relevant incident?
[20:44:50] @Owen: I did ask someone to inform you
[20:45:04] and I director signed off on the disclosure minutes ago
[20:45:09] s/I/a
[20:45:09] RhinosF1 meant to say: and a director signed off on the disclosure minutes ago
[20:45:30] I don’t believe I was contacted or engaged on the disclosure as Director of Trust and Safety
[20:45:40] Was @Doug consulted?
[20:46:10] Voidwalker: ^
[20:47:37] Are we requiring T&S to sign off on security disclosures? If so, that's an oversight on my part
[20:48:06] My understanding was that Owen knew
[20:49:02] Haven't personally seen much of Doug for the past week
[20:49:14] week?
[20:49:41] or I'm forgetful
[20:50:05] no I thought it was longer
[20:50:38] did some T&S stuff for him on the 18/19th
[20:51:46] The incident has a high potential to affect the trust of the project and would rightly be deemed a critical incident in that people can utilise official and verified email addresses to send messages on behalf of Miraheze.
[20:53:04] Any email in the world, depending on various things client side you could have been fbi.gov too
[20:53:04] When the T&S was created, it was agreed with SRE that security disclosures require engagement and review to protect the integrity of the project and to ensure appropriate and adequate reviews, learnings and lessons are learned prior to public disclosure. This is a primary purpose of T&S that the Board set out the team to fulfil as well
[20:53:53] But these emails would have been entirely verified coming from Miraheze.org, not spoofed from any email provider
[20:54:16] They'd have shown as coming from mail2 in the headers
[20:54:27] you could put anything in From:
[20:54:58] The two I saw were sent from an art shop's email asking for bitcoin as part of a scam
[20:54:59]