[Owasp-board] My input on our response to CH

Eoin Keary eoin.keary at owasp.org
Fri Sep 4 17:51:05 UTC 2015


Issue all members an MFA token :)


Eoin Keary
OWASP Volunteer
@eoinkeary



> On 4 Sep 2015, at 16:45, johanna curiel curiel <johanna.curiel at owasp.org> wrote:
> 
> I'm just curious
> 
> How can OWASP avoid if he uses another email accounts/fake names addresses to gain access?
> 
> I think access to the wiki has to be very strong supervised including a background check of the person requesting access 
> 
> Any ideas or procedures that are already in place?
> 
> regards
> 
> Johanna
> 
>> On Fri, Sep 4, 2015 at 11:25 AM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>> And the screenshot...
>> 
>> Rushing to get back to work doesn't actually buy you more time ; )
>> 
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>> 
>>> On Fri, Sep 4, 2015 at 10:24 AM, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>>> > I'm assuming wiki editing has been revoked?
>>> 
>>> Good point about the wiki - its actually designed to clean up bad/malicious edits so the damage potential is far less but I went ahead and blocked his user account.  See screenshot.
>>> 
>>> For the curious, his wiki contributions are at: https://www.owasp.org/index.php/Special:Contributions/Cmlh
>>> 
>>> -- Cheers
>>> 
>>> --
>>> -- Matt Tesauro
>>> OWASP WTE Project Lead
>>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>>> http://AppSecLive.org - Community and Download site
>>> OWASP OpenStack Security Project Lead
>>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>> 
>>>> On Fri, Sep 4, 2015 at 10:07 AM, Matt Konda <matt.konda at owasp.org> wrote:
>>>> Hi.
>>>> 
>>>> Wow.  I was slow to respond to this whole series of events because I didn't have prior direct exposure to this individual.  Lucky me.
>>>> 
>>>> First, I'm glad we (esp. Matt T.) have taken care of part of the problem through mechanics. Thanks all for dealing with that, especially Josh for invoking the bylaws to trigger the action.
>>>> 
>>>> Second, is there further action required with regard to CH?  I'm assuming we keep our eyes out for disruptive behavior for a bit and just catch it and take action quickly.  I'm assuming wiki editing has been revoked?
>>>> 
>>>> Third, are there other open issues (people) like this that we should deal with proactively?
>>>> 
>>>> Fourth, what can we do to handle this prior to the face to face meeting?  As painful as it is over email, I would really rather focus on positive and constructive things we can be doing (like proposals for wiki overhaul and investments in projects) than re-hashing blow by blow the words of people we don't want to be part of the community.  Is there a legitimate legal risk here?
>>>> 
>>>> Thanks,
>>>> Matt
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> 
>> 
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150904/545c1ff0/attachment.html>


More information about the Owasp-board mailing list