Software Security Engineer, Wikimedia Foundation
Prevent, Detect, Respond.
Early on in life, I fell in love with seeing the mathematics that underpin modern cryptographic systems, and a certain beauty of those systems. I studied security in school, ending with an MSc from Royal Holloway (you can blame them for Lucky 13, among other things). My thesis was on trust in anonymity networks, because it was a difficult enough problem to keep me interested. I've been working in the information security industry since. Unlike most members of the platform team, I was not involved in the community before the foundation hired me, although I've had a passion for open source and openness in security throughout my career. Working for the foundation has given me a new window into what security can look like in open and transparent organizations.
My workAll things application security related for MediaWiki
Disclaimer: Although I work for the Wikimedia Foundation, contributions under this account do not necessarily represent the actions or views of the Foundation unless expressly stated otherwise. For example, edits to articles or uploads of other media are done in my individual, personal capacity unless otherwise stated.
Current projects[edit | edit source]
Security auditing and response[edit | edit source]
MediaWiki 1.22.3, 1.21.6, and 1.19.12 security updates were released. We started a review of the Hadoop infrastructure and the Popups extension.
- Review Queue
Auth Sprint (Spring '13)[edit | edit source]
The team focused on minor updates to close some of the high priority OAuth bugs.
Password storage update (Winter '14)[edit | edit source]
Password Expiration merged (https://gerrit.wikimedia.org/r/#/c/92037). Continued work on Passwords RFC process.