156006 - Security breach of Mozilla Evangelism

Status: VERIFIED INVALID

(Tech Evangelism Graveyard :: English US, defect)

Description

[Kristen M.]

There exists a major security flaw in user authentication and access 
privelages at Mozillazine.org.  Currently, a person who is not actively 
evangelizing Mozilla can read content at Mozillazine.org.  Even worse is that 
such a person is able to wholeheartedly disagree with someone via a simple 
form submission.

Steps to reproduce:

1.  Go to http://www.mozillazine.org

2.  Say something that makes the regulars think a little.  Not something 
like 'Moz Rulez' or 'IE sucks', but rather, something that inspires a bit of 
stimulation to ones nuerons.

3.  Wait a bit.

4.  Eventually, a mozilla.org person comes along to challenge why you are 
reading content there and posting information that doesn't fall in line with 
what they happen to think.

Solution:

1.  Password protect Mozillazine.

2.  Perform thorough background checks on all current and future visitors of 
Mozillazine.

3.  Only issue passwords to applicants who are found to agree with everyone 
else.


I believe in order to attain a community in which everyone agrees with 
everyone else that the above remedy is a must.  ;)

Comment 1

[Christian :Biesinger (don't email me, ping me on IRC)]

.

Comment 2

[Ben Bucksch (:BenB)]

I agree with this bug. It's not invalid.

We have similar checks in place at bugzilla.mozilla.org. mozillazine.org is used
to publish daily build comments, so it is a critical information source for
Mozilla testers. We cannot tolerate that troublemakers distrub, distract and
enrage dedicated Mozilla testers from their work and cause them to feel urged to
defend Mozilla, which substracts from their time to test Mozilla and
additionally demotivates them. We need to let our Mozilla testers know that they
have strong support, without anyone attacking them from the back.

Comment 3

[Doron Rosenberg (IBM)]

verified FUCKOFF