<br><br><div class="gmail_quote">On 6 August 2012 10:50, Nicholas Walker <span dir="ltr"><<a href="mailto:tel0seh@googlemail.com" target="_blank">tel0seh@googlemail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">Hey,</span><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
<br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">I've just recieved one of the monthly "you're subscribed to this list" reminder emails (as if i needed reminding every month, after receiving multiple emails every day.)</div>
<div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
and noticed that my password for the list was emailed to me as part of the content, in *plaintext*.</div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div>
<div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
I hope I don't have to remind anyone here how this breaks every rule in the book, passwords should ALWAYS be stored hashed, and a user should NEVER need to recieve their password.</div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
<br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
please take a read over this link: <a href="http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html" style="color:rgb(17,85,204)" target="_blank">http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html</a></div>
<div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
<br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">Can this be rectified please? I'd really rather not have one of my passwords floating around the internets. I know who hangs out there.</div>
<div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
<br></div></blockquote><div>Every individual, via the options menu on their personal mailman settings, can switch off the monthly password reminders if required. I thought people in general knew this, obviously not.</div>
<div><br></div><div>Gordon</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
</div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"><br></div><div style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">
Nick.</div><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><br>Nick Walker<br>President : The Linux Society<br>UAD Ethical Hacker<br>
</font></span><br>_______________________________________________<br>
dundee GNU/Linux Users Group mailing list<br>
<a href="mailto:dundee@mailman.lug.org.uk">dundee@mailman.lug.org.uk</a> <a href="http://dundeelug.org.uk" target="_blank">http://dundeelug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/dundee" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/dundee</a><br>
Chat on IRC, #tlug on <a href="http://irc.lug.org.uk" target="_blank">irc.lug.org.uk</a><br></blockquote></div><br>