[dundee] Concerning mailman security

Nicholas Walker tel0seh at googlemail.com
Mon Aug 6 18:36:48 UTC 2012


My post isn't about the monthly reminders. It's about their content and
their implications.
On Aug 6, 2012 7:17 PM, "gordon dunlop" <zubenel at fedoraproject.org> wrote:

>
>
> On 6 August 2012 10:50, Nicholas Walker <tel0seh at googlemail.com> wrote:
>
>> Hey,
>>
>> I've just recieved one of the monthly "you're subscribed to this list"
>> reminder emails (as if i needed reminding every month, after receiving
>> multiple emails every day.)
>>
>> and noticed that my password for the list was emailed to me as part of
>> the content, in *plaintext*.
>>
>>
>> I hope I don't have to remind anyone here how this breaks every rule in
>> the book, passwords should ALWAYS be stored hashed, and a user should NEVER
>> need to recieve their password.
>>
>>
>> please take a read over this link:
>> http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html
>>
>>
>> Can this be rectified please? I'd really rather not have one of my
>> passwords floating around the internets. I know who hangs out there.
>>
>>
>> Every individual, via the options menu on their personal mailman
> settings, can switch off the monthly password reminders if required. I
> thought people in general knew this, obviously not.
>
> Gordon
>
>
>
>
>>
>> Nick.
>>
>> --
>>
>> Nick Walker
>> President : The Linux Society
>> UAD Ethical Hacker
>>
>> _______________________________________________
>> dundee GNU/Linux Users Group mailing list
>> dundee at mailman.lug.org.uk  http://dundeelug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/dundee
>> Chat on IRC, #tlug on irc.lug.org.uk
>>
>
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at mailman.lug.org.uk  http://dundeelug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on irc.lug.org.uk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/dundee/attachments/20120806/a432729b/attachment.htm>


More information about the dundee mailing list