[Cryptography] Why is emailing me my password?
Greg
greg at kinostudios.com
Tue Oct 1 12:56:04 EDT 2013
There is nothing difficult about the right course of action here: Don't send the password. Disable this silly default.
The attitude expressed in these replies is a disgrace to the profession of software security, and a disgrace to the list.
It doesn't matter whether or not I "should" be using a unique password. I might not be, and even if I am, a nerd next to me shouldn't be able to change my subscription settings because of the listserv's idiotic setting.
It is NOT the user's responsibility to compensate for the incompetence of sys admins or software developers. They are the ones who are failing their jobs.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
On Oct 1, 2013, at 12:03 PM, Lodewijk andré de la porte <l at odewijk.nl> wrote:
> It's reasonable as it's not a security sensitive environment. Please for the love of god let some environments stay low-sec.
>
>
> 2013/10/1 Nick <cryptography-list at njw.me.uk>
> On Tue, Oct 01, 2013 at 10:28:48AM -0400, Greg wrote:
> > So, my password, iPoopInYourHat, is being sent to me in the clear by your servers.
>
> All mailman lists do this by default. It does tell you on the sign
> up page that it will do so, and that you shouldn't use a 'valuable'
> (e.g. used elsewhere) password - see
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
> It is an annoying default, but so long as you don't use a password
> attached to anything else you care about, I don't think it should be
> too much of a worry.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131001/696eb1e8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131001/696eb1e8/attachment.pgp>
More information about the cryptography
mailing list