[Cryptography] Why is emailing me my password?

[Benjamin Kreuter]

On Wed, 2 Oct 2013 10:16:42 -0400
Greg <greg at kinostudios.com> wrote:

> > I'm interested in cases where Mailman passwords have been abused.
> 
> "Show me one instance where a nuclear reactor was brought down by an
> earthquake! Just one! Then I'll consider spending the $$ on it!"

Assume for a moment that there are no other systems involved, and
compare the failure of a nuclear power plant to a leaked mailman
password.  On its own, a failure at a nuclear power plant can render
tens of thousands of square miles uninhabitable.  On its own, a leaked
mailman password causes a few minutes of annoyance.

Really, the issue here is not mailman.  Mailman passwords address a
very minor security issue and mailing them in plaintext has no effect
on said security.  The real issue is that passwords are being used in
places where security really does matter, and that someone might have
used the same password for mailman as they did for one of those
systems.  If you ask me, the problem is not mailman sending out the
passwords, nor the fact that people often use the same password
everywhere; the problem is that passwords are being used to secure
important things.

-- Ben



-- 
Benjamin R Kreuter
UVA Computer Science
brk7bx at virginia.edu
KK4FJZ

--

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131003/8901f3fe/attachment.pgp>