On Wed, 2 Oct 2013 10:16:42 -0400 Greg <g...@kinostudios.com> wrote: > > I'm interested in cases where Mailman passwords have been abused. > > "Show me one instance where a nuclear reactor was brought down by an > earthquake! Just one! Then I'll consider spending the $$ on it!"
Assume for a moment that there are no other systems involved, and compare the failure of a nuclear power plant to a leaked mailman password. On its own, a failure at a nuclear power plant can render tens of thousands of square miles uninhabitable. On its own, a leaked mailman password causes a few minutes of annoyance. Really, the issue here is not mailman. Mailman passwords address a very minor security issue and mailing them in plaintext has no effect on said security. The real issue is that passwords are being used in places where security really does matter, and that someone might have used the same password for mailman as they did for one of those systems. If you ask me, the problem is not mailman sending out the passwords, nor the fact that people often use the same password everywhere; the problem is that passwords are being used to secure important things. -- Ben -- Benjamin R Kreuter UVA Computer Science brk...@virginia.edu KK4FJZ -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
signature.asc
Description: PGP signature
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography