Re: Password In The Clear
On 19.07.2013 20:52, Mark LaPierre wrote: … > Does anyone else question the wisdom of sending out passwords "in the > clear" in unencrypted email? http://www.gnu.org/software/mailman/security.html poma -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Password In The Clear
On Fri, Jul 19, 2013 at 02:52:56PM -0400, Mark LaPierre wrote: > Does anyone else question the wisdom of sending out passwords "in > the clear" in unencrypted email? Wise or not, the sign-up form states that pretty clearly: > Do not use a valuable password as it will occasionally be emailed back > to you in cleartext. It also states that this password isn't very useful to begin with. ;-) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Password In The Clear
On 07/19/2013 03:15 PM, Mark LaPierre wrote: I figured that, since mailman sent my password in the clear, I would take the opportunity to change my password. The password in the email was my old password. That's what I thought, but it was worth asking, Just In Case. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Password In The Clear
On 07/19/2013 03:05 PM, Joe Zeff wrote: On 07/19/2013 11:52 AM, Mark LaPierre wrote: Does anyone else question the wisdom of sending out passwords "in the clear" in unencrypted email? I'm not going to check, but I do hope that you didn't sent your real password to the entire list. No, I'm not quite that stupid, but I'm trying. My wife says that I'm really trying. I figured that, since mailman sent my password in the clear, I would take the opportunity to change my password. The password in the email was my old password. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Password In The Clear
On 07/18/2013 11:59 PM, users-requ...@lists.fedoraproject.org wrote: > SNIP You can also visit your membership page at https://admin.fedoraproject.org/mailman/options/users/marklapier%40aol.com On your membership page, you can change various delivery options such as your email address and whether you get digests or not. As a reminder, your membership password is Fedora13List If you have any questions or problems, you can contact the list owner at users-ow...@lists.fedoraproject.org Does anyone else question the wisdom of sending out passwords "in the clear" in unencrypted email? -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Password In The Clear
On Fri, Jul 19, 2013 at 02:52:56PM -0400, Mark LaPierre wrote: > Does anyone else question the wisdom of sending out passwords "in > the clear" in unencrypted email? This is a known problem with mailman. However, it's actually not as bad as it sounds -- or rather, it's worse than you think, and mailman is just not papering over the problem. That's because mailman treats "can see an email mailman sent" as authentication. It doesn't really matter if there's a password or a long hash. As long as you can intercept someone's email, you can control their mailing list subscriptions. That's why there's a warning about not using a "real" password. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Password In The Clear
On 07/19/2013 11:52 AM, Mark LaPierre wrote: Does anyone else question the wisdom of sending out passwords "in the clear" in unencrypted email? I'm not going to check, but I do hope that you didn't sent your real password to the entire list. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
