[TriLUG] MASSIVE SECURITY BREACH

Jeremy Portzer jeremyp at pobox.com
Mon Mar 1 16:22:28 EST 2004


On Mon, 2004-03-01 at 16:09, Stanley A. Schultz wrote:
> WHAT ARE YOU PEOPLE THINKING?
> WHERE DO YOU KEEP YOUR BRAINS ANYWAY?

Wow, first ever post you make to the list starts off with ad hominem
attacks.  What a way to make friends.  </sarcasm>

> > ... If you have questions, problems, comments, etc, send them to
> > mailman-owner at trilug.org.  Thanks!

Um, this is not mailman-owner at trilug.org, by the way.

> > Passwords for schultz at ucalgary.ca:
> >
> > List                                     Password // URL
> > ----                                     --------
> > trilug at trilug.org                        XXXXXXX
> > http://www.trilug.org/mailman/options/trilug/schultz%40ucalgary.ca
> 
> I have grave doubts about the sanity of any list owners/administrators who
> periodically, predictably broadcast, or allow to be broadcast, their
> members' passwords for any reason!

First of all, this is extremely common.  A vast number, if not the
majority of lists, in the free/open source software world, like GNU
Mailman, do this.  The reason is that the list password is intended as
"convenience" password, to keep out spammers and pranksters.  It is in
no way meant to be a highly secure item, and mailman even warns of that:

        Do not use a valuable password as it will occasionally be
        emailed back to you in cleartext.

Have you never before been on a list run by GNU Mailman before?   What
was unclear about that message at the box when you typed in your
password?

> Who in Hell needs Microsoft's security holes when we have lists that do
> this?

This isn't worth of reply, sorry.

>  Stan Schultz
>  Marguerite Schultz
>   4411 Edmonton Trail. NE
>   Calgary, Alberta T2E 3V7
>   CANADA
> 
>   Phone (days): (403) 220-8570 (Leave message.)
>   Phone (eves): (403) 230-1911 (Leave message.)
>   Phone (cell): (403) 667-6697 (Forget it! It's never on!)
>   FAX (24 hrs): (403) 270-8928
>   E-mail: schultz at ucalgary.ca
>   Web: http://www.ucalgary.ca/~schultz/
> 


What a .sig.
Don't you consider it a MASSIVE SECURITY BREACH to include all of your
contact information like that?  *sigh*

I was going to suggest that we meet for lunch to discuss this, but
unless you're planning a jaunt down from Canada, it seems like that
might be less than convenient for you.  Oh well.

--Jeremy

-- 
/---------------------------------------------------------------------\
| Jeremy Portzer        jeremyp at pobox.com      trilug.org/~jeremy     |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\---------------------------------------------------------------------/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040301/1c1db369/attachment.pgp>


More information about the TriLUG mailing list