[Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated
passwords in Mailman]
Stephen J. Turnbull
stephen at xemacs.org
Fri Dec 17 12:03:36 CET 2004
>>>>> "John" == John Dennis <jdennis at redhat.com> writes:
John> The idea of storing sensitive data in Mailman archives seems
John> to be a bit crazy, but unfortunately, it is common practice.
Not only that, but if you're incautious about the archive setup, 3rd
parties may stash sensitive data there. Somebody (@163.com, according
to the received trail) noticed that a certain Chinese spam was getting
through my filters, and sent us an apparent copy that was actually a
cache of credit card data several pages down. :-(
It's a public list, so there's nothing we want to do about the
authentication of users problem discussed here; but watch those
archives, guys.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
More information about the Mailman-Developers
mailing list