[Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman]

Stephen J. Turnbull stephen at xemacs.org
Fri Dec 17 12:03:36 CET 2004

>>>>> "John" == John Dennis <jdennis at redhat.com> writes:

    John> The idea of storing sensitive data in Mailman archives seems
    John> to be a bit crazy, but unfortunately, it is common practice.

Not only that, but if you're incautious about the archive setup, 3rd
parties may stash sensitive data there.  Somebody (@163.com, according
to the received trail) noticed that a certain Chinese spam was getting
through my filters, and sent us an apparent copy that was actually a
cache of credit card data several pages down.  :-(

It's a public list, so there's nothing we want to do about the
authentication of users problem discussed here; but watch those
archives, guys.

Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.

More information about the Mailman-Developers mailing list