[Owasp-leaders] Once again people are tweeting about mailman sending back clear text passwords
Arturo 'Buanzo' Busleiman
buanzo at buanzo.com.ar
Wed Feb 1 13:46:05 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Shouldn't our question be "How does the Mailman community deal with this issue? What are the best
practices? Should we keep Mailman? Should we provide patches?".
On 02/01/2012 08:38 AM, Erlend Oftedal wrote:
> If we could set it globally that would be great, but it still does not solve the underlying issue.
> Mailman is storing passwords in a recoverable format (maybe even cleartext), which is a bad thing imho.
>
>
>
>
>
> Erlend
>
> ----------------------------------------------------------------------------------------------------
> *Fra:* owasp-leaders-bounces at lists.owasp.org [owasp-leaders-bounces at lists.owasp.org] på vegne av
> Benny Ketelslegers [benny.ketelslegers at owasp.org]
> *Sendt:* 1. februar 2012 12:24
> *To:* Owasp-Leaders
> *Emne:* Re: [Owasp-leaders] Once again people are tweeting about mailman sending back clear text
> passwords
>
>
> If you go to the administration interface of Mailman, there is an option "Send monthly password
> reminders?" Simply select "no". Am I overlooking something obvious or is this what you want?
>
> It's a per list setting, I'm not sure if you can set it globally. Maybe.
>
> Best Regards,
> Benny
> Japan chapter
>
> On Wed, Feb 1, 2012 at 5:59 PM, John Wilander <john.wilander at owasp.org
> <mailto:john.wilander at owasp.org>> wrote:
>
> I've had two chapter members leaving us because of this. Sending out members' passwords in
> plaintext is nothing less than scandalous for an appsec community. Agree?
>
> If I can help out or if there's some setting I've missed, please let me know. And if there's a
> setting for "Don't send plaintext passwords" it should be on by default.
>
> Regards, John
>
>
> 2012/2/1 Erlend Oftedal <Erlend.Oftedal at bekk.no <mailto:Erlend.Oftedal at bekk.no>>
>
> This is creating some bad publicity for OWASP.
>
> We should fix this. See http://twitter.com/dietervds/statuses/164629488351711232
>
> OWASP will be put on plaintextoffender.com <http://plaintextoffender.com>
>
>
>
> Best regards,
>
> Erlend Oftedal
>
> OWASP Norway chapter
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
> My music http://www.johnwilander.com & my résumé http://johnwilander.se
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
- --
? Arturo "Buanzo" Busleiman ? - MUSICA: soundcloud.com/no-carrier
Independent Linux and Security Consultant - 16+y of IT exp. at your service .
OWASPer - http://www.buanzo.com.ar/pro/eng.html ..:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEAREKAAYFAk8pQh0ACgkQAlpOsGhXcE3LawCfZAJ94V3/MbJeMC2Y8xUXx7Rk
YI8An0ufol0PUl3St2vNhmJTii8Hy/SC
=wDdg
-----END PGP SIGNATURE-----
More information about the OWASP-Leaders
mailing list