Confirming Membership of List
Peter S Kirk
peter.kirk at isauk.biz
Tue Jul 1 12:04:34 PDT 2014
On 1 Jul 2014 at 14:18, Gareth Ellis Gareth Ellis <gareth at gsellis.com>
wrote:
> It's a "feature" of mailman, and as far as I'm aware it's a random
> password that only lets you unsubscribe.
>
> The mailing list content is public anyway :
> http://lists.infradead.org/pipermail/get_iplayer/
>
> On Tue, Jul 1, 2014 at 2:02 PM, Chris J Brady <chrisjbrady at yahoo.com> wrote:
> > In a master stroke of security - or rather in an appalling LACK of security - the mailing list owners / moderators
> have just sent me an email confirming my membership - which included MY PASSWORD IN PLAIN TEXT.
> >
> > For such a mailing list of potentially legally sensitive subject matter - i.e. how to hack the BBC's servers - this
> is an unacceptable breach of security.
> >
Chris,
As Gareth says, it's a random password generated by the list.
Time to park your outrage bus back in the garage.
Peter
More information about the get_iplayer
mailing list