Confirming Membership of List

Peter S Kirk peter.kirk at isauk.biz
Tue Jul 1 12:04:34 PDT 2014


On 1 Jul 2014 at 14:18, Gareth Ellis Gareth Ellis <gareth at gsellis.com> 
wrote:

> It's a "feature" of mailman, and as far as I'm aware it's a random
> password that only lets you unsubscribe.
> 
> The mailing list content is public anyway :
> http://lists.infradead.org/pipermail/get_iplayer/
> 
> On Tue, Jul 1, 2014 at 2:02 PM, Chris J Brady <chrisjbrady at yahoo.com> wrote:
> > In a master stroke of security - or rather in an appalling LACK of security - the mailing list owners / moderators
> have just sent me an email confirming my membership - which included MY PASSWORD IN PLAIN TEXT.
> >
> > For such a mailing list of potentially legally sensitive subject matter - i.e. how to hack the BBC's servers - this
> is an unacceptable breach of security.
> >

Chris,

As Gareth says, it's a random password generated by the list.

Time to park your outrage bus back in the garage.

Peter



More information about the get_iplayer mailing list