[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[ATM] MASSIVE SECURITY BREACH

I'd also like to add that the password message is not "broadcast" to the
list, but merely sent to your mailbox.  Yes it's in plain text, but unless
you are foolish enough to use the same password for the ATM list as you use
for your ATM card, then there is really no appreciable risk.  I, for one,
like getting a reminder of how I can change my subscription settings... I
have so many passwords for low-risk systems (like this one) that I can't
possibly keep track of them all.

RO

----- Original Message ----- 
From: "Ken Lowther" <hermit@outofoptions.org>
To: "Stanley A. Schultz" <schultz@ucalgary.ca>
Cc: "Mailing List: Amateur Telescope Makers" <ATM@atmlist.net>
Sent: Monday, March 01, 2004 1:41 PM
Subject: Re: [ATM] MASSIVE SECURITY BREACH


> When signing up, the page specifically tells you not to use a 'valuable'
> password.  If a system is already breached, then yes, someone could use
your
> Mailman password to change your settings.  Even unsubscribe you from the
list.
> However, to get that password, some one must have already breached YOUR
system
> and you have far bigger problems than your list settings.
>
> Ken
>
> Quoting "Stanley A. Schultz" <schultz@ucalgary.ca>:
>
> > atmlist.net -
> >
> > WHAT ARE YOU PEOPLE THINKING? WHERE DO YOU KEEP YOUR BRAINS ANYWAY?
> >
> > On Mon, 1 Mar 2004 mailman-owner@atmlist.net wrote:
> >
> > > ... If you have questions, problems, comments, etc, send them to
> > > mailman-owner@atmlist.net.  Thanks!
> > >
> > > Passwords for schultz@ucalgary.ca:
> > >
> > > List                                     Password // URL
> > > ----                                     --------
> > > atm@atmlist.net                          XXXXXXX
> >
> > I have grave doubts about the sanity of any list owners/administrators
who
> > periodically, predictably broadcast, or allow to be broadcast, their
> > members' passwords for any reason! While you may not be broadcasting
them
> > openly, anyone with any knowledge of Internet cracking could in theory
be
> > able to intercept them and use them to compromise the security of your
or
> > the recipient's server. All you have to do is tap into the net and look
> > for the word "Password!"
> >
> > Do you not percieve the number of people who stay up all night writing
> > code to do just that so that they *CAN* get into systems they shouldn't
be
> > allowed to access?
> >
> > Who in Hell needs Microsoft's security holes when we have lists that do
> > this?
> >
> >
> >
> >  Peace, health, wisdom and wealth.
> >  Live long and prosper.
> >
> >
> >  Stan Schultz
> >  Marguerite Schultz
> >   4411 Edmonton Trail. NE
> >   Calgary, Alberta T2E 3V7
> >   CANADA
> >
> >   Phone (days): (403) 220-8570 (Leave message.)
> >   Phone (eves): (403) 230-1911 (Leave message.)
> >   Phone (cell): (403) 667-6697 (Forget it! It's never on!)
> >   FAX (24 hrs): (403) 270-8928
> >   E-mail: schultz@ucalgary.ca
> >   Web: http://www.ucalgary.ca/~schultz/
> >
> > "We are *NOT* tourists! We've been here for just hours and hours!"
> >
> > *****************************************************************
> >
> > GREAT NEWS! You should visit
http://www.ucalgary.ca/~schultz/motorhome.html.
> >
> > *****************************************************************
> >
> > _______________________________________________
> > ATM mailing list http://www.atmlist.net/
> >
>
>
> Hermit, holed up in Youngstown, Ohio
> _______________________________________________
> ATM mailing list http://www.atmlist.net/