On Thu, Mar 1, 2012 at 5:49 PM, Steven Bellovin <s...@cs.columbia.edu> wrote: > > On Mar 1, 2012, at 4:33 12PM, Nico Williams wrote: > >> On Thu, Mar 1, 2012 at 3:22 PM, Randall Webmail <rv...@insightbb.com> wrote: >>> From: "Jeffrey Walton" <noloa...@gmail.com> >>>> Perhaps Fricosu reused a password and was on a mailing list using >>>> Mailman... >>> >>> Yeah - what's the deal with Mailman sending the password in clear-text, >>> once a month? >>> >>> Did anyone really think that was a good idea? Was it a tradeoff between >>> security and help desk support costs? What other reason could there be? >> >> Mailman passwords are of very low value. > > > Precisely correct. The security mechanism is commensurate with the general > risk. And if you're running that high-value a mailing list, you simply > disable that feature. Low value to whom? Considering all the password reuse, some (such as the bad guys) would consider the username/password list high value.
Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
