Hi,

This comes up every once in a while, but as long as you don't use the same 
password for the mailing lists as other places, there really is no threat.

If someone else posted as you, just complain and it gets addressed.  

The only other risk I can think of would be someone removing you from the list 
and the archive is posted publicly.

Best regards,
Kathleen 

Sent from my iPhone

> On Oct 24, 2014, at 5:24 AM, Takahiko Kawasaki <[email protected]> wrote:
> 
> Sorry. I found a configuration parameter labeled "Get password reminder email 
> for this list?" at
> 
> https://www.ietf.org/mailman/options/oauth/{my-email-address}
> 
> Unbelievable option... This should not exist.
> 
> Takahiko Kawasaki
> 
> 
> 
> 2014-10-24 18:16 GMT+09:00 Antonio Sanso <[email protected]>:
>> hi,
>> 
>> this is not Oauth@ietf only :)
>> 
>> regards
>> 
>> antonio
>>> On Oct 24, 2014, at 11:11 AM, Takahiko Kawasaki <[email protected]> wrote:
>>> 
>>> Hello,
>>> 
>>> As a result of subscribing to [email protected], [email protected] 
>>> periodically sends me emails titled "ietf.org mailing list memberships 
>>> reminder" containing my password in PLAINTEXT. It's unbelievably insecure.
>>> 
>>> Is this happening only to me? How to stop [email protected] from 
>>> sending such emails? It's a terrible joke that this happens for 
>>> [email protected].
>>> 
>>> They store our passwords in plaintext in their database, or at least in a 
>>> way for them to decrypt our passwords. One-way hash should be used...
>>> 
>>> Takahiko Kawasaki
>>> _______________________________________________
>>> OAuth mailing list
>>> [email protected]
>>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to