Re: Odd msg received from list
Chris Yes, I mean precisely that. The password was sent to me in the body of the message in plaintext. That is what has me very concerned about the list and its ability to protect private information. Regards Jack On 11/15/2013 02:48 PM, Chris “Kwpolska” Warrick wrote: On Fri, Nov 15, 2013 at 12:30 AM, Gregory Ewing greg.ew...@canterbury.ac.nz wrote: Verde Denim wrote: The message also listed my account password, which I found odd. You mean the message contained your actual password, in plain text? That's not just odd, it's rather worrying for at least two reasons. First, what business does a message like that have carrying a password, and second, it means the server must be keeping passwords in a readable form somewhere, which is a really bad idea. From the info page at https://mail.python.org/mailman/listinfo/python-list: You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. **Do not use a valuable password** as it will occasionally be emailed back to you in cleartext. If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options. Once a month, your password will be emailed to you as a reminder. -- Regards Jack Boston Tea Party, Coercive Acts, Powder Alarm, Revolution Lessons (Mistakes) not learned are bound to be repeated. -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Sun, Nov 17, 2013 at 12:15 PM, Verde Denim tdl...@gmail.com wrote: Chris Yes, I mean precisely that. The password was sent to me in the body of the message in plaintext. That is what has me very concerned about the list and its ability to protect private information. The list specifically told you not to use a valuable password :) In fact, a password is completely optional - it's just an alternative to always having to do a click-through. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On 11/16/2013 08:18 PM, Chris Angelico wrote: On Sun, Nov 17, 2013 at 12:15 PM, Verde Denim tdl...@gmail.com wrote: Chris Yes, I mean precisely that. The password was sent to me in the body of the message in plaintext. That is what has me very concerned about the list and its ability to protect private information. The list specifically told you not to use a valuable password :) In fact, a password is completely optional - it's just an alternative to always having to do a click-through. ChrisA ChrisA Each one of my accounts is completely different (and as random as I can get them). Each one is also uniquely set to match a set of criteria of my own choosing to indicate level of data, level of composite data, level of integrity, level of criticality, and a few other 'soft values'. This equates to each account being generated in a one-off fashion, so I'm not worried that my list account here will ever show up somewhere else in any other form. However, that doesn't mean that it doesn't concern me that the list is publishing these values back to the list participant(s) in plaintext. If I have to unsubscribe and then re-subscribe without a pass-phrase I can do that but just wanted to make the list admin(s) aware that it had occurred. -- Regards Jack Boston Tea Party, Coercive Acts, Powder Alarm, Revolution Lessons (Mistakes) not learned are bound to be repeated. -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
In article 5288239d.4060...@gmail.com, Verde Denim tdl...@gmail.com wrote: Each one of my accounts is completely different (and as random as I can get them). Each one is also uniquely set to match a set of criteria of my own choosing to indicate level of data, level of composite data, level of integrity, level of criticality, and a few other 'soft values'. This equates to each account being generated in a one-off fashion, so I'm not worried that my list account here will ever show up somewhere else in any other form. However, that doesn't mean that it doesn't concern me that the list is publishing these values back to the list participant(s) in plaintext. If I have to unsubscribe and then re-subscribe without a pass-phrase I can do that but just wanted to make the list admin(s) aware that it had occurred. Sending password reminders is a standard default of the venerable Mailman mailing list software that powers Python-list and many other mailing lists. You can visit the member options page and change the password and/or disable the automatic reminders: https://mail.python.org/mailman/options/python-list -- Ned Deily, n...@acm.org -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Fri, Nov 15, 2013 at 12:30 AM, Gregory Ewing greg.ew...@canterbury.ac.nz wrote: Verde Denim wrote: The message also listed my account password, which I found odd. You mean the message contained your actual password, in plain text? That's not just odd, it's rather worrying for at least two reasons. First, what business does a message like that have carrying a password, and second, it means the server must be keeping passwords in a readable form somewhere, which is a really bad idea. From the info page at https://mail.python.org/mailman/listinfo/python-list: You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. **Do not use a valuable password** as it will occasionally be emailed back to you in cleartext. If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options. Once a month, your password will be emailed to you as a reminder. -- Chris “Kwpolska” Warrick http://kwpolska.tk PGP: 5EAAEA16 stop html mail | always bottom-post | only UTF-8 makes sense -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Thu, Nov 14, 2013 at 8:53 AM, Verde Denim tdl...@gmail.com wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? -- Regards Jack Boston Tea Party, Coercive Acts, Powder Alarm, Revolution Lessons (Mistakes) not learned are bound to be repeated. -- https://mail.python.org/mailman/listinfo/python-list I got the same message. It hasn't happened to me lately but I think this also happened maybe a couple of years ago. -- Joel Goldstick http://joelgoldstick.com -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Fri, Nov 15, 2013 at 12:53 AM, Verde Denim tdl...@gmail.com wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? Yes, I did too. I don't think it has anything to do with the number of posts you make; it'll be to do with the number that get sent to you, and it looks like it may be something to do with gmail. I tossed an email to the list-owner address and it's being looked into; you'll probably need to mark your address as active again. (In case you haven't yet done that, I'm doing something I almost never do and including the OP in the To: list. Please don't take this as a precedent; normally, just reply to the list and let the sender get a copy through that.) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
In article mailman.2591.1384437196.18130.python-l...@python.org, Verde Denim tdl...@gmail.com wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? This sounds like a variation of a classic phishing scam. You get an email which looks official, telling you that some account you have has been suspended because you need to verify some information. The wording of the message is always vague about exactly what account this is. Don't click on any of the links. At best, they're harvesting email addresses. At worst, they're harvesting personal information which can be used for identity theft, credit card fraud, or all sorts of malfeasance. Here's some recent examples from my junk mailbox: Attention User; Your email Quota is almost exceeded. We are currently doing a maintenance on our server. Please, Visit page below to update your account and avoid losing your inbox. [link elided] Thank you, Technical Team and another: Dear Client, This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it. The account will continue to be frozen until it is approved And Validate Your Account Information. Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again. This will help protect you in the future. The process does not take more than 3 minutes. To proceed to confirm your account information please click on the link below and follow the instructions that will be required. Click Here To Verfiy Your Account info © 2013 All rights reserved. -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On 14/11/2013 13:53, Verde Denim wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? I'm wondering if it has anything to do with spam filtering. If you're using a spam filter (it might be offered as a feature by your ISP) that bounces instead of just deleting, and the spam looks like it comes from or through the list, then the list would receive those bounces without you being aware of it. -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On 14/11/2013 13:53, Verde Denim wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? I can confirm that your account has been suspended because bounces. That is: as a moderator, I can view your record in the interface and see that it has been tagged as such. I can't tell you any more, I'm afraid; I've just emailed the other list owners to see if someone has a handle on why this has happened to a number of @gmail.com users today. TJG -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Fri, Nov 15, 2013 at 1:11 AM, Roy Smith r...@panix.com wrote: In article mailman.2591.1384437196.18130.python-l...@python.org, Verde Denim tdl...@gmail.com wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? This sounds like a variation of a classic phishing scam. You get an email which looks official, telling you that some account you have has been suspended because you need to verify some information. The wording of the message is always vague about exactly what account this is. Don't click on any of the links. At best, they're harvesting email addresses. At worst, they're harvesting personal information which can be used for identity theft, credit card fraud, or all sorts of malfeasance. I agree in general, but I happen to be pretty familiar with Mailman alerts, and this one was genuine. Also, it pointed to what does appear to be the right address (mail.python.org). There's definitely something going around that's causing problems for gmail users; maybe spam is getting bounced/rejected instead of being dropped? ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Fri, Nov 15, 2013 at 1:24 AM, MRAB pyt...@mrabarnett.plus.com wrote: I'm wondering if it has anything to do with spam filtering. If you're using a spam filter (it might be offered as a feature by your ISP) that bounces instead of just deleting, and the spam looks like it comes from or through the list, then the list would receive those bounces without you being aware of it. I hadn't read your post when I typed up my own. You said everything I was saying about spam, only better and sooner. :) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On Thu, Nov 14, 2013 at 2:53 PM, Verde Denim tdl...@gmail.com wrote: Has anyone else received a message like this? I did too. It seems to me that Gmail's spam filter might have been overly enthusiastic, but the only way to find out is to look at the bounces that the list software received. Yesterday I also received a warning from the debian-laptop mailing list program. Joost -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
Chris Angelico ros...@gmail.com wrote: I agree in general, but I happen to be pretty familiar with Mailman alerts, and this one was genuine. Also, it pointed to what does appear to be the right address (mail.python.org). There's definitely something going around that's causing problems for gmail users; It happended to me too. And I'm a Yahoo user. I clicked the MailMan confirmation link and all emails seems to be received now (comparing to what's on the NNTP group). --gv -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
On 11/14/2013 9:26 AM, Tim Golden wrote: On 14/11/2013 13:53, Verde Denim wrote: I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? I can confirm that your account has been suspended because bounces. That is: as a moderator, I can view your record in the interface and see that it has been tagged as such. I can't tell you any more, I'm afraid; I've just emailed the other list owners to see if someone has a handle on why this has happened to a number of @gmail.com users today. It has since been discovered and announced elsewhere on this list that the problem was a post 'from' unknown.org which google rejected. -- Terry Jan Reedy -- https://mail.python.org/mailman/listinfo/python-list
Re: Odd msg received from list
Verde Denim wrote: The message also listed my account password, which I found odd. You mean the message contained your actual password, in plain text? That's not just odd, it's rather worrying for at least two reasons. First, what business does a message like that have carrying a password, and second, it means the server must be keeping passwords in a readable form somewhere, which is a really bad idea. -- Greg -- https://mail.python.org/mailman/listinfo/python-list