Re: [Evolution] subscription reminders

From: Adam Tauno Williams <awilliam whitemice org>
To: evolution-list gnome org
Subject: Re: [Evolution] subscription reminders
Date: Wed, 01 May 2013 07:56:45 -0400

On Wed, 2013-05-01 at 11:02 +0100, Pete Biggs wrote:

Gnome mailing lists seem to have started sending out monthly reminders
of all Gnome lists i am subscribed to and what my password is for each
one.

It's standard practise for mailing lists - virtually every mailing list
I'm on does it.

+1

I don't think the emails are even encrypted!!  Doesn't this expose me
to risk?  What would happen if tons of accounts got cracked?  Couldn't
they be used to send tons of spam traffic to Gnome and explore other
vulnerabilities?

The password that is sent out is the one for the mailing list - it
doesn't do anything else within Gnome.  With the password the "hacker"
can change the subscription options for the list, change your password
or change the subscription address.  It doesn't give access to any
personal information (other than your email address, which they've
already got).


AND when you subscribe it says to use a different password from any
non-trivial account you have.

Also, one of the options that that password allows you to change is
whether you get the monthly reminders of your password - if it worries
you, turn it off.
In general mailing list passwords should be considered as disposable and
you definitely shouldn't use the same password as for other more
important things.


+1

-- 
Adam Tauno Williams <awilliam whitemice org>

References:
- [Evolution] subscription reminders
  - From: Tom Davies
- Re: [Evolution] subscription reminders
  - From: Pete Biggs

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]