Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
Andreas Ott
andreas at naund.org
Fri Jan 11 18:11:36 UTC 2019
On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
> On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:
> > * no HTTPS
>
> HTTPS isn't needed for this application. I'll probably add it anyway
> when I have a chance, but there are other things ahead of it.
I respectfully disagree:
http://www.firemountain.net/mailman/options/dumpsterfire/[email protected]
asks for a "password" which is then transported over clear text. The year
is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does
send you the password in clear text over SMTP if you ask for it.
-andreas
To borrow a quote: The 'S' in IoT stands for 'Security'.
More information about the NANOG
mailing list