Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

• Previous message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Next message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
> On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:
> >   * no HTTPS
> 
> HTTPS isn't needed for this application.  I'll probably add it anyway
> when I have a chance, but there are other things ahead of it.

I respectfully disagree:

http://www.firemountain.net/mailman/options/dumpsterfire/[email protected]

asks for a "password" which is then transported over clear text. The year 
is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does
send you the password in clear text over SMTP if you ask for it.


-andreas

To borrow a quote: The 'S' in IoT stands for 'Security'.

• Previous message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Next message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]