Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
Bryan Holloway
bryan at shout.net
Fri Jan 11 20:05:49 UTC 2019
On 1/11/19 12:11 PM, Andreas Ott wrote:
> On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
>> On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:
>>> * no HTTPS
>>
>> HTTPS isn't needed for this application. I'll probably add it anyway
>> when I have a chance, but there are other things ahead of it.
>
> I respectfully disagree:
>
> http://www.firemountain.net/mailman/options/dumpsterfire/[email protected]
>
> asks for a "password" which is then transported over clear text. The year
> is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does
> send you the password in clear text over SMTP if you ask for it.
>
>
> -andreas
>
> To borrow a quote: The 'S' in IoT stands for 'Security'.
>
I thought it stood for ZEPPELIN.
More information about the NANOG
mailing list