Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

Bryan Holloway bryan at shout.net
Fri Jan 11 20:05:49 UTC 2019



On 1/11/19 12:11 PM, Andreas Ott wrote:
> On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
>> On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:
>>>    * no HTTPS
>>
>> HTTPS isn't needed for this application.  I'll probably add it anyway
>> when I have a chance, but there are other things ahead of it.
> 
> I respectfully disagree:
> 
> http://www.firemountain.net/mailman/options/dumpsterfire/[email protected]
> 
> asks for a "password" which is then transported over clear text. The year
> is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does
> send you the password in clear text over SMTP if you ask for it.
> 
> 
> -andreas
> 
> To borrow a quote: The 'S' in IoT stands for 'Security'.
> 

I thought it stood for ZEPPELIN.



More information about the NANOG mailing list