[Announce] Mailman passwords

Jenn Vesperman jenn at anthill.echidna.id.au
Wed Feb 6 14:19:19 EST 2002

One of the boxes on the same LAN as www.linuxchix.org was security
compromised. (Not one of ours, one of the others hosted at the site)

We -know- that the traffic on that network was sniffed. 

Your mailman passwords for Linuxchix are sent out plaintext once a
month. (And I think Mailman uses basic http-auth, and sends the
authorisation data plaintext anyway - not sure there.) You may wish to
consider those passwords compromised.

I wouldn't be especially worried about it - the mailman passwords only
authorise someone to change your subscription data, and AFAIK that's
just nuisance value. 

Anyway, the situation exists and you all have a right to know about it.
If something funny happens to your subscription settings, that's
probably why and you'll want to change your password and reset the
settings. They can't change your email address.

Jenn V.
    "Do you ever wonder if there's a whole section of geek culture 
        	you miss out on by being a geek?" - Dancer.

jenn at anthill.echidna.id.au     http://anthill.echidna.id.au/~jenn/

More information about the Announce mailing list