[security flaw] Ubuntu is a plain text offender
Kent Borg
kentborg at borg.org
Mon May 23 15:14:25 UTC 2011
Amedee Van Gasse wrote:
> Ubuntu should stop using an insecure version of Mailman. Now.
I am never bothered when a mailing list sends me a plaintext password.
But *I* do something Extremely Radical: I don't reuse passwords.
If a mailing list password of mine gets out it is only a mailing list
password.
Reusing passwords is too scary. Somehow the idea of having just one (or
a small number) of keys to my life and casually handing out copies to
anyone who asks seems really stupid. How do I know what they are going
to do with it?
Write down your passwords. Yup. Write them down. Keep a list, obscure
things a little in the list, but keep a list. Put it in your wallet,
keep an updated copy someplace else. If someone steals your wallet you
will probably notice it and you will be able to go change passwords
before the thief figures out your obscuring scheme.
But when you reuse a password and one of the various sites is broken
into, first you won't know it was broken into, second, even if you did
get notified...how would you ever know what other sites you used that
password on if you don't keep a list?
Yes, it is better for mail reflectors to not send out plaintext
passwords, but it wouldn't matter much if you didn't reuse passwords.
-kb
More information about the ubuntu-users
mailing list