[security flaw] Ubuntu is a plain text offender
Amedee Van Gasse
amedee-ubuntu at amedee.be
Wed May 25 07:27:22 UTC 2011
On Tue, May 24, 2011 20:45, Chuck Peters wrote:
> Insecure? If you are that concerned about plain text passwords being
> emailed to you I suggest you run your own mail server and require the smtp
> transactions use TLS. I think the Canonical and Ubuntu people that
> administrate the mail servers make reasonable choices for keeping the
> information secure. I would be very surprised if they run mailman on a
> server
> with untrusted users having access to unencrypted passwords.
You have not read my email. Not good enough, anyway.
I am not concerned AT ALL about *MY* password being mailed to me in plain
text.
I *am* concerned about hundreds or maybe thousands of email
address/password combinations that are currently stored in plain text on a
Canonical server somewhere in a data center in or near London. One day a
malicious person or group will come along and hack that server. It's not a
question of if but when. That day Ubuntu will be the shame of the town,
just like Sony is now with it's Playstation Network. Don't say that this
will never happen. All it takes is one disgruntled Canonical employee.
More information about the ubuntu-users
mailing list