[security flaw] Ubuntu is a plain text offender
Tom H
tomh0665 at gmail.com
Wed May 25 10:47:08 UTC 2011
On Wed, May 25, 2011 at 3:27 AM, Amedee Van Gasse
<amedee-ubuntu at amedee.be> wrote:
> On Tue, May 24, 2011 20:45, Chuck Peters wrote:
>
>> Insecure? If you are that concerned about plain text passwords being
>> emailed to you I suggest you run your own mail server and require the smtp
>> transactions use TLS. I think the Canonical and Ubuntu people that
>> administrate the mail servers make reasonable choices for keeping the
>> information secure. I would be very surprised if they run mailman on a
>> server
>> with untrusted users having access to unencrypted passwords.
>
> You have not read my email. Not good enough, anyway.
>
> I am not concerned AT ALL about *MY* password being mailed to me in plain
> text.
>
> I *am* concerned about hundreds or maybe thousands of email
> address/password combinations that are currently stored in plain text on a
> Canonical server somewhere in a data center in or near London. One day a
> malicious person or group will come along and hack that server. It's not a
> question of if but when. That day Ubuntu will be the shame of the town,
> just like Sony is now with it's Playstation Network. Don't say that this
> will never happen. All it takes is one disgruntled Canonical employee.
I've yet to join one mailing list, run by Canonical/Ubuntu or not,
where my password isn't mailed to my in clear text.
There's even a warning when you sign up "Do not use a valuable
password as it will occasionally be emailed back to you in cleartext."
More information about the ubuntu-users
mailing list