nanog mailing list archives
Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
From: Andreas Ott <andreas () naund org>
Date: Fri, 11 Jan 2019 10:11:36 -0800
On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:* no HTTPSHTTPS isn't needed for this application. I'll probably add it anyway when I have a chance, but there are other things ahead of it.
I respectfully disagree: http://www.firemountain.net/mailman/options/dumpsterfire/bofh () example com asks for a "password" which is then transported over clear text. The year is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does send you the password in clear text over SMTP if you ask for it. -andreas To borrow a quote: The 'S' in IoT stands for 'Security'.
Current thread:
- Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rich Kulawiec (Jan 10)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues J. Hellenthal via NANOG (Jan 10)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rich Kulawiec (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Anne P. Mitchell, Esq. (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Yang Yu (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Ross Tajvar (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Mike Hammett (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Brian Kantor (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rich Kulawiec (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Andreas Ott (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rob McEwen (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Mark Andrews (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues cosmo (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues J. Hellenthal via NANOG (Jan 10)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Grant Taylor via NANOG (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rob McEwen (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Bryan Holloway (Jan 11)