Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

[Bryan Holloway <bryan () shout net>]

On 1/11/19 12:11 PM, Andreas Ott wrote:
> On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
> > On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:
> > >    * no HTTPS
> >
> > HTTPS isn't needed for this application.  I'll probably add it anyway
> > when I have a chance, but there are other things ahead of it.
>
> I respectfully disagree:
>
> http://www.firemountain.net/mailman/options/dumpsterfire/bofh () example com
>
> asks for a "password" which is then transported over clear text. The year
> is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does
> send you the password in clear text over SMTP if you ask for it.
>
>
> -andreas
>
> To borrow a quote: The 'S' in IoT stands for 'Security'.

I thought it stood for ZEPPELIN.