From kgborah at att.net Sun Jun 3 02:33:44 2018
From: kgborah at att.net (Kyle Borah)
Date: Sat, 2 Jun 2018 21:33:44 -0500
Subject: [Mabs] nfbnet.org mailing-list password and security issue
Message-ID: <78A0EB1A-E506-4C06-AECE-192C4E0F5979@att.net>
David Andrews,
I am subscribed to a few of the local Missouri NFB email lists. We get monthly emails about or list subscriptions and how to change the subscriptions if needed. These emails include the passwords in plaintext. I am honestly not sure who to send this to so I'm sending it to you and I will also be forwarding it to both of these lists below.
I am currently studying for a computer science degree with an emphasis in cyber security. This brakes so many rules of proper password management I am flabbergasted it has continued like this in 2018. i have included my monthly email for June with my own passwords obfuscated. although, you probably have access to my passwords anyway... Please let me know if you have any questions or if i can provide anymore information.
email is below;
This is a reminder, sent out once a month, about your nfbnet.org
mailing list memberships. It includes your subscription info and how
to use it to change it or unsubscribe from a list.
You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.
In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
the list (for example, nfbmo-request at nfbnet.org ) containing just the
word 'help' in the message body, and an email message will be sent to
you with instructions.
If you have questions, problems, comments, etc, send them to
nfbmo-owner at nfbnet.org . Thanks!
Passwords for kgborah at att.net :
List Password // URL
---- --------
mabs at nfbnet.org ********
http://nfbnet.org/mailman/options/mabs_nfbnet.org/kgborah%40att.net
nfbmo at nfbnet.org ********
http://nfbnet.org/mailman/options/nfbmo_nfbnet.org/kgborah%40att.net
From dandrews at visi.com Sun Jun 3 04:10:59 2018
From: dandrews at visi.com (David Andrews)
Date: Sat, 02 Jun 2018 23:10:59 -0500
Subject: [Mabs] nfbnet.org mailing-list password and security issue
In-Reply-To: <78A0EB1A-E506-4C06-AECE-192C4E0F5979@att.net>
References: <78A0EB1A-E506-4C06-AECE-192C4E0F5979@att.net>
Message-ID:
This is a problem with Mailman -- but you don't help it any by
publishing this to a bunch of publicly archived lists.
Dave
At 09:33 PM 6/2/2018, Kyle Borah via Mabs wrote:
>David Andrews,
>
>I am subscribed to a few of the local Missouri NFB email lists. We
>get monthly emails about or list subscriptions and how to change the
>subscriptions if needed. These emails include the passwords in
>plaintext. I am honestly not sure who to send this to so I'm sending
>it to you and I will also be forwarding it to both of these lists below.
>I am currently studying for a computer science degree with an
>emphasis in cyber security. This brakes so many rules of proper
>password management I am flabbergasted it has continued like this in
>2018. i have included my monthly email for June with my own
>passwords obfuscated. although, you probably have access to my
>passwords anyway... Please let me know if you have any questions or
>if i can provide anymore information.
>
>
>email is below;
>
>This is a reminder, sent out once a month, about your nfbnet.org
>
>mailing list memberships. It includes your subscription info and how
>to use it to change it or unsubscribe from a list.
>
>You can visit the URLs to change your membership status or
>configuration, including unsubscribing, setting digest-style delivery
>or disabling delivery altogether (e.g., for a vacation), and so on.
>
>In addition to the URL interfaces, you can also use email to make such
>changes. For more info, send a message to the '-request' address of
>the list (for example, nfbmo-request at nfbnet.org
>) containing just the
>word 'help' in the message body, and an email message will be sent to
>you with instructions.
>
>If you have questions, problems, comments, etc, send them to
>nfbmo-owner at nfbnet.org . Thanks!
---
This email has been checked for viruses by AVG.
https://www.avg.com