[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
On Fri, Jan 11, 2019 at 12:17:09PM -0500, Rich Kulawiec wrote:
> On Fri, Jan 11, 2019 at 08:23:31AM -0800, Yang Yu wrote:
> > * no HTTPS
>
> HTTPS isn't needed for this application. I'll probably add it anyway
> when I have a chance, but there are other things ahead of it.
I respectfully disagree:
http://www.firemountain.net/mailman/options/dumpsterfire/bofh at example.com
asks for a "password" which is then transported over clear text. The year
is 2019 and there's always letsencrypt SSL certs. Admittedly, mailman does
send you the password in clear text over SMTP if you ask for it.
-andreas
To borrow a quote: The 'S' in IoT stands for 'Security'.