[Ach] Improving Applied Crypto Hardening Draft

Rolf Kutz rk at vzsze.de
Fri Jan 10 10:32:29 CET 2014

On 10/01/14 09:42 +0100, Manuel Kraus wrote:
>b) I don't know how close you are to the guys at cert.at, but there are improvements possible too:
>The website "http://lists.cert.at/cgi-bin/mailman/options/ach" isn't SSL by default!
>I missed that detail and put my Ach-list password in cleartext... uhhh..
>c) The list password is stored there in cleartext, I assume.

Yes. In the default configuration, Mailman sends
that password unencrypted to you once a month.


More information about the Ach mailing list