[Ach] Improving Applied Crypto Hardening Draft
Rolf Kutz
rk at vzsze.de
Fri Jan 10 10:32:29 CET 2014
On 10/01/14 09:42 +0100, Manuel Kraus wrote:
>b) I don't know how close you are to the guys at cert.at, but there are improvements possible too:
>
>The website "http://lists.cert.at/cgi-bin/mailman/options/ach" isn't SSL by default!
>
>I missed that detail and put my Ach-list password in cleartext... uhhh..
>
>
>
>c) The list password is stored there in cleartext, I assume.
Yes. In the default configuration, Mailman sends
that password unencrypted to you once a month.
regards
Rolf
More information about the Ach
mailing list