[sudo-workers] lack of mailling list security
erh+sudo at nimenees.com
Thu May 1 11:51:27 EDT 2008
Does anyone else fine it ironic that a mailing list for a very security
oriented program sends out everyone's passwords in plain text emails?
Logging into the website isn't all that secure either. The certificate
for the site is for a completely different hostname, but it doesn't matter
because even if you type in "https", the form on that page _forces_ you
back to a non-SSL login.
More information about the sudo-workers