2 min read

[Internet Privacy] Mailing List Usernames and Passwords Loose on the Internet

Loredana BOTEZATU

July 23, 2010

Promo Protect all your devices, without slowing them down.
Free 30-day trial
[Internet Privacy] Mailing List Usernames and Passwords Loose on the Internet

Unless you have been living on a deserted island for the past 12 years, you’ve surely come across a mailing list – if not as active poster, at least as a fervent reader. Mailing list software is the cornerstone of various communities ranging from support websites to forum alternatives.

Distributed under the  General Public License (GNU), Mailman is a free software application which is widely used for managing electronic mail discussion and e-newsletter lists. Integrated with the WWW, Mailman runs on GNU/Linux and the majority if Unix-like systems, which made it the favorite pick when it comes to mail list software.

Among many features included in the Mailman application, there’s one key point that seems to have become a nightmare. When creating an account, the user gets the (already checked) option to receive a monthly membership reminder which includes their username and password typed in clear text, as shown in the image below:

 

Password Reminder

 

Fig. 1. Mailing list membership reminder

 

Now imagine that most mailing lists are public and these reminders are added as actual posts to the mailing lists which are publicly indexable by most of the existing search engines. The result is a massive disclosure of personal information, which can be harvested by miscellaneous bots and spiders and put to malicious use.

A simple query for “mailing list membership reminder” revealed results unveiling users’ personal login credentials.

 

Search results

Fig. 2. Search results for: “mailing list membership reminder”

 

 

So, if you use Mailman mailing lists, you should immediately change your account password and turn off the monthly notifications.

And if you’re a mailing list administrator, you should alter the default settings regarding the monthly password reminders and submit a request to search engines to purge this kind of information from their cache.

 

Settings

Fig. 3. Mailman settings

 

Try BitDefender Internet Security 2010 for free 30 days!

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader