Wireshark-users: Re: [Wireshark-users] List Server

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 01 Apr 2009 13:20:24 -0700
Jeffrey Walton wrote:
It's almost unbelievable that a tool, used so often for security and
malware analysis purposes, would be paired with a site that stores
passwords in the plain text.

Worst is the fact that the box was compromised allowing a April 1st
malware to email out passwords.

The malware in question is called "Mailman". If you don't like its password/cookie behavior, you probably shouldn't subscribe to the GPG list either:

  http://lists.gnupg.org/pipermail/gnupg-announce/2001q1/000116.html

FWIW, no one is really happy with Mailman's use of cleartext passwords, including its developers. The next major release should have much better password management:

  http://wiki.list.org/display/DEV/2007/01/13/Passwords+done+right

However, it isn't ready for general consumption yet. In the mean time, you can change your subscription options to disable monthly reminders:

  https://wireshark.org/mailman/options/wireshark-users