Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] List Server

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 01 Apr 2009 13:20:24 -0700

Jeffrey Walton wrote:

It's almost unbelievable that a tool, used so often for security and
malware analysis purposes, would be paired with a site that stores
passwords in the plain text.

Worst is the fact that the box was compromised allowing a April 1st
malware to email out passwords.
The malware in question is called "Mailman". If you don't like its password/cookie behavior, you probably shouldn't subscribe to the GPG list either: 

  http://lists.gnupg.org/pipermail/gnupg-announce/2001q1/000116.html
FWIW, no one is really happy with Mailman's use of cleartext passwords, including its developers. The next major release should have much better password management: 

  http://wiki.list.org/display/DEV/2007/01/13/Passwords+done+right
However, it isn't ready for general consumption yet. In the mean time, you can change your subscription options to disable monthly reminders: 

  https://wireshark.org/mailman/options/wireshark-users
  • References:
    • [Wireshark-users] List Server
      • From: Jeffrey Walton
  • Prev by Date: [Wireshark-users] List Server
  • Next by Date: Re: [Wireshark-users] filtering on Ethernet MAC OUI
  • Previous by thread: [Wireshark-users] List Server
  • Next by thread: Re: [Wireshark-users] Wireshark-users Digest, Vol 35, Issue 1
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation