Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 16 Sep 2014, 03:30
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Password in Welcome Email!
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [10 Posts]  

Are You Comfortable w/ Your Password in Welcome Email?
Yes
50%
 50%  [ 3 ]
No
16%
 16%  [ 1 ]
I do not or had not even realized what the problem could be
0%
 0%  [ 0 ]
I Never Even Thought About It
16%
 16%  [ 1 ]
Other- Please Specify and Explain
16%
 16%  [ 1 ]
Total Votes : 6

Author Message
Digital_Dissident


Joined: 02 Mar 2010
Posts: 25
Location: U.S.- E. Coast

PostPosted: Wed 03 Mar 2010, 06:22    Post subject:  Password in Welcome Email!
Subject description: Email Received After Registering Contains Password
 

I was dismayed to find the password I had just registered with in the welcome email I received upon registration to this site.

Only a few out of the many different sites I have registered with have included the password in the welcome or confirmation email.

The security implications should be obvious.
Back to top
View user's profile Send private message 
bugman


Joined: 20 Dec 2005
Posts: 2131
Location: buffalo commons

PostPosted: Wed 03 Mar 2010, 08:26    Post subject:  

are you kidding?

i get passwords in emails for things like forums all the time

it's just a forum, don't post your social security number and bank account information and all will probably be well

[unless you want to]

_________________
. . . the machines are clean
and the machines are not corrupted


- lee "scratch" perry
Back to top
View user's profile Send private message Visit poster's website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 03 Mar 2010, 11:06    Post subject:  

Quote:
The security implications should be obvious


Only for the purposes of FUD and security trolling

I am wondering if the current crop of FUD is a sponsored
agenda or just deep concern for the well being of Puppys?

Not obvious to me either
Mind you I have been running as root for the last 5 years . . ..

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
tlchost

Joined: 05 Aug 2007
Posts: 1692
Location: Baltimore, Maryland USA

PostPosted: Wed 03 Mar 2010, 14:31    Post subject: Re: Password in Welcome Email!
Subject description: Email Received After Registering Contains Password
 

Digital_Dissident wrote:
I was dismayed to find the password I had just registered with in the welcome email I received upon registration to this site.

The security implications should be obvious.


A large number of furums do send the passwords in plain text in the welcome mail. It's not so much a function of the particular site, but more of the application that is in use for the forum.

Amazes me that the very large user base here hasn't revolted because of the obvious security implications...or could it be that you're dancing to the tune of a different drummer.

Thom
Back to top
View user's profile Send private message Visit poster's website 
bugman


Joined: 20 Dec 2005
Posts: 2131
Location: buffalo commons

PostPosted: Wed 03 Mar 2010, 14:54    Post subject:  

web hosting services do this too, that would seem to be a much bigger problem

what is someone going to do with my password here--write a love letter from me to alienjeff?

on further reflection--this is a very serious problem!

Wink

_________________
. . . the machines are clean
and the machines are not corrupted


- lee "scratch" perry
Back to top
View user's profile Send private message Visit poster's website 
snowshaker

Joined: 24 Aug 2008
Posts: 23
Location: Midwesterner running Slacko Puppy 5.3

PostPosted: Wed 03 Mar 2010, 17:58    Post subject:  

Your password comes in the mail, and you change it right away.
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Thu 04 Mar 2010, 00:35    Post subject:  

Many thanks snowshaker,

Makes sense.
I think that is what most of us do
and (believe it or not) we probably don't change our password every month . . .

A lot of services work this way
If anyone still has concerns please write to John Murga, Flash or Pizzasgood.

I hope the original poster was sincere?
It just seems we have a crop of posts claiming all kinds of 'security' problems' that on investigation are not so serious.

As a special service to the tin hats I would suggest this is a distraction
to the real issues and areas of vulnerability . . .

Puppy Linux
with added geekiness

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Digital_Dissident


Joined: 02 Mar 2010
Posts: 25
Location: U.S.- E. Coast

PostPosted: Thu 04 Mar 2010, 12:04    Post subject: Sorry for Coming Across The Wrong Way
Subject description: Full-explanation and follow-up to replies in body of post.
 

Hello again,

Let me first say that I'm sorry for just jumping-in this way that could have come across confrontational or troll-like. I had browsed the forum and read a number of posts for some time before finally registering now and was actually almost ready to post regarding dial-up and internal Winmodems when I got distracted and diverted--first by this password issue and then by a number of other things.

I realize that this practice of including the password in the registration email is not unique to this site and obviously does not pose the same risks as it would for a commerce site or the like, where sensitive information is exchanged.

Nonetheless, it does pose some concerns.

Someone with malicious intent toward a registered forum user could wreak quite a bit of mischief through impersonating him or her.

Another concern is that there will inevitably be some people who will register with the same password that they already use for one or more banking, commerce or other sites where sensitive data is involved.

snowshaker wrote:
Your password comes in the mail, and you change it right away.


Well, first of all, are you sure that the new one isn't emailed as well whenever one changes their password?

Assuming that's not a problem, what you suggest could very well be a satisfactory solution in many, if not most, cases-- assuming one receives as well as opens the email right away and sees the password in it.

But even then, a case where the same password was already protecting sensitive data at other sites could still pose a problem.

In any event, as I had noted, I have found it to be the exception rather than the rule for a site to email the password upon registration. I was therefore sincerely taken aback and wanted to see what others felt about this. This seemed like an appropriate section of the forum for such a discussion and I appreciate that people responded.

I hope people won't mind my asking about something else, while I'm at it.

It seems that by default, one's email address is displayed at the bottom of each post one makes. I only realized and changed this after posting. This is also different from the other forums I have experience with, where by default email addresses are not displayed and I would like to hear what others feel about this.

Thanks for your patience and indulgence and for all that so many of you do not only for Puppy but for the larger GNU/Linux and open source community/movement in general. (at least by extension)
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Thu 04 Mar 2010, 16:35    Post subject:  

Many thanks for your response Digital_Dissident,

Tin foil hats, the cautious, security aware and the paranoid
are all welcome at Puppy Wink

Your courteous tone is very welcome

I look forward to more of your posts and hope your questions will be addressed Smile

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Fri 05 Mar 2010, 04:19    Post subject:  

FWIW, we aren't using SSL, so every time you login the password is sent over the network in plaintext. (Same goes for any other forum that doesn't use SSL to login).

I do agree that we probably shouldn't send those emails, and that the email should be not visible by default (though the first thing anybody should do upon registering for a forum is to enter their control panel and set their options).

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [10 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0727s ][ Queries: 13 (0.0065s) ][ GZIP on ]