Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #59429 > unrolled thread
| Started by | Verde Denim <tdldev@gmail.com> |
|---|---|
| First post | 2013-11-14 08:53 -0500 |
| Last post | 2013-11-16 20:05 -0800 |
| Articles | 10 — 7 participants |
Back to article view | Back to comp.lang.python
Odd msg received from list Verde Denim <tdldev@gmail.com> - 2013-11-14 08:53 -0500
Re: Odd msg received from list Roy Smith <roy@panix.com> - 2013-11-14 09:11 -0500
Re: Odd msg received from list Chris Angelico <rosuav@gmail.com> - 2013-11-15 01:26 +1100
Re: Odd msg received from list "Gisle Vanem" <gvanem@yahoo.no> - 2013-11-14 17:02 +0100
Re: Odd msg received from list Gregory Ewing <greg.ewing@canterbury.ac.nz> - 2013-11-15 12:30 +1300
Re: Odd msg received from list Chris “Kwpolska” Warrick <kwpolska@gmail.com> - 2013-11-15 20:48 +0100
Re: Odd msg received from list Verde Denim <tdldev@gmail.com> - 2013-11-16 20:15 -0500
Re: Odd msg received from list Chris Angelico <rosuav@gmail.com> - 2013-11-17 12:18 +1100
Re: Odd msg received from list Verde Denim <tdldev@gmail.com> - 2013-11-16 21:02 -0500
Re: Odd msg received from list Ned Deily <nad@acm.org> - 2013-11-16 20:05 -0800
| From | Verde Denim <tdldev@gmail.com> |
|---|---|
| Date | 2013-11-14 08:53 -0500 |
| Subject | Odd msg received from list |
| Message-ID | <mailman.2591.1384437196.18130.python-list@python.org> |
I got an odd message this morning from the list telling me that my account was de-activated due to excessive bounces. I've only sent a handful of messages to this board, but do read an awful lot of the posts in order to learn more about the language. The message also listed my account password, which I found odd. Has anyone else received a message like this? -- Regards Jack Boston Tea Party, Coercive Acts, Powder Alarm, Revolution Lessons (Mistakes) not learned are bound to be repeated.
[toc] | [next] | [standalone]
| From | Roy Smith <roy@panix.com> |
|---|---|
| Date | 2013-11-14 09:11 -0500 |
| Message-ID | <roy-13BB5C.09114214112013@news.panix.com> |
| In reply to | #59429 |
In article <mailman.2591.1384437196.18130.python-list@python.org>, Verde Denim <tdldev@gmail.com> wrote: > I got an odd message this morning from the list telling me that my > account was de-activated due to excessive bounces. I've only sent a > handful of messages to this board, but do read an awful lot of the posts > in order to learn more about the language. The message also listed my > account password, which I found odd. Has anyone else received a message > like this? This sounds like a variation of a classic phishing scam. You get an email which looks official, telling you that some account you have has been suspended because you need to verify some information. The wording of the message is always vague about exactly what account this is. Don't click on any of the links. At best, they're harvesting email addresses. At worst, they're harvesting personal information which can be used for identity theft, credit card fraud, or all sorts of malfeasance. Here's some recent examples from my junk mailbox: > Attention User; > Your email Quota is almost exceeded. We are currently doing a maintenance on > our server. Please, Visit page below to update your account and avoid losing > your inbox. > > [link elided] > > Thank you, > Technical Team and another: > Dear Client, > > > This is an automatic message by the system to let you know that you have to > confirm your account information within 48 hours. > Your account has been frozen temporarily in order to protect it. > The account will continue to be frozen until it is approved And Validate Your > Account Information. > Once you have updated your account records, your information will be > confirmed and your account will start to work as normal once again. > This will help protect you in the future. The process does not take more > than 3 minutes. > > To proceed to confirm your account information please click on the link below > and follow the instructions that will be required. > > Click Here To Verfiy Your Account info > > © 2013 All rights reserved.
[toc] | [prev] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-11-15 01:26 +1100 |
| Message-ID | <mailman.2598.1384439223.18130.python-list@python.org> |
| In reply to | #59434 |
On Fri, Nov 15, 2013 at 1:11 AM, Roy Smith <roy@panix.com> wrote: > In article <mailman.2591.1384437196.18130.python-list@python.org>, > Verde Denim <tdldev@gmail.com> wrote: > >> I got an odd message this morning from the list telling me that my >> account was de-activated due to excessive bounces. I've only sent a >> handful of messages to this board, but do read an awful lot of the posts >> in order to learn more about the language. The message also listed my >> account password, which I found odd. Has anyone else received a message >> like this? > > This sounds like a variation of a classic phishing scam. You get an > email which looks official, telling you that some account you have has > been suspended because you need to verify some information. The wording > of the message is always vague about exactly what account this is. > > Don't click on any of the links. At best, they're harvesting email > addresses. At worst, they're harvesting personal information which can > be used for identity theft, credit card fraud, or all sorts of > malfeasance. > I agree in general, but I happen to be pretty familiar with Mailman alerts, and this one was genuine. Also, it pointed to what does appear to be the right address (mail.python.org). There's definitely something going around that's causing problems for gmail users; maybe spam is getting bounced/rejected instead of being dropped? ChrisA
[toc] | [prev] | [next] | [standalone]
| From | "Gisle Vanem" <gvanem@yahoo.no> |
|---|---|
| Date | 2013-11-14 17:02 +0100 |
| Message-ID | <mailman.2606.1384445097.18130.python-list@python.org> |
| In reply to | #59434 |
"Chris Angelico" <rosuav@gmail.com> wrote: > I agree in general, but I happen to be pretty familiar with Mailman > alerts, and this one was genuine. Also, it pointed to what does appear > to be the right address (mail.python.org). There's definitely > something going around that's causing problems for gmail users; It happended to me too. And I'm a Yahoo user. I clicked the MailMan confirmation link and all emails seems to be received now (comparing to what's on the NNTP group). --gv
[toc] | [prev] | [next] | [standalone]
| From | Gregory Ewing <greg.ewing@canterbury.ac.nz> |
|---|---|
| Date | 2013-11-15 12:30 +1300 |
| Message-ID | <bel4phF163sU1@mid.individual.net> |
| In reply to | #59429 |
Verde Denim wrote: > The message also listed my > account password, which I found odd. You mean the message contained your actual password, in plain text? That's not just odd, it's rather worrying for at least two reasons. First, what business does a message like that have carrying a password, and second, it means the server must be keeping passwords in a readable form somewhere, which is a really bad idea. -- Greg
[toc] | [prev] | [next] | [standalone]
| From | Chris “Kwpolska” Warrick <kwpolska@gmail.com> |
|---|---|
| Date | 2013-11-15 20:48 +0100 |
| Message-ID | <mailman.2684.1384544891.18130.python-list@python.org> |
| In reply to | #59490 |
On Fri, Nov 15, 2013 at 12:30 AM, Gregory Ewing <greg.ewing@canterbury.ac.nz> wrote: > Verde Denim wrote: >> >> The message also listed my >> account password, which I found odd. > > > You mean the message contained your actual password, > in plain text? That's not just odd, it's rather worrying > for at least two reasons. First, what business does a > message like that have carrying a password, and second, > it means the server must be keeping passwords in a > readable form somewhere, which is a really bad idea. >From the info page at https://mail.python.org/mailman/listinfo/python-list: > You may enter a privacy password below. This provides only mild > security, but should prevent others from messing with your > subscription. **Do not use a valuable password** as it will > occasionally be emailed back to you in cleartext. > If you choose not to enter a password, one will be automatically > generated for you, and it will be sent to you once you've confirmed > your subscription. You can always request a mail-back of your > password when you edit your personal options. Once a month, your > password will be emailed to you as a reminder. -- Chris “Kwpolska” Warrick <http://kwpolska.tk> PGP: 5EAAEA16 stop html mail | always bottom-post | only UTF-8 makes sense
[toc] | [prev] | [next] | [standalone]
| From | Verde Denim <tdldev@gmail.com> |
|---|---|
| Date | 2013-11-16 20:15 -0500 |
| Message-ID | <mailman.2749.1384650887.18130.python-list@python.org> |
| In reply to | #59490 |
Chris Yes, I mean precisely that. The password was sent to me in the body of the message in plaintext. That is what has me very concerned about the list and its ability to protect private information. Regards Jack On 11/15/2013 02:48 PM, Chris “Kwpolska” Warrick wrote: > On Fri, Nov 15, 2013 at 12:30 AM, Gregory Ewing > <greg.ewing@canterbury.ac.nz> wrote: >> Verde Denim wrote: >>> The message also listed my >>> account password, which I found odd. >> >> You mean the message contained your actual password, >> in plain text? That's not just odd, it's rather worrying >> for at least two reasons. First, what business does a >> message like that have carrying a password, and second, >> it means the server must be keeping passwords in a >> readable form somewhere, which is a really bad idea. > From the info page at https://mail.python.org/mailman/listinfo/python-list: > >> You may enter a privacy password below. This provides only mild >> security, but should prevent others from messing with your >> subscription. **Do not use a valuable password** as it will >> occasionally be emailed back to you in cleartext. >> If you choose not to enter a password, one will be automatically >> generated for you, and it will be sent to you once you've confirmed >> your subscription. You can always request a mail-back of your >> password when you edit your personal options. Once a month, your >> password will be emailed to you as a reminder. -- Regards Jack Boston Tea Party, Coercive Acts, Powder Alarm, Revolution Lessons (Mistakes) not learned are bound to be repeated.
[toc] | [prev] | [next] | [standalone]
| From | Chris Angelico <rosuav@gmail.com> |
|---|---|
| Date | 2013-11-17 12:18 +1100 |
| Message-ID | <mailman.2750.1384651111.18130.python-list@python.org> |
| In reply to | #59490 |
On Sun, Nov 17, 2013 at 12:15 PM, Verde Denim <tdldev@gmail.com> wrote: > Chris > Yes, I mean precisely that. The password was sent to me in the body of > the message in plaintext. That is what has me very concerned about the > list and its ability to protect private information. The list specifically told you not to use a valuable password :) In fact, a password is completely optional - it's just an alternative to always having to do a click-through. ChrisA
[toc] | [prev] | [next] | [standalone]
| From | Verde Denim <tdldev@gmail.com> |
|---|---|
| Date | 2013-11-16 21:02 -0500 |
| Message-ID | <mailman.2757.1384658806.18130.python-list@python.org> |
| In reply to | #59490 |
On 11/16/2013 08:18 PM, Chris Angelico wrote: > On Sun, Nov 17, 2013 at 12:15 PM, Verde Denim <tdldev@gmail.com> wrote: >> Chris >> Yes, I mean precisely that. The password was sent to me in the body of >> the message in plaintext. That is what has me very concerned about the >> list and its ability to protect private information. > The list specifically told you not to use a valuable password :) In > fact, a password is completely optional - it's just an alternative to > always having to do a click-through. > > ChrisA ChrisA Each one of my accounts is completely different (and as random as I can get them). Each one is also uniquely set to match a set of criteria of my own choosing to indicate level of data, level of composite data, level of integrity, level of criticality, and a few other 'soft values'. This equates to each account being generated in a one-off fashion, so I'm not worried that my list account here will ever show up somewhere else in any other form. However, that doesn't mean that it doesn't concern me that the list is publishing these values back to the list participant(s) in plaintext. If I have to unsubscribe and then re-subscribe without a pass-phrase I can do that but just wanted to make the list admin(s) aware that it had occurred. -- Regards Jack Boston Tea Party, Coercive Acts, Powder Alarm, Revolution Lessons (Mistakes) not learned are bound to be repeated.
[toc] | [prev] | [next] | [standalone]
| From | Ned Deily <nad@acm.org> |
|---|---|
| Date | 2013-11-16 20:05 -0800 |
| Message-ID | <mailman.2760.1384661143.18130.python-list@python.org> |
| In reply to | #59490 |
In article <5288239D.4060208@gmail.com>, Verde Denim <tdldev@gmail.com> wrote: > Each one of my accounts is completely different (and as random as I can > get them). Each one is also uniquely set to match a set of criteria of > my own choosing to indicate level of data, level of composite data, > level of integrity, level of criticality, and a few other 'soft values'. > This equates to each account being generated in a one-off fashion, so > I'm not worried that my list account here will ever show up somewhere > else in any other form. However, that doesn't mean that it doesn't > concern me that the list is publishing these values back to the list > participant(s) in plaintext. If I have to unsubscribe and then > re-subscribe without a pass-phrase I can do that but just wanted to make > the list admin(s) aware that it had occurred. Sending password reminders is a standard default of the venerable Mailman mailing list software that powers Python-list and many other mailing lists. You can visit the member options page and change the password and/or disable the automatic reminders: https://mail.python.org/mailman/options/python-list -- Ned Deily, nad@acm.org
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web