Jeffrey Walton wrote:
It's almost unbelievable that a tool, used so often for security and
malware analysis purposes, would be paired with a site that stores
passwords in the plain text.
Worst is the fact that the box was compromised allowing a April 1st
malware to email out passwords.
The malware in question is called "Mailman". If you don't like its
password/cookie behavior, you probably shouldn't subscribe to the GPG
list either:
http://lists.gnupg.org/pipermail/gnupg-announce/2001q1/000116.html
FWIW, no one is really happy with Mailman's use of cleartext passwords,
including its developers. The next major release should have much better
password management:
http://wiki.list.org/display/DEV/2007/01/13/Passwords+done+right
However, it isn't ready for general consumption yet. In the mean time,
you can change your subscription options to disable monthly reminders:
https://wireshark.org/mailman/options/wireshark-users
