Hacker Newsnew | comments | show | ask | jobs | submit login

If your threat model includes hostile mail relays, you probably shouldn't be using bargain basement VPS providers.

Password-reset emails are also easy for an attacker to generate, and no harder for them to intercept than the welcome email.




Right, that's what GP said in the comment you replied to: that he probably should not use that VPS provider.

And yes, password-reset emails may also be a concern (not as severe, though, if reset emails are single-use and have short TTL).

-----


But you at least know your account has been compromised.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: