(My first response was an offer to ban you and your IP)
Is this security needed? I don't think so. To get an account, you just need an email address. Technically, stealing a password from someone is easy, but not rewarding. The worst you could do is mess up an account. To get the credentials of an admin would be the goal, and there are only five of them.
I kind of like my credentials as an ordinary user also. I wouldn't want someone stealing my identify on the Ubuntu forums. I've invested too much time and energy.
Currently logged into this forum from tech university campus LAN with few hundred future IT specialists living in it. How likely it is that somebody is just testing "Cain & Abel" just to see what it can sniff.
Should I change my password from another connection now?
Is ubuntuforums.org doing everything for protecting their members enough? Specially if using SSL only for password exchange wouldn't need much financial resources?
Is it possible? Yes.
If you feel the people on the campus are untrustworthy scammers, yes.Should I change my password from another connection now?
It does everything but encrypt, and encrypting in this case would be too much of a strain.Is ubuntuforums.org doing everything for protecting their members enough? Specially if using SSL only for password exchange wouldn't need much financial resources?
It's an interesting topic and I think that theft of any part of a persons identity is troublesome, be it a forum account or a credit history.
It would be nice to at least have an option to use encrypted authentication at times when you 'know' that your traffic could be monitored. Plenty of cafe wireless access points are unencrypted and there's often lots of people connected with laptops possibly reading your data.
Besides, no one wants their name to be on the 'wall of sheep'