Dear RIPE: Please don't encourage phishing

• Previous message (by thread): Dear RIPE: Please don't encourage phishing
• Next message (by thread): Dear RIPE: Please don't encourage phishing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If they're intended as a path to log in with a typed password, that's correct.
Sad, but correct.

On Feb 10, 2012, at 12:18 PM, Richard Barnes wrote:

> So because of phishing, nobody should send messages with URLs in them?
> 
> 
> 
> On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
>> I received the enclosed note, apparently from RIPE (and the headers check out).
>> Why are you sending messages with clickable objects that I'm supposed to use to
>> change my password?
>> 
>> -------
>> 
>> From: RIPE_DBannounce at ripe.net
>> Subject: Advisory notice on passwords in the RIPE Database
>> Date: February 9, 2012 1:16:15 PM EST
>> To: XXXXXXXX
>> 
>> [Apologies for duplicate e-mails]
>> 
>> Dear Colleagues,
>> 
>> We are contacting you with some advice on the passwords used in the RIPE
>> Database.  There is no immediate concern and this notice is only advisory.
>> At the request of the RIPE community, the RIPE NCC recently deployed an
>> MD5 password hash change.
>> 
>> Before this change was implemented, there was a lot of discussion on the
>> Database Working Group mailing list about the vulnerabilities of MD5
>> passwords with public hashes.  The hashes can now only be seen by the user
>> of the MNTNER object.  As a precaution, now that the hashes are hidden,
>> we strongly recommend that you change all MD5 passwords used by your MNTNER
>> objects in the RIPE Database at your earliest convenience.  When choosing
>> new passwords, make them as strong as possible.
>> 
>> To make it easier for you to change your password(s) we have improved
>> Webupdates.  On the modify page there is an extra button after the "auth:"
>> attribute field.  Click this button for a pop up window that will encrypt
>> a password and enter it directly into the "auth:" field.
>> 
>> Webupdates: https://apps.db.ripe.net/webupdates/search.html
>> 
>> There is a RIPE Labs article explaining details of the security changes
>> and the new process to modify a MNTNER object in the RIPE Database:
>> https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
>> 
>> We are sending you this email because this address is referenced in the
>> MNTNER objects in the RIPE Database listed below.
>> 
>> If you have any concerns about your passwords or need further advice please
>> contact our Customer Services team at ripe-dbm at ripe.net.  (You cannot reply
>> to this email.)
>> 
>> Regards,
>> 
>> Denis Walker
>> Business Analyst
>> RIPE NCC Database Group
>> 
>> Referencing MNTNER objects in the RIPE Database:
>> maint-rgnet
>> 
>> 
>> 
>> 
>> 
>> 
> 


		--Steve Bellovin, https://www.cs.columbia.edu/~smb

• Previous message (by thread): Dear RIPE: Please don't encourage phishing
• Next message (by thread): Dear RIPE: Please don't encourage phishing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]