Dear RIPE: Please don't encourage phishing

Richard Barnes richard.barnes at gmail.com
Fri Feb 10 11:18:29 CST 2012


So because of phishing, nobody should send messages with URLs in them?



On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> I received the enclosed note, apparently from RIPE (and the headers check out).
> Why are you sending messages with clickable objects that I'm supposed to use to
> change my password?
>
> -------
>
> From: RIPE_DBannounce at ripe.net
> Subject: Advisory notice on passwords in the RIPE Database
> Date: February 9, 2012 1:16:15 PM EST
> To: XXXXXXXX
>
> [Apologies for duplicate e-mails]
>
> Dear Colleagues,
>
> We are contacting you with some advice on the passwords used in the RIPE
> Database.  There is no immediate concern and this notice is only advisory.
> At the request of the RIPE community, the RIPE NCC recently deployed an
> MD5 password hash change.
>
> Before this change was implemented, there was a lot of discussion on the
> Database Working Group mailing list about the vulnerabilities of MD5
> passwords with public hashes.  The hashes can now only be seen by the user
> of the MNTNER object.  As a precaution, now that the hashes are hidden,
> we strongly recommend that you change all MD5 passwords used by your MNTNER
> objects in the RIPE Database at your earliest convenience.  When choosing
> new passwords, make them as strong as possible.
>
> To make it easier for you to change your password(s) we have improved
> Webupdates.  On the modify page there is an extra button after the "auth:"
> attribute field.  Click this button for a pop up window that will encrypt
> a password and enter it directly into the "auth:" field.
>
> Webupdates: https://apps.db.ripe.net/webupdates/search.html
>
> There is a RIPE Labs article explaining details of the security changes
> and the new process to modify a MNTNER object in the RIPE Database:
> https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
>
> We are sending you this email because this address is referenced in the
> MNTNER objects in the RIPE Database listed below.
>
> If you have any concerns about your passwords or need further advice please
> contact our Customer Services team at ripe-dbm at ripe.net.  (You cannot reply
> to this email.)
>
> Regards,
>
> Denis Walker
> Business Analyst
> RIPE NCC Database Group
>
> Referencing MNTNER objects in the RIPE Database:
> maint-rgnet
>
>
>
>
>
>



More information about the NANOG mailing list