Dear RIPE: Please don't encourage phishing
richard.barnes at gmail.com
Fri Feb 10 11:18:29 CST 2012
So because of phishing, nobody should send messages with URLs in them?
On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> I received the enclosed note, apparently from RIPE (and the headers check out).
> Why are you sending messages with clickable objects that I'm supposed to use to
> change my password?
> From: RIPE_DBannounce at ripe.net
> Subject: Advisory notice on passwords in the RIPE Database
> Date: February 9, 2012 1:16:15 PM EST
> To: XXXXXXXX
> [Apologies for duplicate e-mails]
> Dear Colleagues,
> We are contacting you with some advice on the passwords used in the RIPE
> Database. There is no immediate concern and this notice is only advisory.
> At the request of the RIPE community, the RIPE NCC recently deployed an
> MD5 password hash change.
> Before this change was implemented, there was a lot of discussion on the
> Database Working Group mailing list about the vulnerabilities of MD5
> passwords with public hashes. The hashes can now only be seen by the user
> of the MNTNER object. As a precaution, now that the hashes are hidden,
> we strongly recommend that you change all MD5 passwords used by your MNTNER
> objects in the RIPE Database at your earliest convenience. When choosing
> new passwords, make them as strong as possible.
> To make it easier for you to change your password(s) we have improved
> Webupdates. On the modify page there is an extra button after the "auth:"
> attribute field. Click this button for a pop up window that will encrypt
> a password and enter it directly into the "auth:" field.
> Webupdates: https://apps.db.ripe.net/webupdates/search.html
> There is a RIPE Labs article explaining details of the security changes
> and the new process to modify a MNTNER object in the RIPE Database:
> We are sending you this email because this address is referenced in the
> MNTNER objects in the RIPE Database listed below.
> If you have any concerns about your passwords or need further advice please
> contact our Customer Services team at ripe-dbm at ripe.net. (You cannot reply
> to this email.)
> Denis Walker
> Business Analyst
> RIPE NCC Database Group
> Referencing MNTNER objects in the RIPE Database:
More information about the NANOG