<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>It makes you wonder why they just don't rekey and put up a
different selector while deleting the compromised selector? <br>
</p>
<p>Yes, this is bad but it has a straightforward solution to the
compromise -- unlike compromised cert signing keys, natch.<br>
</p>
<p>Mike<br>
</p>
<div class="moz-cite-prefix">On 2/12/23 4:01 PM, Eric Kuhnke wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAB69EHiMMKyMOHWRvJg8zP12LFKC4DC094z_6TCeqU0iWAeYTQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">Namecheap has updated their status page item to
include
<div dir="auto"><br>
</div>
<div dir="auto">"We have stopped all the emails (that includes
Auth codes delivery, Trusted Devices’ verification, and
Password Reset emails, etc.)"</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Yikes.</div>
<div dir="auto"><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Feb 12, 2023, 3:54 PM
Michael Thomas <<a href="mailto:mike@mtcc.com"
moz-do-not-send="true" class="moz-txt-link-freetext">mike@mtcc.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<p>I think that it might be appropriate to name and shame
the third party, since they should know better too. It
almost has the whiff of a scam. <br>
</p>
<p>Mike<br>
</p>
<div>On 2/12/23 3:49 PM, Eric Kuhnke wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">
<div>One very possible theory is that whoever runs the
outbound marketing communications and email newsletter
demanded the keys and got them, with execs overriding
security experts at Namecheap who know better.
<div dir="auto"><br>
</div>
<div dir="auto">I would sincerely hope that the people
whose job titles at Namecheap include anything
related to network engineering, network security or
cryptography at that company do know better. Large
domain registrars are not supposed to make such a
rookie mistake. </div>
<br>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Feb 12,
2023, 3:46 PM Michael Thomas <<a
href="mailto:mike@mtcc.com" target="_blank"
rel="noreferrer" moz-do-not-send="true"
class="moz-txt-link-freetext">mike@mtcc.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
On 2/12/23 3:40 PM, Eric Kuhnke wrote:<br>
> <a
href="https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257</a>
<br>
><br>
><br>
> <a
href="https://lowendtalk.com/discussion/184391/namecheap-hacked"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lowendtalk.com/discussion/184391/namecheap-hacked</a><br>
><br>
> It looks like a third party service they gave
their keys to has been <br>
> compromised. I got several phishes that fully
pass as legit Namecheap <br>
> emails.<br>
><br>
> <a
href="https://www.namecheap.com/status-updates/archives/74848"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.namecheap.com/status-updates/archives/74848</a><br>
><br>
><br>
If they actually gave them their own private keys,
they clearly don't <br>
get how that's supposed to work with DKIM. The
right thing to do is <br>
create a new selector with the third party's
signing key. Private keys <br>
should be kept... private.<br>
<br>
Mike<br>
<br>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>