[149616] in North American Network Operators' Group
Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Fri Feb 10 11:57:49 2012
From: Steven Bellovin <smb@cs.columbia.edu>
Date: Fri, 10 Feb 2012 11:56:57 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I received the enclosed note, apparently from RIPE (and the headers =
check out).
Why are you sending messages with clickable objects that I'm supposed to =
use to
change my password?
-------
From: RIPE_DBannounce@ripe.net
Subject: Advisory notice on passwords in the RIPE Database
Date: February 9, 2012 1:16:15 PM EST
To: XXXXXXXX
[Apologies for duplicate e-mails]
Dear Colleagues,
We are contacting you with some advice on the passwords used in the RIPE
Database. There is no immediate concern and this notice is only =
advisory.
At the request of the RIPE community, the RIPE NCC recently deployed an
MD5 password hash change.
Before this change was implemented, there was a lot of discussion on the
Database Working Group mailing list about the vulnerabilities of MD5
passwords with public hashes. The hashes can now only be seen by the =
user
of the MNTNER object. As a precaution, now that the hashes are hidden,
we strongly recommend that you change all MD5 passwords used by your =
MNTNER
objects in the RIPE Database at your earliest convenience. When =
choosing
new passwords, make them as strong as possible.
To make it easier for you to change your password(s) we have improved
Webupdates. On the modify page there is an extra button after the =
"auth:"
attribute field. Click this button for a pop up window that will =
encrypt
a password and enter it directly into the "auth:" field.
Webupdates: https://apps.db.ripe.net/webupdates/search.html
There is a RIPE Labs article explaining details of the security changes
and the new process to modify a MNTNER object in the RIPE Database:
=
https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-databa=
se
We are sending you this email because this address is referenced in the
MNTNER objects in the RIPE Database listed below.
If you have any concerns about your passwords or need further advice =
please
contact our Customer Services team at ripe-dbm@ripe.net. (You cannot =
reply
to this email.)
Regards,
Denis Walker
Business Analyst
RIPE NCC Database Group
Referencing MNTNER objects in the RIPE Database:
maint-rgnet
