[149617] in North American Network Operators' Group
Re: Dear RIPE: Please don't encourage phishing
daemon@ATHENA.MIT.EDU (Richard Barnes)
Fri Feb 10 12:19:18 2012
In-Reply-To: <F08F9451-BE4A-4E04-8FA6-382ED92CF832@cs.columbia.edu>
Date: Fri, 10 Feb 2012 09:18:29 -0800
From: Richard Barnes <richard.barnes@gmail.com>
To: Steven Bellovin <smb@cs.columbia.edu>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
So because of phishing, nobody should send messages with URLs in them?
On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin <smb@cs.columbia.edu> wrot=
e:
> I received the enclosed note, apparently from RIPE (and the headers check=
out).
> Why are you sending messages with clickable objects that I'm supposed to =
use to
> change my password?
>
> -------
>
> From: RIPE_DBannounce@ripe.net
> Subject: Advisory notice on passwords in the RIPE Database
> Date: February 9, 2012 1:16:15 PM EST
> To: XXXXXXXX
>
> [Apologies for duplicate e-mails]
>
> Dear Colleagues,
>
> We are contacting you with some advice on the passwords used in the RIPE
> Database. =A0There is no immediate concern and this notice is only adviso=
ry.
> At the request of the RIPE community, the RIPE NCC recently deployed an
> MD5 password hash change.
>
> Before this change was implemented, there was a lot of discussion on the
> Database Working Group mailing list about the vulnerabilities of MD5
> passwords with public hashes. =A0The hashes can now only be seen by the u=
ser
> of the MNTNER object. =A0As a precaution, now that the hashes are hidden,
> we strongly recommend that you change all MD5 passwords used by your MNTN=
ER
> objects in the RIPE Database at your earliest convenience. =A0When choosi=
ng
> new passwords, make them as strong as possible.
>
> To make it easier for you to change your password(s) we have improved
> Webupdates. =A0On the modify page there is an extra button after the "aut=
h:"
> attribute field. =A0Click this button for a pop up window that will encry=
pt
> a password and enter it directly into the "auth:" field.
>
> Webupdates: https://apps.db.ripe.net/webupdates/search.html
>
> There is a RIPE Labs article explaining details of the security changes
> and the new process to modify a MNTNER object in the RIPE Database:
> https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-datab=
ase
>
> We are sending you this email because this address is referenced in the
> MNTNER objects in the RIPE Database listed below.
>
> If you have any concerns about your passwords or need further advice plea=
se
> contact our Customer Services team at ripe-dbm@ripe.net. =A0(You cannot r=
eply
> to this email.)
>
> Regards,
>
> Denis Walker
> Business Analyst
> RIPE NCC Database Group
>
> Referencing MNTNER objects in the RIPE Database:
> maint-rgnet
>
>
>
>
>
>
