It makes you wonder why they just don't rekey and put up a different
selector while deleting the compromised selector?
Yes, this is bad but it has a straightforward solution to the compromise
-- unlike compromised cert signing keys, natch.
Mike
On 2/12/23 4:01 PM, Eric Kuhnke wrote:
Namecheap has updated their status page item to include
"We have stopped all the emails (that includes Auth codes delivery,
Trusted Devices’ verification, and Password Reset emails, etc.)"
Yikes.
On Sun, Feb 12, 2023, 3:54 PM Michael Thomas <m...@mtcc.com> wrote:
I think that it might be appropriate to name and shame the third
party, since they should know better too. It almost has the whiff
of a scam.
Mike
On 2/12/23 3:49 PM, Eric Kuhnke wrote:
One very possible theory is that whoever runs the outbound
marketing communications and email newsletter demanded the keys
and got them, with execs overriding security experts at Namecheap
who know better.
I would sincerely hope that the people whose job titles at
Namecheap include anything related to network engineering,
network security or cryptography at that company do know better.
Large domain registrars are not supposed to make such a rookie
mistake.
On Sun, Feb 12, 2023, 3:46 PM Michael Thomas <m...@mtcc.com> wrote:
On 2/12/23 3:40 PM, Eric Kuhnke wrote:
>
https://www.namepros.com/threads/concerning-e-mail-from-namecheap.1294946/page-2#post-8839257
>
>
> https://lowendtalk.com/discussion/184391/namecheap-hacked
>
> It looks like a third party service they gave their keys to
has been
> compromised. I got several phishes that fully pass as legit
Namecheap
> emails.
>
> https://www.namecheap.com/status-updates/archives/74848
>
>
If they actually gave them their own private keys, they
clearly don't
get how that's supposed to work with DKIM. The right thing to
do is
create a new selector with the third party's signing key.
Private keys
should be kept... private.
Mike
