So because of phishing, nobody should send messages with URLs in them?
On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin <s...@cs.columbia.edu> wrote: > I received the enclosed note, apparently from RIPE (and the headers check > out). > Why are you sending messages with clickable objects that I'm supposed to use > to > change my password? > > ------- > > From: ripe_dbannou...@ripe.net > Subject: Advisory notice on passwords in the RIPE Database > Date: February 9, 2012 1:16:15 PM EST > To: XXXXXXXX > > [Apologies for duplicate e-mails] > > Dear Colleagues, > > We are contacting you with some advice on the passwords used in the RIPE > Database. There is no immediate concern and this notice is only advisory. > At the request of the RIPE community, the RIPE NCC recently deployed an > MD5 password hash change. > > Before this change was implemented, there was a lot of discussion on the > Database Working Group mailing list about the vulnerabilities of MD5 > passwords with public hashes. The hashes can now only be seen by the user > of the MNTNER object. As a precaution, now that the hashes are hidden, > we strongly recommend that you change all MD5 passwords used by your MNTNER > objects in the RIPE Database at your earliest convenience. When choosing > new passwords, make them as strong as possible. > > To make it easier for you to change your password(s) we have improved > Webupdates. On the modify page there is an extra button after the "auth:" > attribute field. Click this button for a pop up window that will encrypt > a password and enter it directly into the "auth:" field. > > Webupdates: https://apps.db.ripe.net/webupdates/search.html > > There is a RIPE Labs article explaining details of the security changes > and the new process to modify a MNTNER object in the RIPE Database: > https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database > > We are sending you this email because this address is referenced in the > MNTNER objects in the RIPE Database listed below. > > If you have any concerns about your passwords or need further advice please > contact our Customer Services team at ripe-...@ripe.net. (You cannot reply > to this email.) > > Regards, > > Denis Walker > Business Analyst > RIPE NCC Database Group > > Referencing MNTNER objects in the RIPE Database: > maint-rgnet > > > > > >
