On Mon, 27 Dec 2010 21:46:09 -0500 Larry Seltzer <[email protected]> wrote:
> Does this look right to you? The only links in it are e-mail addresses on > Mozilla.org, but there's nothing about this on the add-ons site or their > discussion forum. It's legit. http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/ > I think it must be legit, but it's clumsy. In fact I can't log in to my > addons.mozilla.org account with the password I think I used, but I've > forgotten these things in the past. Only users who had not changed their passwords since the transition to SHA-512 hashes were sent the e-mail (those who still had MD5 hashes in the DB). Since you received the e-mail, you'll need to go through the normal "forgotten password" process to get a new password, as the MD5 hashes were all removed. ~reed Mozilla Security Group -- Reed Loden [email protected] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
