Thanks, and next time please post the blog entry before sending out the e-mail
-----Original Message----- From: Reed Loden [mailto:[email protected]] Sent: Tuesday, December 28, 2010 3:07 AM To: Larry Seltzer Cc: FunSec Subject: Re: [funsec] Important notice about your addons.mozilla.org account On Mon, 27 Dec 2010 21:46:09 -0500 Larry Seltzer <[email protected]> wrote: > Does this look right to you? The only links in it are e-mail addresses > on Mozilla.org, but there's nothing about this on the add-ons site or > their discussion forum. It's legit. http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/ > I think it must be legit, but it's clumsy. In fact I can't log in to > my addons.mozilla.org account with the password I think I used, but > I've forgotten these things in the past. Only users who had not changed their passwords since the transition to SHA-512 hashes were sent the e-mail (those who still had MD5 hashes in the DB). Since you received the e-mail, you'll need to go through the normal "forgotten password" process to get a new password, as the MD5 hashes were all removed. ~reed Mozilla Security Group -- Reed Loden [email protected] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
