If they're intended as a path to log in with a typed password, that's correct. Sad, but correct.
On Feb 10, 2012, at 12:18 PM, Richard Barnes wrote: > So because of phishing, nobody should send messages with URLs in them? > > > > On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin <s...@cs.columbia.edu> wrote: >> I received the enclosed note, apparently from RIPE (and the headers check >> out). >> Why are you sending messages with clickable objects that I'm supposed to use >> to >> change my password? >> >> ------- >> >> From: ripe_dbannou...@ripe.net >> Subject: Advisory notice on passwords in the RIPE Database >> Date: February 9, 2012 1:16:15 PM EST >> To: XXXXXXXX >> >> [Apologies for duplicate e-mails] >> >> Dear Colleagues, >> >> We are contacting you with some advice on the passwords used in the RIPE >> Database. There is no immediate concern and this notice is only advisory. >> At the request of the RIPE community, the RIPE NCC recently deployed an >> MD5 password hash change. >> >> Before this change was implemented, there was a lot of discussion on the >> Database Working Group mailing list about the vulnerabilities of MD5 >> passwords with public hashes. The hashes can now only be seen by the user >> of the MNTNER object. As a precaution, now that the hashes are hidden, >> we strongly recommend that you change all MD5 passwords used by your MNTNER >> objects in the RIPE Database at your earliest convenience. When choosing >> new passwords, make them as strong as possible. >> >> To make it easier for you to change your password(s) we have improved >> Webupdates. On the modify page there is an extra button after the "auth:" >> attribute field. Click this button for a pop up window that will encrypt >> a password and enter it directly into the "auth:" field. >> >> Webupdates: https://apps.db.ripe.net/webupdates/search.html >> >> There is a RIPE Labs article explaining details of the security changes >> and the new process to modify a MNTNER object in the RIPE Database: >> https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database >> >> We are sending you this email because this address is referenced in the >> MNTNER objects in the RIPE Database listed below. >> >> If you have any concerns about your passwords or need further advice please >> contact our Customer Services team at ripe-...@ripe.net. (You cannot reply >> to this email.) >> >> Regards, >> >> Denis Walker >> Business Analyst >> RIPE NCC Database Group >> >> Referencing MNTNER objects in the RIPE Database: >> maint-rgnet >> >> >> >> >> >> > --Steve Bellovin, https://www.cs.columbia.edu/~smb
