funsec mailing list archives
Fwd: IMPORTANT: Auth codes and registrant passwords
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 11 Aug 2015 18:07:51 -0400
It looks like OpenSRS got completely pwn'd. Last week they sent the change password email. Now, the authorization codes. They have not sent out the email or letter about a compromised credit card (yet). ---------- Forwarded message ---------- From: OpenSRS <help () opensrs com> Date: Tue, Aug 11, 2015 at 5:47 PM Subject: IMPORTANT: Auth codes and registrant passwords To: *|FNAME|* <noloader () gmail com> Auth codes and registrant passwords View this email in your browser <http://us3.campaign-archive2.com/?u=13d4782b22724a03f96459c03&id=ed97e18142&e=6122abc818> We have recently published a security update on our blog <http://opensrs.us3.list-manage1.com/track/click?u=13d4782b22724a03f96459c03&id=4783da0493&e=6122abc818>. As an additional precautionary measure, we have also reset domain auth codes and registrant passwords. *Auth codes* The new auth codes can be retrieved from our system, as needed, via the Reseller Control Panel <http://opensrs.us3.list-manage.com/track/click?u=13d4782b22724a03f96459c03&id=16eda3d28e&e=6122abc818>or the API. Some resellers have chosen to store auth codes locally. We discourage this practice and ask resellers to retrieve auth codes on demand. *Registrant passwords* If you or your customers are using the OpenSRS end-user interface (MWI) <http://opensrs.us3.list-manage.com/track/click?u=13d4782b22724a03f96459c03&id=9aa8e90a9d&e=6122abc818> to manage domain names your old credentials will no longer work. *Please note: this change does not affect the password for your reseller account.* *How this will impact your business and your customers:* *End users* If you direct your customers to the OpenSRS end-user interface (MWI) <http://opensrs.us3.list-manage1.com/track/click?u=13d4782b22724a03f96459c03&id=65b61a6b8e&e=6122abc818> to manage their domains, they will continue to have the ability to do so, but they will need to reset their passwords using the “*Forgot password?*” functionality. ------------------------------ *Resellers* Some resellers are currently managing domains on behalf of their customers using the end-user interface. This interface is not intended for reseller use. Resellers should be managing domains through the Reseller Control Panel <http://opensrs.us3.list-manage.com/track/click?u=13d4782b22724a03f96459c03&id=f1cc31f606&e=6122abc818>, which provides all the domain management options in the end-user interface, plus many more. Resellers will no longer be able to manage domains through the end-user interface. ------------------------------ *API users and users of 3rd party software such as WHMCS, Parallels/Odin* If you are experiencing issues managing customer domains via API or 3rd party software please contact support at help () opensrs com <help () opensrs com?subject=Auth%20codes%20and%20registrant%20passwords>. We will work with you to understand your current deployment parameters and make the necessary adjustments. ------------------------------ *What to expect in the coming weeks:* *Registrant passwords* As an additional security measure, we will be increasing the strength of the registrant passwords to make them more secure. *The new minimum password length will be 10 characters and this change will be rolled out on September 9, 2015*. This may require you to adjust your systems if you have been setting passwords that are less than 10 characters in length. We once again apologize for the inconvenience and hope you understand that these measures have been implemented with the security of your account in mind. The OpenSRS team *Copyright © 2015 OpenSRS, All rights reserved.* You are receiving this email because you have signed up to receive updates *Our mailing address is:* OpenSRS 96 Mowat Avenue, Toronto, ON, Canada Toronto, ON M6K 1G2 Canada Add us to your address book <http://opensrs.us3.list-manage.com/vcard?u=13d4782b22724a03f96459c03&id=4fe8a56c1a> unsubscribe from this list <http://opensrs.us3.list-manage1.com/unsubscribe?u=13d4782b22724a03f96459c03&id=4fe8a56c1a&e=6122abc818&c=ed97e18142> update subscription preferences <http://opensrs.us3.list-manage2.com/profile?u=13d4782b22724a03f96459c03&id=4fe8a56c1a&e=6122abc818>
_______________________________________________ NOTE: As of July 10, the mailing list address HAS CHANGED from @linuxbox.org TO @lists.linuxbox.org. Please use the new address in all mail to the list. _______________________________________________ Fun and Misc security discussion for OT posts. http://lists.linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: IMPORTANT: Auth codes and registrant passwords Jeffrey Walton (Aug 11)