Fwd: IMPORTANT: Auth codes and registrant passwords

[Jeffrey Walton <noloader () gmail com>]

It looks like OpenSRS got completely pwn'd.

Last week they sent the change password email. Now, the authorization
codes. They have not sent out the email or letter about a compromised
credit card (yet).

---------- Forwarded message ----------
From: OpenSRS <help () opensrs com>
Date: Tue, Aug 11, 2015 at 5:47 PM
Subject: IMPORTANT: Auth codes and registrant passwords
To: *|FNAME|* <noloader () gmail com>


Auth codes and registrant passwords View this email in your browser
<http://us3.campaign-archive2.com/?u=13d4782b22724a03f96459c03&id=ed97e18142&e=6122abc818>

We have recently published a security update on our blog
<http://opensrs.us3.list-manage1.com/track/click?u=13d4782b22724a03f96459c03&id=4783da0493&e=6122abc818>.
As
an additional precautionary measure, we have also reset domain auth codes
and registrant passwords.

*Auth codes*

The new auth codes can be retrieved from our system, as needed, via
the Reseller
Control Panel
<http://opensrs.us3.list-manage.com/track/click?u=13d4782b22724a03f96459c03&id=16eda3d28e&e=6122abc818>or
the API. Some resellers have chosen to store auth codes locally. We
discourage this practice and ask resellers to retrieve auth codes on demand.

*Registrant passwords*

If you or your customers are using the OpenSRS end-user interface (MWI)
<http://opensrs.us3.list-manage.com/track/click?u=13d4782b22724a03f96459c03&id=9aa8e90a9d&e=6122abc818>

to manage domain names your old credentials will no longer work.
*Please note: this change does not affect the password for your reseller
account.*

*How this will impact your business and your customers:*

*End users*

If you direct your customers to the OpenSRS end-user interface (MWI)
<http://opensrs.us3.list-manage1.com/track/click?u=13d4782b22724a03f96459c03&id=65b61a6b8e&e=6122abc818>
to manage their domains, they will continue to have the ability to do so,
but they will need to reset their passwords using the “*Forgot password?*”
functionality.

------------------------------

*Resellers*

Some resellers are currently managing domains on behalf of their customers
using the end-user interface. This interface is not intended for reseller
use. Resellers should be managing domains through the Reseller Control Panel
<http://opensrs.us3.list-manage.com/track/click?u=13d4782b22724a03f96459c03&id=f1cc31f606&e=6122abc818>,
which provides all the domain management options in the end-user interface,
plus many more. Resellers will no longer be able to manage domains through
the end-user interface.

------------------------------

*API users and users of 3rd party software such as WHMCS, Parallels/Odin*

If you are experiencing issues managing customer domains via API or 3rd
party software please contact support at help () opensrs com
<help () opensrs com?subject=Auth%20codes%20and%20registrant%20passwords>. We
will work with you to understand your current deployment parameters and
make the necessary adjustments.

------------------------------


*What to expect in the coming weeks:*

*Registrant passwords*

As an additional security measure, we will be increasing the strength of
the registrant passwords to make them more secure. *The new minimum
password length will be 10 characters and this change will be rolled out on
September 9, 2015*. This may require you to adjust your systems if you have
been setting passwords that are less than 10 characters in length.

We once again apologize for the inconvenience and hope you understand that
these measures have been implemented with the security of your account in
mind.

The OpenSRS team

*Copyright © 2015 OpenSRS, All rights reserved.*
You are receiving this email because you have signed up to receive updates

*Our mailing address is:*
OpenSRS
96 Mowat Avenue, Toronto, ON, Canada
Toronto, ON M6K 1G2
Canada

Add us to your address book
<http://opensrs.us3.list-manage.com/vcard?u=13d4782b22724a03f96459c03&id=4fe8a56c1a>


unsubscribe from this list
<http://opensrs.us3.list-manage1.com/unsubscribe?u=13d4782b22724a03f96459c03&id=4fe8a56c1a&e=6122abc818&c=ed97e18142>
update subscription preferences
<http://opensrs.us3.list-manage2.com/profile?u=13d4782b22724a03f96459c03&id=4fe8a56c1a&e=6122abc818>

_______________________________________________

NOTE: As of July 10, the mailing list address HAS CHANGED from @linuxbox.org TO @lists.linuxbox.org. Please use the new 
address in all mail to the list.
_______________________________________________

Fun and Misc security discussion for OT posts.
http://lists.linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.