nanog mailing list archives
Re: Internic PGP Auth busted
From: Dean Gaudet <dgaudet-list-nanog () arctic org>
Date: Mon, 23 Feb 1998 12:51:28 -0800 (PST)
I posted a rant about this to bugtraq almost a year ago. In the case where it happened to me I was already annoyed because an update that had been NAKed several times was applied when a single ACK was received over a month later (sent by a former employee who happened to have the month old NOTIFY). And then when I called them to ask them WTF they requested that I fax them some letterhead to "prove" that I was who I said I was. The fellow on the phone really had no idea how ludicrous that assertion was. I'm afraid I lost my temper. I put a tiny amount of effort into determining if there was anything cryptographically secure in the NOTIFY. I suspect there wasn't -- but I gave up before concluding that because their system was returning responses up to a week later, and I didn't feel like pipelining my efforts that much just to prove that the system was completely broken. I've no idea if it's still this broken. Dean On Fri, 20 Feb 1998, Sanjay Dani wrote:
requirement so that you can then change each one to CRYPT. [File away that first response that has your encrypted password. I am told you don't ever get it again.]If you are lucky (?), the (A)ck/(N)ak NOTIFY message that goes to the "other" contact might include your password. I saw my password, as the admin contact for a domain, included in the NOTIFY message that went to the technical contact, luckily it was our own NOC. Regards, Sanjay. PS. Thanks to everyone who responded to my query on overseas telco provisioning, I will post one summary when the info is complete. --------------------------------------------------------------- Web Professionals, Inc. Direct: +1 408-863-4850 20111 Stevens Creek Blvd, Suite 145 Biz/NOC: +1 408-863-4848 Cupertino CA 95014 USA http://web.professionals.com --------------------------------------------------------------- -=- Your Outsourcing Partner for Website and Server Hosting -=-
Current thread:
- Internic PGP Auth busted Greg Ketell (Feb 20)
- Re: Internic PGP Auth busted Christopher Caldwell (Feb 20)
- Re: Internic PGP Auth busted Greg Ketell (Feb 20)
- Re: Internic PGP Auth busted ken emery (Feb 20)
- Re: Internic PGP Auth busted Jon Green (Feb 23)
- Re: Internic PGP Auth busted Greg Ketell (Feb 20)
- Re: Internic PGP Auth busted Steve Hultquist (Feb 23)
- <Possible follow-ups>
- Re: Internic PGP Auth busted Sanjay Dani (Feb 23)
- Re: Internic PGP Auth busted Dean Gaudet (Feb 23)
- Re: Internic PGP Auth busted John Caruso (Feb 23)
- Re: Internic PGP Auth busted Dean Gaudet (Feb 23)
- Re: Internic PGP Auth busted Christopher Caldwell (Feb 20)