[AusNOG] APNIC resets passwords after whois credentials spill

David Smith davids at lbnco.com.au
Wed Oct 25 00:29:02 EST 2017


Seems to be a positive comment on the action but with a corresponding
negative on the exposure itself.

Perhaps you should choose a viewpoint when posting to a forum for
"professionals" (yes, these are air-quotes, as IT engineers we mostly make
it up as we go). I think that is safe to say that all of us understand
that, despite our efforts, "these things happen".

Having said that, if anyone on the list believes that they deliver error
free solutions please contact me off list. Based on feedback I have now
defined the first Thursday of each month as Superhero Day thus making a
role in my team highly desirable.

I'm also open to offering free haircuts (from a qualified follicologist)
for those that exceed their KPIs.

Regards,

Dave



On 24 October 2017 at 23:03, Bevan Slattery <bevan at slattery.net.au> wrote:

> +1.  Exemplary.
>
> [b]
>
> On 24 Oct 2017, at 9:12 pm, Ian Henderson <ianh at ianh.net.au> wrote:
>
> On 24 October 2017 at 07:00, Mister Pink <misterpink at gmail.com> wrote:
>
>> APNIC has been forced to reset all passwords for objects in its whois
>> database after leaking authentication credentials that were hashed with a
>> relatively weak hashing algo.
>>
>
> Hats off to APNIC's response here, they were honest, timely, and decisive.
> Sure this should have been cleaned up years ago, but eh, these things
> happen.
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20171025/6021e0aa/attachment.html>


More information about the AusNOG mailing list