New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Lucky enough I didn't get affected
Common Orange Spain subsidiary screwing shit up
They also apologied on twitter
I hope it's possible to enable 2FA on something so critical. Isn't it?
It is
Seems they were not very original when choosing a password... Apparently it had been compromised previously and nobody cared to change it. Mad.
Bella Ciao 🎶
It's only a /12. Who would waste their time on that?
Exactly, a /24 is much bigger than a /12, double the size.
You won't get double because blackfriday already passed
Sure someone would like to double the /12 into a /24, probably even for free.
@tubehosting interesting...
We have nothing to do with it - I don't know why someone chose our ASN for this kind of "fun"
Rumor is that their password was "ripeadmin"
Imagine protecting an entire /12 with the password "ripeadmin"
I have no words for this, if it is true.
Not only that, but they also didn't seem to have activated 2FA.
At this point it is a fail, either-way they want to sugarcoated it .
seriously, how was that password valid in the first place. This is funny for a /12 but what else is out there
OK, I can confirm the breach, just got a mail from RIPE
Dear colleagues,
In light of the recent incident where a RIPE NCC Access account was compromised, we urge you to review your own account security.
Two-Factor Authentication
If you have not already done so, enable two-factor authentication on your RIPE NCC Access account. Using two-factor authentication across all of your accounts can reduce your exposure to attacks like these.
The guide for setting up two-factor authentication on your Access account can be found at:..........
THX @tentor for the heads up!
This is more common than one can image, there are lots of critical services over internet with such passwords waiting to be exploited.
I think it was chosen in 2002 and never changed, I can only speculate but I think people in 2002 didn't know how complex a password should be.
For the developer side of things, you could check if the password complexity on every login but that is not worth it I think.
Yeah if that password is true, one could deduce it's hopefully a policy from the past. I think one can safely agree that it's super sensitive information or with great impact and a proper policy is demanded
Hmmm I'm not entirely sure of this, surely to activate RPKI in the first place someone had to login to the RIPE panel and at that point they would've noticed how weak the password is right. It was very negligent of them to not change it at that point in time, imo.
If you use a password manager I guess you don't check the complexity. Or they have automated it via their own software.
Good for know , Orange spain have lot of stupid employers , but still in first place it's Orange Romania , stupid employers , corruption , birocracy
Regards
Cybersecurity in Spain as a whole is ridiculous. Most companies barely try to secure their shit in general.
There was a recent attack against the official workers comissions in Spain and got all documented by the hacker itself lmao.