funsec mailing list archives
Re: Important notice about your addons.mozilla.org account
From: Reed Loden <reed () reedloden com>
Date: Tue, 28 Dec 2010 02:06:35 -0600
On Mon, 27 Dec 2010 21:46:09 -0500 Larry Seltzer <larry () larryseltzer com> wrote:
Does this look right to you? The only links in it are e-mail addresses on Mozilla.org, but there's nothing about this on the add-ons site or their discussion forum.
It's legit. http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
I think it must be legit, but it's clumsy. In fact I can't log in to my addons.mozilla.org account with the password I think I used, but I've forgotten these things in the past.
Only users who had not changed their passwords since the transition to SHA-512 hashes were sent the e-mail (those who still had MD5 hashes in the DB). Since you received the e-mail, you'll need to go through the normal "forgotten password" process to get a new password, as the MD5 hashes were all removed. ~reed Mozilla Security Group -- Reed Loden reed () reedloden com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Important notice about your addons.mozilla.org account Larry Seltzer (Dec 27)
- Re: Important notice about your addons.mozilla.org account Jason Lewis (Dec 27)
- Re: Important notice about your addons.mozilla.org account Reed Loden (Dec 28)
- Re: Important notice about your addons.mozilla.org account Larry Seltzer (Dec 28)
- Re: Important notice about your addons.mozilla.org account Reed Loden (Dec 29)
- Re: Important notice about your addons.mozilla.org account Larry Seltzer (Dec 28)