[members-discuss] [ncc-announce] Attack on RIPE NCC Access - Please Enable Two-Factor Authentication

Hi to all!

 

+1 to Steffen’s idea.

+1 to Elvis‘s idea.

 

Mit freundlichen Grüßen

 

p.p.a. Jan Plassmann

JHP-IT.net UG & Co. KG 

 

Mail:  <mailto:jan.plassmann at jhp-it.net> jan.plassmann at jhp-it.net

Telefon: +49 30 120 85 58 - 23

Mobil:   +49 1522 865 32 81

 

-----------------------------------------------------------------------------

 

JHP-IT.net UG & Co. KG 

 

   Just Handle IT Professionally

 

 

Schillerstrasse 10

10625 Berlin

Mail:       <mailto:office at jhp-it.net> office at jhp-it.net

Telefon: +49 30 120 85 58 - 20

Telefax:  +49 30 120 85 58 - 21

 

 

Geschäftsstelle Hamburg:

Am Wasserberg 11b

22869 Schenefeld

Telefon: 040 – 84 60 25 37

Telefax: 040 – 18 11 65 83

 

Geschäftsführerin und Inhaberin:

Anna Bisping

Einzelprokura:

Jan-Henning Plassmann

Sitz der Gesellschaft: Berlin

Handelsregister: Berlin Charlottenburg HRA 50707 B, USt.-Id.-Nr: DE 301 403 084

Bankverbindung: Berliner Volksbank, IBAN: DE05 1009 0000 2557 4290 02, BIC: BEVODEBB         

 

 

This message and any attachments are confidential as a business secret and are intended solely for the use of the individual or entity to whom they are addressed. 
If you are not the intended recipient, please telephone or e-mail the sender and delete this message and any attachment from your system. Also, if you are not the 
intended recipient you should not disclose the content or take / retain / distribute any copies. 

Diese von Ihnen erhaltene E-Mail und die anliegenden Dateien sind das Geheimnis des Unternehmens und sind ausschließlich für die angeführten Adressaten 
bestimmt. Sollten Sie nicht der richtige Empfänger sein, informieren Sie bitte umgehend den Absender und vernichten Sie diese E-Mail. Unbefugte Weitergabe der 
erhaltenen Informationen sowie das unerlaubte Kopieren / Speichern / Verbreiten der erhaltenen Informationen ist nicht gestattet

 

 

Von: members-discuss <members-discuss-bounces at ripe.net> Im Auftrag von Elvis Daniel Velea
Gesendet: Freitag, 19. Februar 2021 09:48
An: Steffen Weinreich <steffen.weinreich at mdex.de>
Cc: Ivo Dijkhuis <ivo.dijkhuis at ripe.net>; members-discuss at ripe.net
Betreff: Re: [members-discuss] [ncc-announce] Attack on RIPE NCC Access - Please Enable Two-Factor Authentication

 

Hi,

 

+1 to Steffen’s idea.

 

Also, a couple of questions... how can I find out if someone (attempts to) login with my SSO? 

 

Can the RIPE NCC provide a page showing a list of last 5-10-100 (un)successful logins? 

 

How about e-mail notifications (with the IP address of the attacker) when a failed login attempt is made? 

Can I get an e-mail notification that someone has logged in, every time a successful login happens?

- I’d like these to be opt-in

 

Elvis 

 

On Fri, Feb 19, 2021 at 00:40 Steffen Weinreich <steffen.weinreich at mdex.de <mailto:steffen.weinreich at mdex.de> > wrote:

Hi Ivo,

Thanks for the heads up.

It would be usefull if a LIR Admin user in the portal could see if "his"
users have the 2FA enabled. That way I could encourage my colleagues
without 2FA  to enable.

CC: to the members-discuss for feedback on the suggestion. 

mit freundlichen Grüßen

Steffen Weinreich

-- 
Wireless Logic mdex GmbH
Bäckerbarg 6, 22889 Tangstedt, Germany <https://www.google.com/maps/search/B%C3%A4ckerbarg+6,+22889+Tangstedt,+Germany?entry=gmail&source=g> 

Am 18.02.21 um 16:49 schrieb Ivo Dijkhuis:

> Dear colleagues,
>
> Last weekend, RIPE NCC Access, our single sign-on (SSO) service was
> affected by what appears to be a deliberate ‘credential-stuffing’
> attack, which caused some downtime. We mitigated the attack, and we are
> now taking steps to ensure that our services are better protected
> against such threats in the future.
>
> Our preliminary investigations do not indicate that any SSO accounts
> have been compromised. If we do find that an account has been affected
> in the course of our investigations, we will contact the account holder
> individually to inform them.
>
> We would like to ask you to enable two-factor authentication on your
> RIPE NCC Access account if you have not already done so to ensure that
> your account is secure. In general, using two-factor authentication
> across all your accounts can help limit your exposure to such attacks.
>
> If you notice any suspicious activity in your RIPE NCC Access account,
> please contact us immediately at <security at ripe.net <mailto:security at ripe.net> >.
>
> Best regards,
>
> Ivo Dijkhuis
> Senior Information Security Officer,
> RIPE NCC
>

_______________________________________________
members-discuss mailing list
members-discuss at ripe.net <mailto:members-discuss at ripe.net> 
https://mailman.ripe.net/
Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/elvis%40v4escrow.net

-- 

This message was sent from a mobile device. Some typos may be possible. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.ripe.net/ripe/mail/archives/members-discuss/attachments/20210219/2c94ac1b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1861 bytes
Desc: not available
URL: <https://www.ripe.net/ripe/mail/archives/members-discuss/attachments/20210219/2c94ac1b/attachment.png>