Hello again, and I have a reply from no-ip :
"We are actually working on something similar. It is not currently live and we do not have an estimated time on when it will be live but will be rolling it out into our update clients and then to all DDNS devices. For now we offer group updates. On No-IP you can create a group name for each hostname. For example if you have graham.noip.me you can create the group graham and set the group password for graham's group to grahampassword. You will now be able to use the username groupname:[email protected] (graham:YourNo-IPUsername or Email) and then the group password for dynamic update clients or DDNS devices." So if anyone uses a different ddns provider - send them an e-mail. Perhaps they are working on closing this security issue as well. I know this is a little "off topic".... - This is my last post on this subject ;) Thanks everyone. -Graham- Graham S. Jarvis wrote on 2014-10-13 11:14: > Hello everybody, > > This may be a strange coincidence - or someone on this list has a lot of > influence !!! > > Mid-September I sent Lonnie a pm about the fact that the inadyn config file > has > the password in cleartext > and it's the same password as the dyn.com account password > and this is a security issue because it gives anyone of my clients access to > the > dyn.com account where all the other dynamic domains are managed. > > By the end of the month dyn.com had introduced a "Updater Client Key" ! > > This is a key that the ddns client uses to update the dns - and it replaces > the > use of the account password. > > Wow! > > All I can say is - keep up the good work!!!! > > -Graham- > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://p.sf.net/sfu/Zoho > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
