httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@telebase.com>
Subject Re: netscape on CNN
Date Wed, 20 Sep 1995 15:09:35 GMT
Rob Hartill liltingly intones:
> 
> 
> I haven't seen mention of this anywhere on the net, but CNN report
> that 2 students have found a bug or loophole that lets them read
> people's credit card numbers in ten minutes. CNN report the Netscape
> will replace the browser next week.
> 
> Does CNN have a scoop or are they talking techno-crap ?
> 

No, unfortunately, it's not crap. The random number generator for the
crypto in Netscape gets seeded only once, with an easily guessable value.
The thing is, you still need an account on the machine running the browser
or a packet sniffer to get the raw data to make your guess. The security
groups have been buzzing about this since the weekend, and a report also
appeared in the New York Times yesterday. Netscape claims they will have
updated browser binaries available as early as next week.

Still, it looks like an oversight that will feed the media paranoia about
Internet commerce. 8^(

chuck
Chuck Murcko	Telebase Systems, Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
Anything that is good and useful is made of chocolate.

Mime
View raw message