From: carolann@censored.org (Censored Girls Anonymous)
Date: Sat, 23 Sep 95 05:17:20 PDT
To: cypherpunks@toad.com
Subject: HEY!!! WAS: The Next Hack
Message-ID: <199509231217.FAA27504@usr1.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hey wait a minute!!!

You HAD stated a patch would be available by Friday.
Now we are at early next week.

I watched the stock rise in the face of bad facts.
Almost 25% of your stock changed hands yesterday.

For the moment, it seems to me, anyway, you're getting
a lot of work done here for dirt cheap. I don't know
cypher codes very well, but I know Wall St. codes really
well. And THEY ARE BEING VIOLATED! I am glad there is no
anonymity on Wall St. We are starting to get into the
realm of SEC action. And I could really care much about
what happens out on the list.

This is not a problem that lends itself to 'quick fixes'.
For the only "quick fix you can give is still insecure crypto".

That is the point of this.
You can't really fix it.
Most of us know it.
The lies mount up
on the stock price.

I normally couldn't care less, I'm a Coca-Cola trader.
My stock is at an all time high as I write this.
It's up over 1200% in 10 years. No one can match it. (even MSFT)

This is much worse than NEW COKE!

For you are now better off letting them break key after key,
server after server, until the laws change. 

I'd go back and talk to your management fast.
For now you've become a pawn in a political game.
And millions of dollars change hands daily as a result.

Soon they will halt your stock trading if this keeps up.

Something, in a way far worse than ever having Netscape cracked!

Think about it.

Love Always,

Carol Anne
ps I shipped all the postings to Washington already.

>  What exactly is the point of this?  We have:
>
>	1) acknowledged that the RNG used in the server private-key
>		generation has the same problem
>
>	2) said that we will provide a patch early next week
>
>	3) said that we will provide new certificates for all customers
>
>	4) promised to make source code for our new seed generation code
>		publicly available

>  What else do you hope to gain by breaking a server key?  I think
>Jeff Weinstein - Electronic Munitions Specialist
>Netscape Communication Corporation
>jsw@netscape.com - http://home.netscape.com/people/jsw
>Any opinions expressed above are mine.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMGP6MIrpjEWs1wBlAQFh3QP8D+m5NyD4WNZEyOSzollcUDqEQusjxr5s
0t9455KBAGnvt/5UAyaQ0JdDqZ3wRePsoC9VVxHiiITjhZGbwalcgrDVmajAXVbG
T+Hm4PEpM7tWt+R6pMvjhGcP2ldtzZf+OErE/yCSPTooxuOX5H6bBpb5e88n0eqo
JpbxSBXgCX4=
=C7J9
-----END PGP SIGNATURE-----
--

Member Internet Society  - Certified BETSI Programmer  -  Webmistress
***********************************************************************
Carol Anne Braddock (cab8)  carolann@censored.org   206.42.112.96
My Homepage
The Cyberdoc
***********************************************************************
------------------ PGP.ZIP Part [017/713] -------------------
M8H,),S$8G>&.WP(8IRA`-M['+`Q%&_C"">5-F%LX@<_Q$;*P'',Q$Z/AA[8M
MF=O0H+*%(-S%&>S%+FS&<LS%3(Q&#W1"<]2%`H^;,]^1C$'HBN8PX$4SYAU^
MPGD<Q0ZLA0D+,`MCT!LA**4M[-JPAK9F?40!AJ,CW"'%DR#:'9?Q)3[%<DQ`
-------------------------------------------------------------
for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/