From: Dave Evans <devans@hclb.demon.co.uk>
To: cypherpunks@toad.com
Message Hash: 9bb0b5fedad5e687a55d17221b34625bb0782ee8e6e22a134e0a20a39f412ef7
Message ID: <812839578snx@hclb.demon.co.uk>
Reply To: N/A
UTC Datetime: 1995-10-04 13:58:32 UTC
Raw Date: Wed, 4 Oct 95 06:58:32 PDT
From: Dave Evans <devans@hclb.demon.co.uk>
Date: Wed, 4 Oct 95 06:58:32 PDT
To: cypherpunks@toad.com
Subject: [Fwd] Security Threat to Internet shopping (DT)
Message-ID: <812839578snx@hclb.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain
Security threat to Internet shopping
Daily Telegraph (paper edition), 3 October 1995, p. 12
by Robert Uhlig
Home shopping on the Internet is under threat after hackers cracked the
encryption coding used to protect credit card transactions on Netscape,
the most popular software used for access.
A second security flaw, discovered in Microsoft Windows 95's E-Mail
electronic messaging system, has caused alarm.
Ian goldberg and David Wagner, the hackers, belong to a group called
Cypherpunks and said they had exposed Netscape's weaknesses to show the
ease with which digital money or electronic messages could be
intercepted by criminals, governments or business competitors.
The two computer science students took only a few days to find that the
software used a predictable date and time-based formula to generate a
random encryption code made up of 30 numbers each time a message was
sent.
They then posted their findings on the Internet.
Netscape responded by saying it would share parts of the security code
with security experts including the Massachusetts Institute of
Technology in the hope that this would improve its security.
The company has also released a free updated version of its software
for browsing the World Wide Web part of the Internet.
The company said it also planned to extend the encryption key from 30
digits to 300 digits and use more random information to generate the
key.
However, American law on encryption technology forbids the export of
software containing encryption keys longer than 40 digits, so Internet
users outside America will not be able to download copies of the
software from Netscape.
Visa and Microsoft have been working jointly on what they call Secure
Transaction Technology, which they claim will allow users to buy goods
over the Internet.
However, users of Microsoft's Windows 95 have found that it ignores the
security passwords on private electronic mail sent or received using
software other than Windows 95.
(end)
Return to October 1995
Return to “Dave Evans <devans@hclb.demon.co.uk>”
1995-10-04 (Wed, 4 Oct 95 06:58:32 PDT) - [Fwd] Security Threat to Internet shopping (DT) - Dave Evans <devans@hclb.demon.co.uk>