From: “Mullen Patrick” <Mullen.Patrick@mail.ndhm.gtegsc.com>
To: pgut001@cs.auckland.ac.nz
Message Hash: 36a3c9761dbac1354a077a4b17b1ff1f840bed066fe24af018e865bb5a901d7f
Message ID: <n1368390846.43521@mail.ndhm.gtegsc.com>
Reply To: N/A
UTC Datetime: 1996-09-26 17:35:58 UTC
Raw Date: Fri, 27 Sep 1996 01:35:58 +0800
From: "Mullen Patrick" <Mullen.Patrick@mail.ndhm.gtegsc.com>
Date: Fri, 27 Sep 1996 01:35:58 +0800
To: pgut001@cs.auckland.ac.nz
Subject: RE: How to break Netscape's server key encryption - Followup
Message-ID: <n1368390846.43521@mail.ndhm.gtegsc.com>
MIME-Version: 1.0
Content-Type: text/plain
Could someone please repost the code referred to in this posting?
I seem to have missed it, and I'm curious to see how it works.
Thanks!
Patrick
_______________________________________________________________________________
From: pgut001@cs.auckland.ac.nz on Thu, Sep 26, 1996 9:47
Subject: How to break Netscape's server key encryption - Followup
To: cypherpunks@toad.com
There has been a successful hostile attack on a Netscape server key using the
code I posted yesterday. I was contacted earlier today by someone who told me
he had in the past obtained Netscape server keys and PGP private keys from
Windows NT machines running Microsofts insecure FTP server which allows access
to the entire drive (he found some of the PGP keys using archie searches -
ouch!). He lives somewhere with nasty anti-hacking laws and definitely
doesn't
want his identity known, but after some pleading said I could reveal the
following:
- He used the cracklib dictionary to get the password
- The password was found "very quickly"
- The password was a female name
- He deleted the server key after he'd found the password
- He did it merely out of idle curiosity and has no intention of misusing
the
information.
- He definitely doesn't want to be contacted
Peter.
------------------ RFC822 Header Follows ------------------
Received: by mail.ndhm.gtegsc.com with SMTP;26 Sep 1996 09:47:35 -0400
Received: from toad.com by delphi.ndhm.gtegsc.com with SMTP;
Thu, 26 Sep 1996 13:44:58 GMT
Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id CAA12813 for
cypherpunks-outgoing; Thu, 26 Sep 1996 02:53:13 -0700 (PDT)
Received: from cs20.cs.auckland.ac.nz (root@cs20.cs.auckland.ac.nz
[130.216.34.10]) by toad.com (8.7.5/8.7.3) with ESMTP id CAA12807 for
<cypherpunks@toad.com>; Thu, 26 Sep 1996 02:53:09 -0700 (PDT)
From: pgut001@cs.auckland.ac.nz
Received: from cs26.cs.auckland.ac.nz by cs20.cs.auckland.ac.nz (8.7/4.7)
id VAA14298; Thu, 26 Sep 1996 21:54:11 +1200 (NZST)
Received: by cs26.cs.auckland.ac.nz (relaymail v0.9)
id <84373168812186>; Thu, 26 Sep 1996 21:54:48 (NZST)
To: cypherpunks@toad.com
Subject: How to break Netscape's server key encryption - Followup
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
X-Authenticated: relaymail v0.9 on cs26.cs.auckland.ac.nz
Date: Thu, 26 Sep 1996 21:54:48 (NZST)
Message-ID: <84373168812186@cs26.cs.auckland.ac.nz>
Sender: owner-cypherpunks@toad.com
Precedence: bulk
Return to September 1996
Return to ““Mullen Patrick” <Mullen.Patrick@mail.ndhm.gtegsc.com>”
1996-09-26 (Fri, 27 Sep 1996 01:35:58 +0800) - RE: How to break Netscape’s server key encryption - Followup - “Mullen Patrick” <Mullen.Patrick@mail.ndhm.gtegsc.com>