From: pgut001@cs.auckland.ac.nz
To: cypherpunks@toad.com
Message Hash: 684d7abc8f00dea8ea5f24a59339a3faa9438ecffe3dcce26c2dd59ef4f19be9
Message ID: <84373168812186@cs26.cs.auckland.ac.nz>
Reply To: N/A
UTC Datetime: 1996-09-26 12:28:24 UTC
Raw Date: Thu, 26 Sep 1996 20:28:24 +0800
From: pgut001@cs.auckland.ac.nz
Date: Thu, 26 Sep 1996 20:28:24 +0800
To: cypherpunks@toad.com
Subject: How to break Netscape's server key encryption - Followup
Message-ID: <84373168812186@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain
There has been a successful hostile attack on a Netscape server key using the
code I posted yesterday. I was contacted earlier today by someone who told me
he had in the past obtained Netscape server keys and PGP private keys from
Windows NT machines running Microsofts insecure FTP server which allows access
to the entire drive (he found some of the PGP keys using archie searches -
ouch!). He lives somewhere with nasty anti-hacking laws and definitely doesn't
want his identity known, but after some pleading said I could reveal the
following:
- He used the cracklib dictionary to get the password
- The password was found "very quickly"
- The password was a female name
- He deleted the server key after he'd found the password
- He did it merely out of idle curiosity and has no intention of misusing the
information.
- He definitely doesn't want to be contacted
Peter.
Return to September 1996
Return to “pgut001@cs.auckland.ac.nz”
1996-09-26 (Thu, 26 Sep 1996 20:28:24 +0800) - How to break Netscape’s server key encryption - Followup - pgut001@cs.auckland.ac.nz