From: Jim Choate <ravage@ssz.com>
Date: Wed, 28 Jan 1998 06:10:12 +0800
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Subject: [Fwd: Check this out!] (fwd)
Message-ID: <199801272206.QAA02182@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text



Forwarded message:
>From stugreen@bga.com Tue Jan 27 16:01:14 1998
Sender: root@coney.lsd-labs.com
Message-ID: <34CE5A63.9D29DD2@bga.com>
Date: Tue, 27 Jan 1998 16:06:27 -0600
From: Stu Green <stugreen@bga.com>
X-Mailer: Mozilla 3.01GoldC-Caldera (X11; I; Linux 2.0.33 i586)
MIME-Version: 1.0
To: ravage@ssz.com
Subject: [Fwd: Check this out!]
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Received: from mail1.realtime.net (mail1.realtime.net [205.238.128.217]) by zoom.bga.com (8.6.12/8.6.12) with SMTP id MAA14988 for <stugreen@bga.com>; Tue, 27 Jan 1998 12:39:17 -0600
Received: (qmail 13392 invoked from network); 27 Jan 1998 18:39:14 -0000
Received: from isdn5-69.ip.realtime.net (HELO bga.com) (205.238.160.69)
  by mail1.realtime.net with SMTP; 27 Jan 1998 18:39:14 -0000
Message-ID: <34CE2AD0.F3822BFE@bga.com>
Date: Tue, 27 Jan 1998 12:43:28 -0600
From: David Neeley <dneeley@bga.com>
X-Mailer: Mozilla 4.04 [en] (Win95; I)
MIME-Version: 1.0
To: stugreen@bga.com
Subject: Check this out!
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit

In case you don't get an e-mail newsletter called "Tasty Bits from the
Technology Front" I offer for your enjoyment:


..A warning on Microsoft (in)security

  Basic crypto weakness undermines all claims to security, expert
  says

    Longtime readers know that TBTF has been reporting on security weak-

    nesses in Microsoft's products, particularly Internet Explorer, for
    more than a year [25]. Now a security expert from New Zealand, Peter

    Gutmann, has posted a paper [26] claiming that the flaws are so ser-

    ious that Windows 95 users should entirely refrain from using the
    Web. Among the problems Gutmann points out is a critical weakness in

    the way Microsoft software protects (or does not protect) users'
    master encryption key; this weakness undermines all other encryp-
    tion components in Web servers and browsers. Gutmann outlines how a
    cracker could quietly retrieve the private key from a victim's ma-
    chine and break the encryption that "protects" it in a matter of
    seconds. The attacker has, Gutmann says, then "effectively stolen
    [the user's] digital identity, and can use it to digitally sign
    contracts and agreements, to recover every encryption session key
    it has ever protected in the past and will ever protect in the
    future, to access private and confidential email, and so on."
    TechWeb coverage is here [27].

    [25] http://www.tbtf.com/resource/ms-sec-exploits.html
    [26] http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
    [27] http://www.techweb.com/wire/story/TWB19980123S0007