[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE
- To: [email protected]
- Subject: COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE
- From: sameer <[email protected]>
- Date: Wed, 20 Sep 1995 01:18:41 -0700 (PDT)
- Pgp-Strong-Print: 3C AE E4 00 C2 6A 81 FF 49 4E EE 0C CD CD 1D 80
- Sender: [email protected]
Sept. 20, 1995
For Immediate Release
Contact: Sameer Parekh 510-601-9777
COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE
In response to Ian Goldberg and David Wagner's recent cryptanalysis
and defeat of Netscape Navigator's security, Netscape Communications
Corporation has recently issued a press release describing the work
Ian and David had done, announced a fix, and offered comments on what
they felt were the implications on the security of their software.
Community ConneXion congratulated Netscape Communications Corporation
today for their quick response to this security problem. The fact that
they responded to the problem within two days of its publication
reflects well upon their responsiveness to the internet community,
said Sameer Parekh, Community ConneXion founder.
Sameer noted, however, that their release contained a number of
inaccuracies. He wrote a document detailing the inaccuracies that he
found, available via the World-Wide-Web at
http://www.c2.org/hacknetscape/critique.phtml.
He noted that they overestimated the time necessary to exploit the bug
by roughly two orders of magnitude. The description of the bug was
also flawed, said Sameer. Finally, he described how the solution
Netscape was presenting to the problem was viewed by many members of
the internet security community as only a partial fix.
"Millions of customers and their sensitive information are at
stake. Had Ian and Dave been criminals rather than honest students,
they might have taken this opportunity to steal credit card numbers,
snoop on people's financial transactions, and possibly more."
"Are we going to take the chance that the next person who finds a
Netscape bug may be someone who would rather steal lots of money than
win some T-shirt?" asked Sameer, referring to the T-shirt promotion
his company has developed, offering free T-shirts to people who have
found holes in Netscape security software.
Community ConneXion is the premier internet privacy ISP. They offer
anonymous accounts, remailers, and psuedonym servers, in addition to
the standard ISP fare of webspace and dialup IP access. Information is
available from http://www.c2.org or mailing [email protected].
Netscape and Netscape Navigator are trademarks of Netscape
Communications Corporation.