[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: Check this out!] (fwd)




Forwarded message:
>From [email protected] Tue Jan 27 16:01:14 1998
Sender: [email protected]
Message-ID: <[email protected]>
Date: Tue, 27 Jan 1998 16:06:27 -0600
From: Stu Green <[email protected]>
X-Mailer: Mozilla 3.01GoldC-Caldera (X11; I; Linux 2.0.33 i586)
MIME-Version: 1.0
To: [email protected]
Subject: [Fwd: Check this out!]
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Received: from mail1.realtime.net (mail1.realtime.net [205.238.128.217]) by zoom.bga.com (8.6.12/8.6.12) with SMTP id MAA14988 for <[email protected]>; Tue, 27 Jan 1998 12:39:17 -0600
Received: (qmail 13392 invoked from network); 27 Jan 1998 18:39:14 -0000
Received: from isdn5-69.ip.realtime.net (HELO bga.com) (205.238.160.69)
  by mail1.realtime.net with SMTP; 27 Jan 1998 18:39:14 -0000
Message-ID: <[email protected]>
Date: Tue, 27 Jan 1998 12:43:28 -0600
From: David Neeley <[email protected]>
X-Mailer: Mozilla 4.04 [en] (Win95; I)
MIME-Version: 1.0
To: [email protected]
Subject: Check this out!
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit

In case you don't get an e-mail newsletter called "Tasty Bits from the
Technology Front" I offer for your enjoyment:


..A warning on Microsoft (in)security

  Basic crypto weakness undermines all claims to security, expert
  says

    Longtime readers know that TBTF has been reporting on security weak-

    nesses in Microsoft's products, particularly Internet Explorer, for
    more than a year [25]. Now a security expert from New Zealand, Peter

    Gutmann, has posted a paper [26] claiming that the flaws are so ser-

    ious that Windows 95 users should entirely refrain from using the
    Web. Among the problems Gutmann points out is a critical weakness in

    the way Microsoft software protects (or does not protect) users'
    master encryption key; this weakness undermines all other encryp-
    tion components in Web servers and browsers. Gutmann outlines how a
    cracker could quietly retrieve the private key from a victim's ma-
    chine and break the encryption that "protects" it in a matter of
    seconds. The attacker has, Gutmann says, then "effectively stolen
    [the user's] digital identity, and can use it to digitally sign
    contracts and agreements, to recover every encryption session key
    it has ever protected in the past and will ever protect in the
    future, to access private and confidential email, and so on."
    TechWeb coverage is here [27].

    [25] http://www.tbtf.com/resource/ms-sec-exploits.html
    [26] http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
    [27] http://www.techweb.com/wire/story/TWB19980123S0007