[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

COMMUNITY CONNEXION OFFERS REWARD FOR EXPOSING ENCRYPTION FLAWS



For Immediate Release
Contact: [email protected] 510-601-9777

COMMUNITY CONNEXION OFFERS REWARD FOR EXPOSING ENCRYPTION FLAWS

Sept 19 1995 - Community ConneXion, a privacy server and ISP in
Berkeley, California, today announced that it will be offering an
incentive to the net to expose security flaws in some software that is
advertised on the net as secure.

This weekend a member of the cypherpunks community, Ian Goldberg, and
his officemate, David Wagner, revealed a method which would allow
someone to break the encryption used by Netscape Navigator in 25
seconds. Netscape Communications Corporation has been advertising
their products as a "secure" way of communicating sensitive
information over the net. People have been using this Netscape
software to send their credit card numbers over the net, communicate
with their brokers, and other tasks requiring security.

"Netscape was apparently relying on security by obscurity in this
case," said Community ConneXion's founder, Sameer Parekh.

In light of this recent break and the earlier two brute force attacks
on the encryption used in the international version of Netscape
Navigator (crippled because of restrictions on the export of
cryptography from the United States) Community ConneXion has offered a
challenge to the net community to find more holes. Ian, David, and the
people responsible for the brute-force attacks will be receiving free
limited-edition T-shirts for their work.

"The more holes people find, the more holes will get fixed. Netscape
makes the most widely used commercial WWW software out there, so it is
in the net's best interest for netscape to have good security. By
exposing the holes in netscape, we will hopefully get them fixed,"
said Sameer.

Details about the HackNetscape promotion are available from
http://www.c2.org/hacknetscape, or by sending mail to
[email protected].

Community ConneXion is the premier internet privacy ISP. They offer
anonymous accounts, remailers, and psuedonym servers, in addition to
the standard ISP fare of webspace and dialup IP access. Information is
available from http://www.c2.org or mailing [email protected].

Netscape and Netscape Navigator are trademarks of Netscape
Communications Corporation. This promotion is not affiliated with NCC.