[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd] Security Threat to Internet shopping (DT)

Security threat to Internet shopping

Daily Telegraph (paper edition), 3 October 1995, p. 12

by Robert Uhlig

Home shopping on the Internet is under threat after hackers cracked the
encryption coding used to protect credit card transactions on Netscape,
the most popular software used for access.

A second security flaw, discovered in Microsoft Windows 95's E-Mail
electronic messaging system, has caused alarm.

Ian goldberg and David Wagner, the hackers, belong to a group called
Cypherpunks and said they had exposed Netscape's weaknesses to show the
ease with which digital money or electronic messages could be
intercepted by criminals, governments or business competitors.

The two computer science students took only a few days to find that the
software used a predictable date and time-based formula to generate a
random encryption code made up of 30 numbers each time a message was

They then posted their findings on the Internet.

Netscape responded by saying it would share parts of the security code
with security experts including the Massachusetts Institute of
Technology in the hope that this would improve its security.

The company has also released a free updated version of its software
for browsing the World Wide Web part of the Internet.

The company said it also planned to  extend the encryption key from 30
digits to 300 digits and use more random information to generate the

However, American law on  encryption technology forbids the export of
software  containing encryption keys longer than 40 digits, so Internet
users outside America will not be able to download copies of the
software from Netscape.

Visa and Microsoft have been working jointly on what they call Secure
Transaction Technology, which they claim will allow users to buy goods
over the Internet.

However, users of Microsoft's Windows 95 have found that it ignores the
security passwords on private electronic mail  sent or received using
software other than Windows 95.