--- begin forwarded text X-Sender: okeefe@olympus.net Mime-Version: 1.0 Date: Wed, 11 Dec 1996 19:32:32 -0800 To: N E W S R E L E A S E <IPS@olympus.net> From: "Steve O'Keefe" <IPS@olympus.net> Subject: NEWS: Web Security Hole Revealed BREAKING NEWS For Release Thursday, December 12, 1996 MAJOR WEB SECURITY FLAW REVEALED (New York) -- Edward Felten, head of Princeton University's Safe Internet Programming Team (SIP), today revealed a major security flaw in the Internet's World Wide Web. Called "web spoofing," the breach allows any Internet server to place itself between a user and the rest of the web. In that middle position, the server may observe, steal and alter any information passing between the unfortunate browser and the web. All major web browsers are vulnerable to web spoofing, including Netscape Navigator and Microsoft Internet Explorer. Using web spoofing, a person can acquire passwords, credit card numbers, account numbers, and other private information, even if transmitted over an apparently secure connection. The Boston Globe published an article about Felten's findings in this morning's "Plugged In" column. The story was written by Simson Garfinkel, technology columnist for HotWired's "Packet" news service. The complete story can be found at the following URL: http://www.boston.com/globe/glohome.shtml Felten will be demonstrating web spoofing TODAY, Thursday, December 12, at the Internet World expo at the Jacob K. Javits Convention Center in New York City. The demonstration will be held at the Wiley Computer Publishing Booth (#822) at 2:00 pm Eastern Time. The web flaw is just the latest in a series of major Internet security problems uncovered by Felten and his team. Felten documents some of these problems in his new book, "Java Security: Hostile Applets, Holes, and Antidotes" to be published in January by Wiley Computer Publishing. For an advance review copy of the book, simply reply to this e-mail. For further information, please contact: Edward Felten: felten@cs.princeton.edu (917) 972-3693 (cellular phone at Internet World) (609) 258-5906 (Princeton University) Jeffrey DeMarrais: jdemarra@wiley.com Wiley Computer Publishing (212) 850-6630 (review copies, interviews) Java Security Web Site: http://www.rstcorp.com/java-security.html Safe Internet Programming Web Site: http://www.cs.princeton.edu/sip/ --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/