Sept. 20, 1995 For Immediate Release Contact: Sameer Parekh 510-601-9777 COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE In response to Ian Goldberg and David Wagner's recent cryptanalysis and defeat of Netscape Navigator's security, Netscape Communications Corporation has recently issued a press release describing the work Ian and David had done, announced a fix, and offered comments on what they felt were the implications on the security of their software. Community ConneXion congratulated Netscape Communications Corporation today for their quick response to this security problem. The fact that they responded to the problem within two days of its publication reflects well upon their responsiveness to the internet community, said Sameer Parekh, Community ConneXion founder. Sameer noted, however, that their release contained a number of inaccuracies. He wrote a document detailing the inaccuracies that he found, available via the World-Wide-Web at http://www.c2.org/hacknetscape/critique.phtml. He noted that they overestimated the time necessary to exploit the bug by roughly two orders of magnitude. The description of the bug was also flawed, said Sameer. Finally, he described how the solution Netscape was presenting to the problem was viewed by many members of the internet security community as only a partial fix. "Millions of customers and their sensitive information are at stake. Had Ian and Dave been criminals rather than honest students, they might have taken this opportunity to steal credit card numbers, snoop on people's financial transactions, and possibly more." "Are we going to take the chance that the next person who finds a Netscape bug may be someone who would rather steal lots of money than win some T-shirt?" asked Sameer, referring to the T-shirt promotion his company has developed, offering free T-shirts to people who have found holes in Netscape security software. Community ConneXion is the premier internet privacy ISP. They offer anonymous accounts, remailers, and psuedonym servers, in addition to the standard ISP fare of webspace and dialup IP access. Information is available from http://www.c2.org or mailing info@c2.org. Netscape and Netscape Navigator are trademarks of Netscape Communications Corporation.