Security threat to Internet shopping Daily Telegraph (paper edition), 3 October 1995, p. 12 by Robert Uhlig Home shopping on the Internet is under threat after hackers cracked the encryption coding used to protect credit card transactions on Netscape, the most popular software used for access. A second security flaw, discovered in Microsoft Windows 95's E-Mail electronic messaging system, has caused alarm. Ian goldberg and David Wagner, the hackers, belong to a group called Cypherpunks and said they had exposed Netscape's weaknesses to show the ease with which digital money or electronic messages could be intercepted by criminals, governments or business competitors. The two computer science students took only a few days to find that the software used a predictable date and time-based formula to generate a random encryption code made up of 30 numbers each time a message was sent. They then posted their findings on the Internet. Netscape responded by saying it would share parts of the security code with security experts including the Massachusetts Institute of Technology in the hope that this would improve its security. The company has also released a free updated version of its software for browsing the World Wide Web part of the Internet. The company said it also planned to extend the encryption key from 30 digits to 300 digits and use more random information to generate the key. However, American law on encryption technology forbids the export of software containing encryption keys longer than 40 digits, so Internet users outside America will not be able to download copies of the software from Netscape. Visa and Microsoft have been working jointly on what they call Secure Transaction Technology, which they claim will allow users to buy goods over the Internet. However, users of Microsoft's Windows 95 have found that it ignores the security passwords on private electronic mail sent or received using software other than Windows 95. (end)