~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Here is a press release that Netscape has issued (is about to issue?) concerning their recent miscue. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------- Forwarded message ---------- ********************************************************************* Potential Vulnerability in Netscape Products - Netscape Responding Immediately To Upgrade Customers and Minimize Risk of Future Threats Summary: During regular monitoring of Internet security newsgroups, Netscape has discovered a potential vulnerability in the current version of the Netscape Navigator. Late Sunday evening two UC-Berkeley students posted a message to the Internet detailing their efforts to reverse engineer some security capabilities of the Netscape Navigator. Their efforts revealed how the program generates session encryption keys, enabling them to replicate these keys with a moderate amount of computing power and decipher messages sent across the Internet. The potential vulnerability has since been confirmed by Netscape engineers. With this knowledge an experienced computer programmer could decrypt messages sent by Netscape Navigator to other computers in a few hours of computation time. Netscape secure software has been in use for almost a year on the Internet by millions of customers and no thefts of actual customer information protected by our security have been reported. This posting on the Internet reported a potential vulnerability, not the actual theft of customer information. Netscape plans to address this vulnerability quickly by providing updated software as soon as possible via the Internet. An updated version of Netscape Navigator 1.1 and 1.2 will be available for downloading on the Internet next week by existing customers. In addition, Netscape Navigator 2.0, which was announced yesterday and will be available next week in beta versions, includes this imporvement as well as a number of additional security features. Detailed Issue: Current versions of Netscape Navigator use random information to generate session encryption keys of either 40-bits or 128-bits in length. The random information is found through a variety of functions that look into a user's machine for information about how many processes are running, process ID numbers, the current time in microseconds, etc. The current vulnerability exists because the size of random input is less than the size of the subsequent keys. This means that instead of searching through all the 2^128 possible keys by brute force, a potential intruder only has to search through a significantly smaller key space by brute force. This is substantially easier problem to solve because it takes much less compute time and means 40-bit or 128-bit key strength is substantially reduced. Solution: Netscape is already implementing a fix to the specific portion of our software where this vulnerability exists. We plan to address the problem by significantly increasing the amount of random information that cannot be discovered by external sources from approximately 30-bits to approximately 300-bits. In addition, the random information will be made much more difficult to replicate because we will greatly expand the techniques and sources used to generate the random information. Once this improvement is made, protection of the random information will be as strong as the rest of the security built into Netscape. Netscape has also begun to engage an external group of world class security experts who will review our solution to this problem before it is sent to customers. These experts will validate Netscape's solution and insure that it is complete and effective in solving this vulnerability. The group will be used on an ongoing basis to work with Netscape's internal security experts to review the design and implementation of security in Netscape's products and to provide an additional measure of assurance that these products implement the highest levels of security possible. This discovery does not affect the strength or security of SSL, RC4, or any other portions of our security implementations. The fix will restore Netscape security across all products to the true 40-bit level for Export and true 128-bit level for U.S. Customers intended before this discovery. Current versions of Netscape Navigator should be replaced with updated versions that will be made available next week. In addition, the current version of the Netscape Commerce Server has a similar vulnerability during it's initial key-pair generation. Therefore, a patch will be made available from Netscape and should be applied by Commerce Server customers to generate a new key pair and server certificate. Updating Customers: Netscape will provide the fix for Export (40 bit) versions of Netscape Navigator later this week for downloading by customers on the Internet. Similarly, the Commerce Server patch for Export versions (40 bit) will be made available from our home page. Because downloading of 128 bit versions of the software is still not permitted by U.S. law, U.S. customers of Netscape Navigator, Netscape Navigator Personal Edition and Netscape Commerce Server using 128 bit versions can request the replacement from Netscape for delivery through the regular mail. For additional information or replacements for 128-bit versions of software that you have already purchased, please call the Netscape Replacement Desk at 415-528-3600, email replace@netscape.com, or contact your existing Netscape representative directly. We will inform you immediately when the updated software is available for download.