COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE

sameer sameer at c2.org
Wed Sep 20 01:23:47 PDT 1995


Sept. 20, 1995
For Immediate Release
Contact: Sameer Parekh 510-601-9777

COMMUNITY CONNEXION CORRECTS INACCURACIES IN NETSCAPE PRESS RELEASE

In response to Ian Goldberg and David Wagner's recent cryptanalysis
and defeat of Netscape Navigator's security, Netscape Communications
Corporation has recently issued a press release describing the work
Ian and David had done, announced a fix, and offered comments on what
they felt were the implications on the security of their software.

Community ConneXion congratulated Netscape Communications Corporation
today for their quick response to this security problem. The fact that
they responded to the problem within two days of its publication
reflects well upon their responsiveness to the internet community,
said Sameer Parekh, Community ConneXion founder.

Sameer noted, however, that their release contained a number of
inaccuracies. He wrote a document detailing the inaccuracies that he
found, available via the World-Wide-Web at
http://www.c2.org/hacknetscape/critique.phtml.

He noted that they overestimated the time necessary to exploit the bug
by roughly two orders of magnitude. The description of the bug was
also flawed, said Sameer. Finally, he described how the solution
Netscape was presenting to the problem was viewed by many members of
the internet security community as only a partial fix.

"Millions of customers and their sensitive information are at
stake. Had Ian and Dave been criminals rather than honest students,
they might have taken this opportunity to steal credit card numbers,
snoop on people's financial transactions, and possibly more."

"Are we going to take the chance that the next person who finds a
Netscape bug may be someone who would rather steal lots of money than
win some T-shirt?" asked Sameer, referring to the T-shirt promotion
his company has developed, offering free T-shirts to people who have
found holes in Netscape security software.

Community ConneXion is the premier internet privacy ISP. They offer
anonymous accounts, remailers, and psuedonym servers, in addition to
the standard ISP fare of webspace and dialup IP access. Information is
available from http://www.c2.org or mailing info at c2.org.

Netscape and Netscape Navigator are trademarks of Netscape
Communications Corporation.





More information about the cypherpunks-legacy mailing list