Australia's Leading Computer Emergency Response Team

AL-95.03 -- Encryption Vulnerability in Netscape Products
Date: 22 September 1995
Original URL: http://www.auscert.org.au/render.html?cid=1&it=64

Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
AL-95.03                     AUSCERT  Alert
                           September 22, 1995
             Encryption Vulnerability in Netscape Products
- -----------------------------------------------------------------------------
AUSCERT has received advice that messages encrypted and sent by Netscape
Navigator may potentially be decrypted in an unauthorised manner in a
moderate amount of time, using moderate computing power.

This has been confirmed by Netscape.  

Netscape is planning to release patched export (40-bit) versions of
Netscape Navigator 1.1 for Mac OS and Unix, Netscape Navigator 1.2 for
Windows 3.1 and Windows 95 and Netscape Commerce Server next week.  These
will be available from the Netscape home page:

   http://home.netscape.com

Netscape claim that the vulnerability does not affect the strength or
security of SSL or RC4.

For more information, see:

   http://home.netscape.com/newsref/std/random_seed_security.html

- -----------------------------------------------------------------------------
If you believe that your system has been compromised, contact AUSCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

AUSCERT is the Australian Computer Emergency Response Team.  It is located
at The University of Queensland within the Prentice Centre. AUSCERT is a
full member of the Forum of Incident Response and Security Teams (FIRST).

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 4477
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AUSCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Finger pgp@ftp.auscert.org.au to retrieve AUSCERT's public key

iQCVAwUBMI1flih9+71yA2DNAQHWdQP/e33n1ZRx5kcr8Yp+MK9eAIvnifPHGGdO
B+vOgw1sNJf/jMc50AI7xCOt5FvM9QKZgxsQe1d8UqX52+kvtr3rBpACsg52zbjr
IS2oP/MBxKsPFKHL6dxAKBr3Z2a+iGUdVcNqN4vTJNpMmwh9Rjyg3+UPDcrPIiNr
9Sjuje/J654=
=17m0
-----END PGP SIGNATURE-----