Security Hole In Netscape's Web Server?
tdowling at lib.washington.edu
tdowling at lib.washington.edu
Tue Sep 19 19:44:05 EDT 1995
Taking many credit card orders over there at MUN? :-)
My understanding is that it's only the SSL secure transaction module that
got cracked. Netscape is understandably not sharing any more details
about the problem than they have to, but they do have some news up at
http://www.netscape.com/newsref/std/random_seed_security.html
It also sounds like the problem deals with form submissions from the
browser to the server. Until and unless there is more specific
information to the contrary, I think shutting down your server is an
overreaction.
Thomas Dowling
Networked Information Librarian, Public Services
University of Washington Libraries
tdowling at u.washington.edu
Note from: slavko at kean.ucs.mun.ca
Tue, 19 Sep 95 16:33:13 PDT----------------------------------------
% This morning (tuesday) there was a news story on Canada's national
% news network describing a security hole in Netscape's Web server which
% made it possible for someone to break into your host in about a minute.
% The story also stated that a secure version of Netscape's server would
% be available in a about a week. As soon as I heard the story I dialed into
% my host and shut down the web server. I don't plan on bringing it up
% until the secure version is installed. I am surprised that this story
% has not reached this newsgroup. Any comments?
%
% Slavko Manojlovich
% Head, Systems
% Memorial University Of Newfoundland
%
More information about the Web4lib
mailing list