Security Hole In Netscape's Web Server?

tdowling at lib.washington.edu tdowling at lib.washington.edu
Tue Sep 19 19:44:05 EDT 1995


Taking many credit card orders over there at MUN?  :-)

My understanding is that it's only the SSL secure transaction module that 
got cracked.  Netscape is understandably not sharing any more details 
about the problem than they have to, but they do have some news up at 
http://www.netscape.com/newsref/std/random_seed_security.html

It also sounds like the problem deals with form submissions from the 
browser to the server.  Until and unless there is more specific 
information to the contrary, I think shutting down your server is an 
overreaction.

Thomas Dowling
Networked Information Librarian, Public Services
University of Washington Libraries
tdowling at u.washington.edu


Note from:  slavko at kean.ucs.mun.ca
Tue, 19 Sep 95 16:33:13 PDT----------------------------------------
 % This morning (tuesday) there was a news story on Canada's national
 % news network describing a security hole in Netscape's Web server which
 % made it possible for someone to break into your host in about a minute.
 % The story also stated that a secure version of Netscape's server would
 % be available in a about a week. As soon as I heard the story I dialed into
 % my host and shut down the web server. I don't plan on bringing it up 
 % until the secure version is installed. I am surprised that this story
 % has not reached this newsgroup. Any comments?
 % 
 % Slavko Manojlovich
 % Head, Systems
 % Memorial University Of Newfoundland
 % 


More information about the Web4lib mailing list