Bugtraq mailing list archives

Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")

From: John () LIST ORG (John Viega)
Date: Thu, 16 Dec 1999 10:00:33 -0800


Hopefully my last email answered your questions, but I will summarize
the relevant points if not:

1) The post you mentioned, their crack doesn't work on recent versions
of Windows Netscape, which is what we broke.  These versions use a
much more complex algorithm, which is still very lame.

2) We were unaware of the previous work, and Netscape didn't say "hey,
someone did this before" when we notified them.  In fact, they
definitely reacted as if they knew the problem was there, but hoped no
one would ever bother to exploit it.

John

On Thu, Dec 16, 1999 at 09:07:32AM +0700, Vanja Hrustic wrote:

I was bit confused with this link (
http://www.rstcorp.com/news/bad-crypto-tech.html ), since I am not quite
clear if these guys are just reinventing the wheel, or have found
something new.

Message at:
370D20EF.BE1A63A () vt 
edu">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-04-15&msg=370D20EF.BE1A63A () vt edu</A>

containts the information which (as much as I can see) does the same
thing which guys from RST are mentioning. The messages dates from April
'99.

Is this just another "Lets get some media attention" thing, or I have
missed some important point?

Thanks.

--

Vanja Hrustic
The Relay Group
http://relaygroup.com
Technology Ahead of Time

Current thread:

64bit Sol7 on Ultra1 < 200mhz bug, (continued)
- - - 64bit Sol7 on Ultra1 < 200mhz bug Jake Luck (Dec 11)
    - VDO Live Player 3.02 Buffer Overflow UNYUN (Dec 12)
    - ssh-1.2.27 exploit Jarek Kutylowski (Dec 13)
    - Re: ssh-1.2.27 exploit Iván Arce (Dec 13)
    - Re: ssh-1.2.27 exploit Beto (Dec 15)
    - FreeBSD 3.3 xsoldier root exploit Brock Tellier (Dec 15)
    - Xsoldier xploit (was: FreeBSD 3.3 xsoldier root exploit) Spidey (Dec 15)
    - BindView Security Advisory: Vulnerability in Windows NT's SYSKEY feature BindView Security Advisory (Dec 16)
    - Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities security-alert () CISCO COM (Dec 16)
    - Reinventing the wheel (aka "Decoding Netscape Mail passwords") Vanja Hrustic (Dec 15)
    - Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") John Viega (Dec 16)
    - Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Tim Hollebeek (Dec 16)
    - Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Aleph One (Dec 16)
    - ssh/rsaref bo exploit code Iván Arce (Dec 16)
    - Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Rob Jones (Dec 16)
    - More on Red Hat 6.1 sysklogd David F. Skoll (Dec 19)
    - Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) suid (Dec 19)
    - Netscape password scrambling Gary McGraw (Dec 20)
    - Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Holger van Lengerich (Dec 20)
    - Microsoft Security Bulletin (MS99-059) Microsoft Product Security (Dec 20)
    - (Possible) Linuxconf Remote Buffer Overflow Vulnerability Elias Levy (Dec 21)

(Thread continues...)

Bugtraq mailing list archives

Re: Reinventing the wheel (aka &quot;Decoding Netscape Mail passwords&quot;)

Current thread:

Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords")