IP: New security flaw in Netscape/SSL

[David Farber <farber () central cis upenn edu>]

If you are aware of anyone on campus relying on the security of
Netscape's Commerce Server for any web-based application,
please contact me immediately.


The New York Times is reporting today ("Security Flaw is Discovered in
Software Used in Shopping", Page A1) that "a serious security flaw has
been discovered in Netscape"


The article goes on.. "The flaw, which could enable a knowledgeable
criminal to use a computer to break Netscape's security coding system in
less than a minute, means that no one using the software can be certain
of protecting credit card information, bank account numbers or other
types of information that Netscape is supposed to keep private during
on-line transactions."


"...Netscape Communications Corporation, which produces the software,
said today that the flaw could be fixed and that new copies of the
software would be distributed as early as next week."


University Information Security Officer