Re: Has anyone verified whether is is valid?

[mrousseau () SECURED ORG (Maxime Rousseau)]

Hello,

> From what i read so far, its nothing much. The key is only an communication
obsfucation key used to obsfucate traffic between the client and the server
dll's. It allows you to do nifty stuff but I wouldnt describe this as a
backdoor with the ammount of info i have so far. There is no known (to me)
evidence that supports the thesis of a 'backdoor to r00t every web site' the
media like to spread. If you did not have access to the web site in the
first place this isnt going to get you access.

So its a media hype (wow, big surprise. they really love to make fool of
themselves).

You might want to check NTBugtraq on this, it has valuable info. Rain Forest
Puppy (RFP) also released a little advisory describing (very breifly) the
problem and included a small snippet of code to show what it does.

Relevant URLs are:
http://www.ntbugtraq.com
http://www.wiretrip.net

Hope this helps,

M.
Secured Industries
Why fear the unknown?

PS: the key is however very interesting, i wonder what netscape engineers
think of it :)