[ISN] Latest Email Security Flaw Raises New Concerns

From: mea culpa (jerichot_private)
Date: Mon Oct 05 1998 - 16:53:23 PDT

  • Next message: mea culpa: "[ISN] Navy gets hack probes"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimet_private for more info.
    
    --------------BAB129A8846F0745340485A1
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.981002182939.27694ft_private>
    
    
    
    Forwarded From: David Day <ddayt_private>
    
    http://my.excite.com/news/r/980929/10/tech-email
    
    Latest Email Security Flaw Raises New Concerns
    By Andrea Orr  
    
    PALO ALTO, Calif.  (Reuters) - A new hole has been discovered in the
    security a popular Internet browser program, once again calling into
    question the confidentiality of information exchanged over the Internet.
    The problem, found in Netscape Communications Corp.'s Internet browser,
    was the latest in a series of holes in email and Internet browsing
    software that have surfaced over the summer. Although most of the problems
    discovered so far have been quickly corrected, some experts say they fear
    that, collectively, they may be pointing to a major security crisis in
    cyberspace. The latest security flaw involves the so-called caching
    feature on several versions of Netscape's browser. This feature captures
    information to provide a record of sites visited, a sort of trail of one's
    travels around cyberspace. 
    
    Dan Brumlee, a 20-year-old independent computer consultant in Sunnyvale,
    Calif., discovered he could write a program that would allow him to access
    this information from another computer.  His finding led to online di
    scussions into the matter over the weekend and was the subject of a New
    York Times article on Monday.  It was not immediately clear how much
    private information might be gleaned from this technique.  The common
    example cited was employers exploiting the hole to see if their employees
    were visiting porn sites. Other sec urity experts warned the potential
    abuses went much further.  "It gives you a real shortcut to what somebody
    does on the Web and what somebody does on the Web says a lo t about them,"
    said Evan Hendricks, editor of "Privacy Times," published in Washington
    D.C. 
    
    One big danger, Hendricks said, was an abuse by spammers, the junk mailers
    of the Internet. 
    
    "A spammer could see where you have gone and they would be able to put
    together in an automated way a list of all your preferences," he said. 
    
    Netscape said it was working on a patch to fix the problem and, in the
    meantime, advised people using its browser software to go to the menu bar
    and clear the cache, which would delete the electronic record of sites
    visited. 
    
    Although this particular problem was not found in Microsoft Corp.'s
    browsing software, in recent months ot her security holes have been found
    in a number of popular email programs, including those made by Microsoft
    an d Qualcomm Inc. 
    
    All companies have promptly come out with fixes.  They have also been
    quick to point out that none of the p roblems were discovered by actual
    hackers looking to break into a system, but rather by the "good guys", who
    r outinely peruse software code looking for potential security lapses to
    avert any kind of security crisis. 
    
    "We certainly take all security and privacy issues very, very seriously,"
    said Eric Byunn, a Netscape prod uct manager. He added that this latest
    security lapse was, "not the sort of bug you would just stumble upon ra
    ndomly." 
    
    Still, many security experts were not so easily comforted. 
    
    Although millions of people around the world routinely use the Internet to
    purchase goods and enter person al information in the process, many others
    continue to avoid Internet transactions precisely because of securi ty
    concerns. 
    
    "This latest problem shows that much more private information could get
    out than a lot of people would wan t to see get out," said Richard Smith,
    President of Phar Lap Software Inc. in Cambridge, Mass. 
    
    Smith, who recently discovered another hole in email programs, says as
    more and more features are added to the Internet, more and more holes are
    being left open. 
    
    Added, Hendricks of Privacy Times: "There is so much information held
    about so many people by so many diff erent companies, which is why I think
    we are heading for some kind of privacy disaster." 
    
    --------------BAB129A8846F0745340485A1--
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:19 PDT