-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= AL-95.03 AUSCERT Alert September 22, 1995 Encryption Vulnerability in Netscape Products - ----------------------------------------------------------------------------- AUSCERT has received advice that messages encrypted and sent by Netscape Navigator may potentially be decrypted in an unauthorised manner in a moderate amount of time, using moderate computing power. This has been confirmed by Netscape. Netscape is planning to release patched export (40-bit) versions of Netscape Navigator 1.1 for Mac OS and Unix, Netscape Navigator 1.2 for Windows 3.1 and Windows 95 and Netscape Commerce Server next week. These will be available from the Netscape home page: http://home.netscape.com Netscape claim that the vulnerability does not affect the strength or security of SSL or RC4. For more information, see: http://home.netscape.com/newsref/std/random_seed_security.html - ----------------------------------------------------------------------------- If you believe that your system has been compromised, contact AUSCERT or your representative in FIRST (Forum of Incident Response and Security Teams). AUSCERT is the Australian Computer Emergency Response Team. It is located at The University of Queensland within the Prentice Centre. AUSCERT is a full member of the Forum of Incident Response and Security Teams (FIRST). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 4477 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AUSCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Finger pgp@ftp.auscert.org.au to retrieve AUSCERT's public key iQCVAwUBMI1flih9+71yA2DNAQHWdQP/e33n1ZRx5kcr8Yp+MK9eAIvnifPHGGdO B+vOgw1sNJf/jMc50AI7xCOt5FvM9QKZgxsQe1d8UqX52+kvtr3rBpACsg52zbjr IS2oP/MBxKsPFKHL6dxAKBr3Z2a+iGUdVcNqN4vTJNpMmwh9Rjyg3+UPDcrPIiNr 9Sjuje/J654= =17m0 -----END PGP SIGNATURE-----