ZDNet bericht vandaag over een mogelijk gevaarlijke security bug in Netscape Mail. Twee engineers van Reliable Software Technologies hebben namelijk uitgevogeld dat het vrij eenvoudig is om passwords te 'ontcijferen'. Hier vind je het hele bericht.
A software-security firm warned that its researchers have found a potentially serious security flaw in the e-mail system used by Netscape's Web browser.
Reliable Software Technologies, a Sterling, Va., software-security company, said Tuesday that two RST engineers needed just eight hours to duplicate the mathematical algorithm Netscape Mail uses to scramble users' passwords. The company said the problem affects all current versions of Netscape.
Gary McGraw, vice president for corporate technology at RST, said the Netscape algorithm was "not an obvious sitting duck -- [the password] appears to be scrambled up in a good way, but it's not cryptographically strong." That would allow a determined hacker to reverse-engineer the algorithm and figure out the password.
According to RST, the engineers who found the security hole came upon it inadvertently. They were writing a program "to look for badly protected key material, like passwords," says Dr. McGraw, adding that to test the program's validity, they ran it against Netscape's e-mail system because it's a highly popular software system that millions of people use.