Roanoke Times
Copyright (c) 1995, Landmark Communications, Inc.
DATE: TUESDAY, September 19, 1995 TAG: 9509190064
SECTION: BUSINESS PAGE: B-6 EDITION: METRO
SOURCE: The New York Times
DATELINE: SAN FRANCISCO LENGTH: Medium
The flaw, which could enable a knowledgeable criminal to use a computer to break Netscape's security coding system, means that no one using the software can be certain of protecting credit card numbers or other types of information that Netscape is supposed to keep private during online transactions.
The weakness was identified by two first-year graduate students in computer science at the University of California at Berkeley.
Although Netscape Communications Corp. said Monday the flaw could be fixed and new software would be distributed as early as next week, Internet experts said the discovery underscored the danger of assuming that any computer security system was safe.
``There needs to be much more public auditability in the way these financial security systems are designed and implemented,'' said Eric Hughes, president of Open Financial Networks, which is developing Internet commerce systems.
Netscape software is used by an estimated eight million people to navigate the World Wide Web portion of the Internet, where thousands of companies offer text, images, video and audio information.
Because Netscape is easy to use and has been promoted as a secure way of dealing with personal and financial information, it has been seen as the emerging de facto standard for online commerce.
Although Internet experts agreed with the company's assessment that the flaw could be fixed and that it posed no risk to people who use the World Wide Web only to retrieve nonsensitive data, the security problem's disclosure may represent a public relations setback for Netscape Communications and an inconvenience to millions of people who may believe they need to replace the version of Netscape installed on their computers.
by CNB