Forwarded From: David Day <dday@time0.com>
http://my.excite.com/news/r/980929/10/tech-email
Latest Email Security Flaw Raises New Concerns
By Andrea Orr
PALO ALTO, Calif. (Reuters) - A new hole has been discovered in the
security a popular Internet browser program, once again calling into
question the confidentiality of information exchanged over the Internet.
The problem, found in Netscape Communications Corp.'s Internet browser,
was the latest in a series of holes in email and Internet browsing
software that have surfaced over the summer. Although most of the problems
discovered so far have been quickly corrected, some experts say they fear
that, collectively, they may be pointing to a major security crisis in
cyberspace. The latest security flaw involves the so-called caching
feature on several versions of Netscape's browser. This feature captures
information to provide a record of sites visited, a sort of trail of one's
travels around cyberspace.
Dan Brumlee, a 20-year-old independent computer consultant in Sunnyvale,
Calif., discovered he could write a program that would allow him to access
this information from another computer. His finding led to online di
scussions into the matter over the weekend and was the subject of a New
York Times article on Monday. It was not immediately clear how much
private information might be gleaned from this technique. The common
example cited was employers exploiting the hole to see if their employees
were visiting porn sites. Other sec urity experts warned the potential
abuses went much further. "It gives you a real shortcut to what somebody
does on the Web and what somebody does on the Web says a lo t about them,"
said Evan Hendricks, editor of "Privacy Times," published in Washington
D.C.
One big danger, Hendricks said, was an abuse by spammers, the junk mailers
of the Internet.
"A spammer could see where you have gone and they would be able to put
together in an automated way a list of all your preferences," he said.
Netscape said it was working on a patch to fix the problem and, in the
meantime, advised people using its browser software to go to the menu bar
and clear the cache, which would delete the electronic record of sites
visited.
Although this particular problem was not found in Microsoft Corp.'s
browsing software, in recent months ot her security holes have been found
in a number of popular email programs, including those made by Microsoft
an d Qualcomm Inc.
All companies have promptly come out with fixes. They have also been
quick to point out that none of the p roblems were discovered by actual
hackers looking to break into a system, but rather by the "good guys", who
r outinely peruse software code looking for potential security lapses to
avert any kind of security crisis.
"We certainly take all security and privacy issues very, very seriously,"
said Eric Byunn, a Netscape prod uct manager. He added that this latest
security lapse was, "not the sort of bug you would just stumble upon ra
ndomly."
Still, many security experts were not so easily comforted.
Although millions of people around the world routinely use the Internet to
purchase goods and enter person al information in the process, many others
continue to avoid Internet transactions precisely because of securi ty
concerns.
"This latest problem shows that much more private information could get
out than a lot of people would wan t to see get out," said Richard Smith,
President of Phar Lap Software Inc. in Cambridge, Mass.
Smith, who recently discovered another hole in email programs, says as
more and more features are added to the Internet, more and more holes are
being left open.
Added, Hendricks of Privacy Times: "There is so much information held
about so many people by so many diff erent companies, which is why I think
we are heading for some kind of privacy disaster."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Oct 6 09:11:37 1998