RealTime IT News

Security Flaw Discovered in Netscape Mail

A software company Wednesday came across a flaw in the popular Netscape Mail utility that may compromise users' passwords.

Reliable Software Technologies said it discovered a way to decipher encrypted passwords by duplicating the algorithm used to scramble them. In some versions of Netscape, the company said that the scrambled passwords can be retrieved remotely using JavaScript, making it easy for scammers to attack.

According to a study by Zona Research, as of November, Netscape owns 36 percent of the entire Web browser market, and a number of those users also use Netscape Mail. Netscape is a division of America Online (AOL).

RST said it worries that most users keep one password for a variety of secure functions and if hackers get hold of a mail password, chances are that they can crack other, more malicious programs.

"Having access to a Netscape mail password could potentially lead to malicious use of an individual's mail and allow further access to protected business-critical information systems where the same password is used," the firm said in a statement.

Netscape acknowledged the flaw, but said in published reports that it considers the flaw to be a machine issue more than a Netscape problem. The company could not be reached for further comment.

Security is a hot issue with e-mail programs now that the applications are a daily part of most computer users' lives. Most recently, approximately 50 million Hotmail accounts were exposed this fall by a group of hackers who set up a Web site that could log in to any Hotmail account without requiring a password. The company followed up by hiring a third-party auditor to assure the program's security.