Security Flaw Discovered in Netscape Mail

A software company Wednesday came across a flaw in the popular Netscape Mail utility that may compromise
users’ passwords.

Reliable Software Technologies said it
discovered a way to decipher encrypted passwords by duplicating the
algorithm used to scramble them. In some versions of Netscape, the company
said that the scrambled passwords can be retrieved remotely using
JavaScript, making it easy for scammers to attack.

According to a study by Zona
Research, as of November, Netscape owns 36 percent of the entire Web
browser market, and a number of those users also use Netscape Mail. Netscape
is a division of America Online (AOL).

RST said it worries that most users keep one password for a variety of
secure functions and if hackers get hold of a mail password, chances are
that they can crack other, more malicious programs.

“Having access to a Netscape mail password could potentially lead to
malicious use of an individual’s mail and allow further access to protected
business-critical information systems where the same password is used,” the
firm said in a statement.

Netscape acknowledged the flaw, but said in published reports that it
considers the flaw to be a machine issue more than a Netscape problem. The
company could not be reached for further comment.

Security is a hot issue with e-mail programs now that the applications are a
daily part of most computer users’ lives. Most recently, approximately 50
million Hotmail accounts were exposed this fall by a group of hackers who
set up a Web site that could log in to any Hotmail account
without requiring a password. The company followed up by hiring a
third-party auditor to assure the program’s security.