[2842] in WWW Security List Archive
(Fwd) Alleged security problems with French MSIE V2.0
daemon@ATHENA.MIT.EDU (Peter Trei)
Thu Aug 29 11:51:52 1996
From: "Peter Trei" <trei@process.com>
To: www-security@ns2.rutgers.edu
Date: Thu, 29 Aug 1996 09:30:58 -6
Reply-to: trei@process.com
Errors-To: owner-www-security@ns2.rutgers.edu
I have not had the opportunity to try this out myself. If it exists at all,
it may affect only the French version (crypto products for France
are often 'special' versions, due to French government restrictions).
Peter Trei
trei@process.com
Disclaimer: I am not representing my employer.
------- Forwarded Message Follows -------
Date: Thu, 29 Aug 96 09:07:43
From: SMTP%"johnhemming@mkn.co.uk" ""John Hemming - CEO MarketNet""
Subject: Hmmm MSIE V2.0
To: cypherpunks@toad.com
Cc:
It seems to be that MSIE V2.0 transmits its data in the clear once it has
transmitted the client hello and received the server hello SSL records
in some limited circumstance or other.
I don't know how widely this bug exists. Neither do I know which versions
other than the French one has it. However, if you point your version
of MSIE at
https://beta.mkn.co.uk/help/system/msie
and it indicates that the client has encryption problems.
Then you have that problem as well. I would watch this one.
Anyone feeling like tracing the packets will find it easier to crack than
2 bit SSL. (let alone 40 bit or 128 bit).
Any thoughts?
Peter Trei
Senior Software Engineer
Purveyor Development Team
Process Software Corporation
http://www.process.com
trei@process.com
