To all **OT**
Posted at 8:52 p.m. PST Tuesday, December 28, 1999
Millions must upgrade browser
But don't blame Y2K: 'Digital certificates' set to expire
Dec. 31
BY DEBORAH KONG
Mercury News Staff Writer
Millions of people using older versions of Netscape and Microsoft
Web browsers may not be able to access some personal finance and
e-commerce sites starting Jan. 1.
It won't be due to the dreaded Y2K bug. Instead, it's because electronic credentials embedded in
browsers are set to expire on Dec. 31 at midnight.
These ''digital certificates'' are built into individual browsers and issued by Mountain View-based
VeriSign to about 150,000 commerce and finance sites. They're used to ensure secure transactions
by verifying that both the site and user are who they say they are.
The expiration of certificates could affect users of Netscape browser versions 4.05 and earlier, and
Macintosh users who downloaded Microsoft's Internet Explorer 4.5 and Outlook Express 5 before
Dec. 21. To fix the problem, users need to download the latest versions of Netscape or Internet
Explorer.
About 5 million to 10 million Netscape users will be affected, said Chris Saito, Netscape's senior
director of product marketing. About 2.1 million Macintosh users who have Microsoft's Internet
Explorer 4.5 will also be affected.
When those users visit any one of the 150,000 sites, they will receive a warning to upgrade their
browser or be blocked from accessing the site until they upgrade their browser.
Microsoft, which is scrambling to notify users, said it won't be able to guarantee that transactions
conducted using the older browsers will be secure.
Beginning Jan. 1, Macintosh users with the older Internet Explorer browsers who try to access sites
that use VeriSign's certificates will receive a message that says '' 'Unable to establish a secure
connection . . . The information you view and send will be readable to others while in transit, and it
may not go to the intended party. Continue loading this page?'
''We're trying very hard to get the word out there. We've been working on it as fast as possible,''
said Irving Kwong, product manager for Microsoft's Macintosh business unit. ''This is a gray area.
We don't want to come out and say people are totally secure because we can't guarantee it.''
Microsoft discovered the problem about three weeks ago when it was doing Y2K testing, Kwong
said.
For its part, Netscape is also urging users to upgrade their browsers, Saito of Netscape said.
George Wedding of Elk Grove encountered the problem last week when he tried to visit the Bank of
America site to pay some bills. Wedding, a Macintosh user with an older version of the Internet
Explorer browser, said he was routed to another Web page that told him he had to upgrade his
browser.
''With all the advance notice that has been coming about Y2K, to see banking customers kind of
ambushed by a problem like this at the last minute . . . I thought it was unusual and not very
courteous of the bank to do that to its customers,'' he said.
Bank of America spokesman Richard Beebe said the bank has been encouraging customers to
upgrade browsers for several months.
Wells Fargo began notifying customers with the older browsers in October via e-mail. Most have
upgraded their browsers, but those who have not will not be allowed to do any online banking until
they do so, a spokeswoman said.
Other sites are posting reminders. At Charles Schwab, users with the older browsers have been
receiving a pop-up window that tells them they need to upgrade their browser since October. About
10 percent of the company's online customers will be affected, said spokesman John Sommerfield.
Ben Golub, VeriSign's director of Internet marketing and sales, said the Dec. 31 expiration date was
chosen about five years ago because at the time browsers couldn't accept dates beyond 1999.
''In retrospect, maybe we should have chosen December 15,'' he said. ''It's just an unfortunate
timing kind of thing.''
mercurycenter.com
steve |
