Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Software.com, Inc. (SWCM) -- Ignore unavailable to you. Want to Upgrade?

To: Rupert who wrote (68)	9/21/1999 9:15:00 AM
From: Scarecrow	Read Replies (1) \| Respond to of 142

Critical Path looks like they've run into a major problem. From Today's Boston Globe: Breach found in e-mail system 4 million use free services found to have security flaw By Hiawatha Bray, Globe Staff, 09/21/99 As many as 4 million users of free electronic mail systems may have been vulnerable to a gaping security hole that would let anybody on the Internet read their mail. The incident is the latest example of the risks involved in using free e-mail systems for private communications. The problem affected free e-mail service on a number of major Web sites including the ETrade on-line investment service and Network Solutions Inc., the biggest provider of Internet addresses. There was no evidence that anyone maliciously tampered with mail at these sites. The e-mail system at ETrade is separate from that site's financial trading computers. In fact, the mail system is run by Critical Path Inc. of San Francisco, which sells e-mail service to other firms. Companies like ETrade and Network Solutions offer Critical Path e-mail as a free service to customers. Network Solutions began offering free e-mail accounts last week, and it was apparently some of these users who discovered the problem. They found that by typing a certain address into a Web browser and entering the name of a free e-mail user, they would be registered as a 'new user' of the system, but with full access to the original user's mailbox. They could read the user's mail, or send out phony messages that would appear to come from the actual owner of the mailbox. Word of the problem was posted on the Internet's Hacker News Network, and on a Web page run by 2600, a hacker magazine. The 2600 page described how to duplicate the bug. Soon the mailbox for Network Solutions' own Web master was flooded with insulting messages, mocking the lack of security at a site run by the company that manages the '.com' Internet addresses used by most of the world's major Web sites. But Network Solutions wasn't to blame. Marcy Swenson, vice president of engineering for Critical Path, conceded that the bug resided on her firm's system and that it probably affected other sites using Critical Path e-mail. Overall, Swenson said, about 4 million Internet users have free e-mail accounts running on the Critical Path system. Swenson said Critical Path had shut down its system for allowing the registration of new users, and expected to have the bug tracked down and fixed by today. Weld Pond, a security consultant with L0pht Heavy Industries Inc., a Boston computer security firm, said systems such as Critical Path's are rarely secure. 'These free, Web-based e-mail systems are just riddled with security problems,' said Pond. Free e-mail providers are available to anyone who has access to the Internet, while e-mail accounts obtained through paid service providers such as America Online carry less risk of security breaches because of internal monitoring and smaller subscriber bases. Last month, Microsoft Corp.'s Hotmail, which with 40 million users is the world's largest free e-mail system, was beset by a similar flaw that let anybody sneak into mailboxes belonging to others. This story ran on page C1 of the Boston Globe on 09/21/99.