Mark J Cox | Home automation | Open Source Software | Security | Metrics

Red Hat Completes C2Net Acquisition for Approximately $42.7 Million

Wed, 13 Sep 2000 00:00:00 GMT

Red Hat, Inc., the leader in open source Internet infrastructure solutions, completed the acquisition of privately-held C2Net Software, Inc., the developer of the popular Apache-based Stronghold® secure web server. C2Net's Stronghold, which is available for many operating system platforms, is the most popular commercial SSL Web server on the Internet with more than 30 percent of the secure web server market.

The transaction was valued at approximately $42.7 million based on an average closing price of Red Hat's common shares for a seven-day period ended August 16, 2000. Under the terms of the transaction, Red Hat issued 1,992,877 shares of Red Hat common stock in exchange for all of the outstanding securities of Oakland, California-based C2Net. The acquisition has been accounted for as a purchase.

Red Hat continues to broaden its product offerings to provide a single source of complete Internet infrastructure solutions for its enterprise customers. C2Net is the fifth major acquisition for Red Hat in 2000 following the acquisition of: (1) WireSpeed, a leading developer of network and telecommunications software that helps connect a new generation of post-PC and embedded devices to the Internet and secure Web servers like Stronghold; (2) Bluecurve, whose performance management solutions allow organizations to simulate and measure user activity and demands placed on the Internet infrastructure and applications; (3) Hell's Kitchen Systems, Inc. (HKS), a provider of e-commerce payment processing software critical for any company trying to conduct business on the Web; and, (4) Cygnus Solutions, a top provider of a wide variety of software, tools, services and developer support for servers, real-time operating systems (RTOS) and embedded, post-PC platforms.

Open Source Momentum

International Data Corp. (IDC) research states that paid Linux shipments grew faster than any other server operating system over the past two years, and their preliminary figures for 1999 show Linux shipments hold 24.6 percent of the server operating system market, up from 15.8 in 1998. IDC also states that Red Hat holds 50.2 percent of Linux vendor market share and that Red Hat Linux is by far the most popular distribution, preferred by 68.7 percent of U.S. Linux users.

Research firm Netcraft, Inc. (www.netcraft.com), states that as of May 2000, 36 percent of all public Web sites run on Linux-based operating systems, making Linux the most popular choice for deploying public Web sites. IDC research shows 40 percent of all spending on Linux servers is for Internet related applications, firmly entrenching Linux servers in the Internet infrastructure.

Finally, IDC predicts that by 2002, there will be more than 55 million handheld and notebook-style information appliance devices and that by 2005, shipments of these appliances will exceed shipments of PCs.

Red Hat's numerous alliances with industry leaders and the demand for Linux-based applications has created open source support from many of the industry's leading software and hardware manufacturers, including Dell, Compaq, Computer Associates, Hewlett-Packard, IBM, Intel, Netscape, Novell, Oracle and SAP.

About C2Net

C2Net is the global provider of Stronghold secure web server software. Stronghold is available for more than 30 platforms, including several versions of Linux and most other common UNIX platforms.

As the first commercial server to support SSL and make its source code available to the development community, C2Net's Stronghold server has been leading the creation and adoption of security standards and protocols in Web-based computing for years. Stronghold was the first SSL Web server to support: 128-bit encryption, HTTP/1.1, SSL client certificates and hardware crypto acceleration. Stronghold 3, the latest version of C2Net's solution, includes administration tools for easy installation, powerful server-side scripting and unlimited virtual hosting on one license.

C2Net's customers include a blue-chip roster of leading Internet e-commerce businesses including Amazon.com, Ameritrade, EarthLink/Mindspring/Netcom, IBM, Lucent Technologies, Morgan Stanley Dean Witter Online, Network Solutions, USA.net, US Department of Energy, US Federal Courts and Verio, Inc.

C2Net was founded in 1994 and has offices in Oakland, California and Newbury, England. The Company's revenues increased 46 percent in 1999 to $3.25 million. Additional information and free evaluation copies of Stronghold are available at http://www.c2.net/

About Red Hat, Inc.

Founded in 1994, Red Hat is the leading provider of open source Internet infrastructure solutions, ranging from small, embedded devices to high availability clusters and Web serving. Red Hat applies its technological leadership to create open source solutions for Internet infrastructure and post-PC environments, offers services backed by the best understanding of open source and the most comprehensive resources, delivers the brand of a widely trusted open source leader and corporate partner, and persists in an indelible commitment to the virtues of open source to lead a revolution in the computing industry.

Red Hat, Inc. is based in Research Triangle Park, N.C. and has offices worldwide. Red Hat Europe was established in July 1999 with its European headquarters based in Surrey, United Kingdom and offices throughout Europe.

Visit Red Hat on the Web at www.redhat.com. For investor inquiries, contact Lippert/Heilshorn at (212) 838-3777.

LINUX is a trademark of Linus Torvalds. RED HAT is a registered trademark of Red Hat, Inc. C2Net and Stronghold are registered trademarks of C2Net Software, Inc. All other names and trademarks are the property of their respective owners.

FORWARD-LOOKING STATEMENTS

Forward-looking statements in this press release are made pursuant to the safe harbor provisions of Section 21E of the Securities Exchange Act of 1934. Investors are cautioned that statements in this press release that are not strictly historical statements, including, without limitation, management's plans and objectives for future operations and management's assessment of market factors, constitute forward-looking statements which involve risks and uncertainties. These risks and uncertainties include, without limitation, product plans and performance, the ability to continue to develop the Linux kernel and other software, reliance upon strategic relationships, Red Hat's dependence upon an open source business model, reliance upon independent third-party Linux developers, management of growth, expansion of Red Hat's business focus and operations, the possibility of undetected software errors, the enforceability of the GNU General Public License and other licenses under which Red Hat's products are developed and licensed, the scarcity of Linux-based applications, the risks of economic downturns generally, and in Red Hat's industry specifically, the risks associated with competition and competitive pricing pressures, the viability of the Internet, and other risks detailed in Red Hat's filings with the Securities and Exchange Commission, copies of which may be accessed through the SEC's Web site at http://www.sec.gov.

Red Hat, Inc. to acquire C2Net, the number one commercial secure web server developer

Mon, 14 Aug 2000 00:00:00 GMT

Broadens Capabilities to Deliver Secure Internet Infrastructure Solutions From Servers to Handhelds; Provides Common Open Source Platform to Communicate Across the Internet

Research Triangle Park, N.C.--AUGUST 14, 2000--Red Hat, Inc. (NASDAQ:RHAT), the leader in open source Internet infrastructure solutions, announced today that it has signed a definitive agreement to purchase privately held C2Net Software, Inc. C2Net Software is the developer of the popular Apache-based Stronghold secure web server. C2Net customers include Amazon.com, Ameritrade, IBM and Morgan Stanley Dean Witter Online.

"Enterprise customers want a single source for complete solutions to build out their Internet infrastructure. With the acquisition of C2Net, Red Hat adds security to our growing capabilities of OS development, tools and e-commerce that delivers unprecedented value to our customers," said Matthew Szulik, president and CEO of Red Hat, Inc. "Powerful, secure solutions like C2Net's Stronghold and the rapid technological advancement of the open source development model, which finds and fixes holes faster than proprietary development, delivers organizations a safe, advanced foundation for e-business initiatives."

Red Hat continues to broaden its product offerings to deliver a complete spectrum of Internet infrastructure solutions--which include powerful and secure Web servers, post-PC devices connected to each other through those servers, and the complete chain of development tools and services needed to rapidly create, deploy and manage Internet infrastructure. Red Hat's solutions leverage open source software to deliver all the necessary tools and services to deploy, manage and scale the Internet with a single open source platform.

Under the terms of the agreement, Red Hat will issue 1,992,883 shares of Red Hat common stock in exchange for all of the outstanding securities of Oakland, California-based C2Net. The transaction will be valued based on an average closing price of Red Hat's common shares for the seven-day period ended August 16,2000. The acquisition will be accounted for as a purchase and is expected to be completed by August 31, 2000, subject to customary closing conditions.

According to the most recent InformationWeek "Global Security" survey, 74 percent of companies suffered downtime due to security breaches or espionage and 71 percent of executives and technology managers rank information security as a high priority for their business. C2Net's Stronghold, which is based on Apache and available for many operating system platforms, is the most popular commercial SSL Web server on the Internet with more than 30 percent of the secure web server market, according to Security Space. Red Hat Linux is the most popular open source operating system (OS) for Web servers and sites, with more than 72 percent of all Web sites running Linux choosing Red Hat according to the latest Netcraft survey (www.netcraft.com). The acquisition combines these market leaders to deliver the secure e-commerce infrastructure solutions that are in tremendous demand in today's organizations.

"Red Hat has a tremendous vision, expertise and market lead as the platform for a new generation of Internet and post-PC solutions. C2Net's Stronghold product is the most popular secure Web server for UNIX systems, and C2Net customers have always enjoyed the benefits of open source development," said William Rowzee, CEO of C2Net. "But there is tremendous synergy between Red Hat and C2Net that extends beyond our enthusiastic support of open source software and its worldwide community of developers. We are very excited to be able to leverage Red Hat's unique spectrum of packaged solutions and services in providing even more comprehensive solutions for our customers."

C2Net is the fifth major acquisition for Red Hat in 2000. In July, it completed the acquisition of WireSpeed, a leading developer of network and telecommunications software that helps connect a new generation of post-PC and embedded devices to the Internet and secure Web servers like Stronghold. In May, Red Hat acquired Bluecurve, whose performance management solutions allow organizations to simulate and measure user activity and demands placed on the Internet infrastructure and applications. And in January, Red Hat acquired both Hell's Kitchen Systems, Inc. (HKS), a provider of e-commerce payment processing software critical for any company trying to conduct business on the Web, and Cygnus Solutions, a top provider of a wide variety of software, tools, services and developer support for servers, real-time operating systems (RTOS) and embedded, post-PC platforms.

Open Source Momentum

About C2Net

C2Net is the global provider of Stronghold secure web server software. Stronghold is available for more than 30 platforms, including several versions of Linux and most other common UNIX platforms.

C2Net's customers include a blue-chip roster of leading Internet e-commerce businesses including Amazon.com, Ameritrade, Earthlink/Mindspring/Netcom, IBM, Lucent Technologies, Morgan Stanley Dean Witter Online, Network Solutions, USA.net, US Department of Energy, US Federal Courts, and Verio, Inc.

About Red Hat, Inc.

Founded in 1994, Red Hat (Nasdaq:RHAT) is the leading provider of open source Internet infrastructure solutions, ranging from small, embedded devices to high availability clusters and Web serving. Red Hat applies its technological leadership to create open source solutions for Internet infrastructure and post-PC environments, offers services backed by the best understanding of open source and the most comprehensive resources, delivers the brand of a widely trusted open source leader and corporate partner, and persists in an indelible commitment to the virtues of open source to lead a revolution in the computing industry.

Visit Red Hat on the Web at www.redhat.com. For investor inquiries, contact Lippert/Heilshorn at (212) 838-3777.

FORWARD-LOOKING STATEMENTS

C2Net Software Inc. announces Stronghold 3

Thu, 01 Jun 2000 00:00:00 GMT

Oakland, California, June 1, 2000 -- C2Net Software Inc. today announced the release of a major new version of its Stronghold� secure web server software. Building on the success of previous releases, Stronghold 3 is the latest generation of C2Net's popular Apache-based SSL web server. The new release combines the technology today's online businesses require along with unrivalled technical support to provide a complete, commercially supported, secure web server solution.

Based on the popular Apache server, Stronghold adds a host of technological, business and support benefits, making it the ideal choice for a wide range of secure web applications. The new Stronghold 3 package is the complete solution both for those implementing their first secure web application, and for those wishing to migrate to a professionally supported version of this popular open-source server. Current users of Stronghold 2 who upgrade will benefit from enhanced performance and features (see below) as well as the latest release of Apache (1.3.12).

"Stronghold has already earned an excellent reputation for product quality and C2Net is renowned for the professionalism of its technical support. Now with Stronghold 3 there are even more reasons to use C2Net's secure version of Apache," said Steve Cook, VP Sales and Marketing of C2Net Software Inc. "The Secure Server Survey from Netcraft has consistently found Stronghold the number one commercial SSL web server for UNIX systems. This new release incorporates the features our customers demand, enabling C2Net to maintain and improve our position as the market leader."

Leading the way, Stronghold has always set global standards for SSL servers. Stronghold can claim many firsts including first support for hardware acceleration, first support for digital certificates (Digital IDs), first HTTP/1.1 support, first TLS v1.0 support, and being the first Apache-based web server to support Global Server IDs (from VeriSign). The new Stronghold 3 includes all of these features plus the latest version of Apache (1.3.12) and the most recent releases of security modules (mod_ssl 2.6.0, OpenSSL 0.9.5), to offer the optimum security package possible.

"I appreciate that Stronghold's SSL/TLS engine is now based on the robust and popular Open Source software we develop in our mod_ssl and OpenSSL projects," said Ralf S. Engelschall, author of mod_ssl and co-founder of OpenSSL. "Especially, because C2Net always closely co-operated with our projects and even made parts of the Stronghold 3 technology freely available to our Open Source community."

Other key features of the Stronghold 3 web server include administration tools for easy configuration and installation, availability for a wide variety of Unix platforms, powerful server side scripting, and unlimited virtual hosting on one license.

Stronghold 3 is available immediately. There is no increase in price over the previous release; Stronghold 3 costs only US$ 995. This fee includes 12 month's software maintenance and technical support, printed technical documentation, and an eBusiness� ID digital server certificate from Equifax Secure, Inc. A free, fully-functional evaluation version can be downloaded from the C2Net web site at http://www.c2.net/

C2Net believes in making the best even better. C2Net's key pledges are to develop first class security products and to provide the best possible technical support. Stronghold 3 is born out of these pledges, making C2Net one of the Internet's top web server technology providers.

C2Net is a global provider of Stronghold secure web server software. C2Net products are developed through its international offshore development programs, allowing the company to offer 128-bit full-strength secure web server solutions to international customers without restrictions. Stronghold is available for more than 40 platforms, including several versions of Linux and most other common UNIX platforms. Additional information and free evaluation copies are available at http://www.c2.net/

C2Net and Stronghold are registered trademarks of C2Net Software, Inc. Rainbow Technologies and CryptoSwift are trademarks of Rainbow Technologies. EBusiness ID is a trademark of Equifax Secure, Inc.

C2Net Europe Ltd. verk�ndete einer neuen Version seiner sicheren Web-Server-Software, Stronghold 3

Newbury, Gro�britannien, den 1. Juni 2000 -- C2Net Europe Ltd. verk�ndete heute die Markteinf�hrung einer neuen Version seiner sicheren Web-Server-Software, Stronghold 3. Aufbauend auf dem Erfolg der vorherigen Versionen stellt diese Version die neueste Generation des popul�ren SSL-Servers von C2Net dar. Sie kombiniert die Technologie, die das heutige Online-Gesch�ft ben�tigt, um sichere 128-bit Web-L�sungen einzusetzen, mit einem ausgezeichneten technischen Kundendienst.

Basierend auf dem popul�ren Apache Server hat C2Net nun technologische, gesch�ftliche und kundendiensttechnische Vorteile hinzugef�gt, um Stronghold zur idealen Wahl f�r sichere Web-L�sungen zu machen. Das neue Stronghold 3-Paket ist die komplette L�sung f�r alle, die einen sicheren Apache Web-Server zum ersten Mal anwenden m�chten; auch ist sie die beste Option f�r Kunden, die auf eine professionell unterst�tzte Version dieses popul�ren Open-Source Servers umsteigen m�chten. Im Vergleich zu Stronghold 2 profitieren die Benutzer von Stronghold 3 von der erh�hten Leistung und den verbesserten Eigenschaften, sowie der neuesten Version von Apache (1.3.12).

"Stronghold hat bereits einen hervorragenden Ruf f�r Produktqualit�t erworben, und C2Net ist f�r den Professionalismus seines technischen Supports bekannt. Mit Stronghold 3 gibt es jetzt sogar noch mehr Gr�nde, C2Net's sichere Version von Apache zu verwenden," sagte Neil Castle, Verkaufs- und Marketingleiter, C2Net Europe Ltd. Die Secure Server Survey (eine Untersuchung von sicheren Servers) von Netcraft hat immer wieder festgestellt, dass Stronghold der kommerzielle SSL-Web-Server Nr. Eins f�r UNIXSYSTEME ist. Unser neues Paket enth�lt die von unseren Kunden geforderten technischen Verbesserungen. Damit k�nnen wir unsere Marktposition behaupten und verst�rken."

Als Vorreiter in seinem Fachgebiet hat Stronghold schon immer globale Standards f�r SSL-Servers gesetzt. Stronghold ist der erste SSL-Server, der Unterst�tzung f�r Hardware-Beschleunigung, Zertifizierung (digitale IDs), HTTP/1.1 und TLS v1.0 geboten hat. Stronghold war auch der erste Apache Server, der Global Server IDs (von VeriSign) unterst�tzt. Vor diesem Hintergrund umfasst Stronghold 3 nun die neueste Version von Apache (1,3,12) und die neuesten Sicherheitsmodule (mod_ssl 2,6,0, OpenSSL 0,9,5), um das optimale Sicherheitspaket anzubieten, sowie Support f�r CryptoSwift Hardware-Accelerators der Firma Rainbow.

"Ich begr��e, da� Stronghold's SSL/TLS Technik nun auf der robusten und beliebten Open Source Software basiert, die wir in unserem mod_ssl und OpenSSL Projekt entwickeln," sagte Ralf S. Engelschall, Autor von mod_ssl und Mitbegr�nder von OpenSSL. "Besonders, da C2Net mit unseren Projekten immer eng zusammenarbeitete und sogar Teile der Stronghold 3 Technologie unserer Open Source Gemeinde frei zur Verf�gung stellte."

Andere Schl�sseleigenschaften des Stronghold 3 Web-Servers schlie�en Verwaltungswerkzeuge f�r eine einfache Konfiguration und Installation, Verf�gbarkeit �ber eine breite Anzahl Unixplattformen, ein leistungsf�higes Server-Side-Scripting (PHP) und ein unbegrenztes virtuelles Hosting mit nur einer Lizenz ein.

Stronghold 3 ist ab sofort auf der C2Net-Website http://www.c2.net verf�gbar. Gegen�ber den vorherigen Versionen wurde der Preis nicht erh�ht - Stronghold 3 kostet nur Euro 1149,00. Dieser Preis umfasst die Lizenz, 12 Monate technischen Support, sowie die technische Dokumentation und die kostenlosen Digital Server Zertifikate. Anwender von Stronghold 2 finden auf der C2Net-Website auch Informationen �ber Upgradeoptionen.

Nach Ansicht von C2Net besteht seine Aufgabe darin, das Beste noch besser zu machen. C2Net verpflichtet sich, Sicherheits-Produkte ersten Ranges zu entwickeln und seinen Kunden die bestm�gliche technische Unterst�tzung anzubieten. Basierend auf dieser Philosophie hat Stronghold 3 C2Net zu einer der f�hrenden Anbieter von Sicherheitstechnik im Internet gemacht.

C2Net Software, Inc. announces record revenues and earnings

Tue, 18 Jan 2000 00:00:00 GMT

OAKLAND, CA January 18, 2000--Increasing demand for Stronghold, the flagship product of leading secure web server software provider C2Net Software, Inc., allowed the company to increase 1999 revenues 46% to $3.25 million. Pretax earnings for the combined U.S. and European operations were $1.25 million, or $0.31 per share on a fully diluted basis.

According to the December 1999 Secure Server Survey published by E-Soft, Inc. (http://www.e-softinc.com/), C2Net's Stronghold is the global market leader with a 34.22% share of the secure web server market. The survey showed that Apache is second in market share with a 31.88% share, and Microsoft is third with a 20.04% share.

C2Net projects that year 2000 revenues should grow an additional 50%. Much of the revenue increase will be generated from new services and support options for Stronghold and new support offerings for the Apache-based web server market. C2Net Europe Limited is the publisher of the highly acclaimed newsletter Apache Week, (http://www.apacheweek.com/).

C2Net joins Equifax Secure program to offer customers low cost, convenient web server security for e-commerce

Mon, 30 Aug 1999 00:00:00 GMT

Referral Rewards Program enables C2Net to provide superior Year 2000 eBusiness ID[tm] Server Certificates

ATLANTA, (30th August 1999) -- Equifax Secure, Inc., a unit of Equifax Inc. (NYSE: EFX), today announced a strategic partnership with C2NET, the leading provider of uncompromised network security software, to offer Equifax Secure server certificates through the newly introduced eBusiness ID Referral Rewards Program.

Equifax Secure eBusiness IDs protect enterprise servers and help expand business capabilities through online commerce applications. Providing a quick, cost-effective security solution, eBusiness ID server certificates give enterprise customers the confidence to transmit credit card numbers and/or other personal information over an open network such as the Internet.

"Server certificates are a critical component of secure Web sites," said Steve Cook, Vice President of Sales and Marketing for C2Net Software, Inc. "We are pleased to be able to offer our Stronghold(R) Secure Web Server customers the benefits and convenience of obtaining Equifax Secure eBusiness ID's through our participation in the eBusiness ID[tm] Referral Rewards program. Equifax has a rock solid reputation in financial services and information technology industries and brings a great deal of creditability to the emerging e-commerce marketplace."

Taking advantage of the highest referral rewards in the industry, C2Net will host a link to the Equifax Secure Web site and receive a paid percentage of revenue for each server certificate sold through the organization's Web site.

"With no cost to join, the added revenue potential and the advanced browser compatibility beyond Year 2000, ISPs and Web integrators can greatly benefit from this unique program while offering top server certificates to customers," said Jeff Johnson, general manager of Equifax Secure. "In addition, the high warranty protection presents the assurance that Equifax Secure will follow highly rigorous business authentication, certificate issuance and management processes."

To obtain a program application, ISPs and Web Integrators may visit http://www.equifaxsecure.com/ebusinessid/c2net or fax a request to Equifax Secure at 770-752-1460. Equifax Secure will provide members with the information necessary to set up the link and co-branded Web site.

C2Net Software, Inc. (http://www.c2.net/) is a leading provider of uncompromised network security software. C2Net products are developed through its international offshore development programs, allowing the company to offer strong cryptography solutions to customers worldwide. The company's Stronghold secure web server is currently the number one full-strength commercial secure web server for Unix platforms worldwide, according to a secure web server survey by Netcraft, Ltd (http://www.netcraft.com/).

Equifax (http://www.equifax.com/), a worldwide leader in shaping global commerce, brings buyers and sellers together through its information management, transaction processing and knowledge-based businesses. Atlanta-based Equifax (NYSE: EFX) serves the financial services, retail, credit card, telecommunications/utilities, transportation, information technology and healthcare industries and government. Equifax adds knowledge, expertise, convenience and security to provide value-added solutions and processes for its customers wherever they do business, including the Internet and other networks. Entering its second century in business, Equifax employs more than 13,000 associates in 18 countries with sales in almost 50 and has more than $1.7 billion in revenue.

C2Net and Verisign deliver 128bit security for global communications and commerce

Thu, 03 Jun 1999 00:00:00 GMT

Approved C2Net Apache Stronghold Server customers worldwide now eligible for VeriSign 128-bit Global Server IDs

Newbury, United Kingdom. June 3, 1999 - C2Net Europe Ltd. and VeriSign, Inc. announced today that the U.S. Department of Commerce has approved the eligibility of Stronghold servers to deliver 128bit encryption when connecting to 40bit export crippled browsers through VeriSign's Global server ID programme. Based on Apache, C2Net's Stronghold is a secure SSL Web server for Unix which allows you to give your web site full-strength, 128-bit encryption. With VeriSign's Global Server IDs, not only U.S.-based companies using Stronghold Servers, but also international banks, financial institutions, healthcare organisations, and insurance companies outside the USA and Canada will now have a wider choice of 128-bit encryption solutions for communication and commerce over open networks.

With this new agreement, the VeriSign root key - which is embedded in all major browsers such as Netscape Navigator and Microsoft Internet Explorer (versions 4.0 and above) - will be able to verify that the Stronghold Server being accessed has been issued a Global Server ID. If the browser sees such an ID, it will initiate a session at a stronger level of encryption - without key escrow. This means that all export standard browsers restricted by U.S. Export Laws to operate at weaker 40bit encryption can use full strength 128-bit security. This makes it much easier, for example, for a company in Europe with operations, suppliers and partners in the USA to use strong encryption for their global communications.

"C2Net is committed to providing our customers with unparalleled security for global communications and commerce," said Neil Castle, Sales and Marketing Manager of C2Net Europe Ltd. "According to Netcraft, Stronghold is the number one UNIX 128bit commercial secure server today. Adding VeriSign's proven expertise in the field of Global Server Certificates to this already popular server choice will further encourage confidence in the Internet for global e-commerce applications." Referring to C2Net's successful relationship with VeriSign, he went on to say "Stronghold was the first Apache based server approved by VeriSign for use with their Secure Server IDs. Continuing our longstanding partnership, we are delighted that Stronghold has been approved as the first and currently the only Apache based server offering Global Server IDs."

"VeriSign is proud to add to the security C2Net Stronghold customers already enjoy through the most advanced encryption legally available from using Global Server IDs," said Richard Yanowitch, Executive Vice President of VeriSign.

Global server IDs are available immediately at http://www.verisign.com/server/index.html as part of VeriSign's Global Site Services, which provide customers with a comprehensive solution for Web site security and quality-of-service management. Global Server IDs start at $895 and include a 10-city site metric, $100K in warranty coverage, 2-day delivery guarantee, and $200 off Web security training.

A copy of "Digital Certificates" and "Linux for Apache" worth $50 is available for Stronghold customers purchasing a Global Site Service before August 1st, 1999. VeriSign Global Server IDs are supported by the latest release of C2Net Stronghold Server, version 2.4.2, with no special software required.

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. C2Net products are developed through its international offshore development programs, allowing the company to offer uncrippled strong cryptography solutions to customers worldwide. The company's Stronghold secure web server is currently the number one full-strength commercial secure web server for Unix platforms worldwide, according to a secure web server survey by Netcraft, Ltd. (http://www.netcraft.com/).

VeriSign, Inc. is the leading provider of Internet trust services and digital certificate solutions needed by Web sites, enterprises, electronic commerce service providers and individuals to conduct trusted and secure electronic commerce and communications over IP networks. VeriSign's Digital Certificate services for Web sites and consumers are available through the Company's Web site at http://www.verisign.com/. The Company's Digital Certificate services for enterprises and electronic commerce service providers are available through regional account representatives, resellers, and VeriSign affiliates worldwide.

C2Net Stronghold Webserver are trademarks of C2Net Software Inc. All rights reserved. VeriSign is a registered trademark exclusively licensed to VeriSign, Inc. Digital ID and Digital ID Center are service marks of VeriSign, Inc. All other trademarks are properties of their respective owners.

C2Net encryption software gets French SCSSI Authorisation

Wed, 21 Apr 1999 00:00:00 GMT

Newbury, UK April 21st 1999. - C2Net's SafePassage Web Proxy today received authorisation for use in France. This means that anyone in France can now legally use the SafePassage product to upgrade the weak encryption provided by their browsers to full-strength 128-bit encryption.

This approval applies specifically to C2Net's SafePassage Web Proxy product. Other 128-bit client side security software, such as web browsers, have not yet received SCSSI approval.

"We're really happy that we obtained approval." said Neil Castle, Sales manager of C2Net Europe. "Now French citizens can conduct their transactions on the Internet knowing they are using strong cryptography."

SafePassage Web Proxy is designed to let export-crippled browsers such as Netscape Navigator and Microsoft Internet Explorer use full 128-bit (or greater) encryption when talking to any secure Web server. It does this transparently by acting as a full-strength, encrypting Web proxy between the browser and the Web.

C2Net is the leading provider of full-strength network security software. Because it develops its products outside of the United States, C2Net is able to offer full-strength 128-bit cryptographic solutions to customers worldwide. The company's Stronghold secure web server is currently the number one full-strength commercial secure web server in the world, according to a secure web server survey by Netcraft, Ltd. http://www.netcraft.com/

For more details of SafePassage see http://www.c2.net/products/spwp/

C2Net's website can be found at http://www.c2.net/

C2Net responds to potential SSL attack

Fri, 26 Jun 1998 00:00:00 GMT

OAKLAND, California, June 25, 1998 -- C2Net Software Inc. today announced the availability of a patch to its award-winning Stronghold Secure Web Server and other server products that will allow its customers to defend themselves against a new potential attack on secure communications that use the SSL protocol. Though this attack has been developed by researchers and has not been seen outside of a research environment, C2Net is responding to the potential vulnerability immediately so as to maintain maximum security within its products.

This patch has been incorporated into the latest version of Stronghold. US and Canadian customers can download the newest build of Stronghold through the C2Net website - http://www.c2.net/products/stronghold/download. International customers of C2Net's products can download this build at http://www.int.c2.net/. Information on other C2Net products will be made available at both sites.

Late last week, RSA Data Security Inc. provided all the major secure web server vendors with information about the vulnerability. According to RSA, cryptographer Daniel Bleichenbacher of the Secure Systems Research Department of Bell Labs, a division of Lucent Technologies, discovered the weakness. Bleichenbacher found that a process of sending approximately a million specially constructed messages to a secure server, and monitoring the target server's response, could potentially discover the session key of an encrypted session. Additional information about the flaw is available on the Bell Labs Web site at http://www.bell-labs.com.

With this information, cryptographers at C2Net have been able to construct a patch that thwarts the potential security weakness. "At C2Net, the uncompromised security of our customers, and their customers in turn, is our number one priority," said Sameer Parekh, President and CEO of C2Net. "We are happy to be working with RSA to ensure that the security that SSL offers is never compromised in any of C2Net's products, and our team has responded with a patch that counters this potential attack."

The vulnerability affects interactive key establishment protocols that use the Public Key Cryptography Standard (PKCS) #1, including SSL. The PKCS series of standards are defined by RSA Laboratories, reviewed by industry and have been adopted by many major vendors of information systems and incorporated in national and international standards. The vulnerability does not apply to PKCS#1-based secure messaging protocols, such as Secure Electronic Transactions (SET) and Secure Multipurpose Internet Mail Extension (S/MIME) either because they are not susceptible to, or already implement mechanisms preventing this potential vulnerability. A technical overview of the attack and recommended countermeasures for installed SSL-based server software are available now on the RSA Labs Web Site at http://www.rsa.com/rsalabs/.

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of full-strength network security software. Because it develops its products outside of the United States without the assistance of Americans, C2Net is able to offer full-strength 128-bit cryptographic solutions to customers worldwide. The company's Stronghold secure web server is currently the number one full-strength secure web server in the world, according to a secure web server survey by Netcraft, Ltd (http://www.netcraft.com/).

C2Net to bundle NetObjects Scriptbuilder with Stronghold Web Server

Mon, 22 Jun 1998 00:00:00 GMT

Oakland, CA (June 22, 1998) - C2Net Software, Inc. and NetObjects, Inc. today announced a co-marketing partnership whereby a copy of NetObjects ScriptBuilder 2.01 would be included with each copy of C2Net's award-winning Stronghold Secure Web Server. This promotion will be in effect from June 30, 1998 to September 30, 1998, and is the first stage in what promises to be a long-term partnership between the two companies to aid each other's marketing efforts.

C2Net's Stronghold Secure Web Server and NetObjects' ScriptBuilder both represent breakthroughs for individuals and companies that want to develop a full-featured online presence. Stronghold is ideally suited to serve the scripts that are built using the NetObjects product, and this promotion underlines the fact that the two products are both essential parts of any serious Web toolkit. "The synergy between Stronghold and ScriptBuilder is obvious," said Steve Cook, VP of Sales and Marketing for C2Net Software, Inc. "NetObjects ScriptBuilder is the ideal editor for site developers who have a wide variety of scripting needs. Stronghold is the best secure server solution for site developers who are serious about having the best secure server product available. This partnership will let new Stronghold customers satisfy two important needs with one purchase."

The arrangement is expected to help both companies enhance their visibility and add value to customers across the board. "We are excited about working with C2Net to offer NetObjects ScriptBuilder to a large number of advanced Web developers who will appreciate the products' open scripting environment," said Morris Taradalsky, NetObjects' executive vice president of products. "NetObjects ScriptBuilder 2.01 provides full support for multiple scripting languages, enabling Web developers to rapidly create client and server side scripts."

Stronghold Secure Web Server is the leading secure web server on the market, according to the most recent Netcraft survey (http://www.netcraft.com/survey/). Stronghold's features include strong 128-bit encryption that can be implemented worldwide despite US government encryption export restrictions, support for more than 20 UNIX platforms as well as Windows NT, and a robust, modular architecture that lets the user customize the product to optimize performance.

C2Net Software, Inc. (http://www.c2.net/) is a leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide.

C2Net Software signs as Silicon Graphics Developer

Mon, 22 Jun 1998 00:00:00 GMT

Oakland, CA (June 22, 1998)--C2Net Software, Inc. today announced it has become an Artisan Plus member of the Silicon Graphics Developer Program. "We endeavor to provide our customers with top-quality support, and working closely with SGI will enable us to better respond to the needs of our customers using the SGI platforms." said C2Net's Vice President of Development, Doug Barnes. "Thanks to the excellent assistance we've already received from SGI, we completed a recent port of our Stronghold secure web server to SGI's newest UNIX operating system, IRIX 6.5, in record time," he added.

C2Net's Stronghold web server is a secure implementation of Apache, the most popular web server on the Internet. Stronghold combines the power and flexibility of Apache with a proven, robust, 128-bit implementation of the Secure Sockets Layer (SSL) protocol used to protect sensitive communications over the Web. According to C2Net president Sameer Parekh, "Stronghold is fully compatible with Apache, which runs over half the domains on the Internet, making it by far the most popular web server in the world. That makes Stronghold the secure server of choice for serious commercial sites like ISP's and ICP's," he said."

"We are very pleased to welcome C2Net as a Development Partner," said Dave Boardman, Internet Market Development and Product Development Manager at SGI. "Many ISP's and other high-demand customers use C2Net's Stronghold web server for secure Web transactions. Our WebFORCE family of scalable, high-performance equipment is designed to meet the needs of those supersite customers, and C2Net's participation in our Developer Program is another way for SGI to provide those customers with the best possible solutions."

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide. The company's Stronghold secure web server is currently the number one full-strength secure web server worldwide, according to a secure web server survey by Netcraft, Ltd (http://www.netcraft.com/).

Silicon Graphics, Inc. (NYSE: SGI) is a leading supplier of visual computing and high-performance systems. The company offers the broadest of products in the industry--from low-end desktop workstations to servers and high-end supercomputers. Key industries include communications, energy, entertainment, government, manufacturing and sciences. Silicon Graphics and its subsidiaries have offices throughout the world and corporate headquarters in Mountain View, California. More information is available at http://www.sgi.com/.

Announcing ApacheCon '98 - the conference dedicated to the Apache Web Server

Mon, 22 Jun 1998 00:00:00 GMT

SAN FRANCISCO, CA (June 22, 1998) - At Web '98 - C2Net Software, Inc., in conjunction with the Apache Project, will host the first-ever ApacheCon - the conference focusing on the users and developers of Apache, the free web server that hosts the majority of domains on the Internet. The conference will be held at the San Francisco Hilton on October 14-16, 1998, and is sponsored in part by IBM. Information about ApacheCon '98 is available online at http://www.apachecon.com.

Apache quickly became the most popular web server on the Internet since it was introduced. A recent survey found that over 53% of the web sites on the Internet are using Apache and its derivatives - thus making it more widely used than all other web servers combined. Apache's success is partially because the Apache server is free of charge, partially because the open source development model generates fast bug fixes and wide implementations, and in large part because Apache is generally acknowledged as the most flexible and powerful Web server software available.

ApacheCon '98 is a celebration of this success, and an opportunity for the Apache community to contemplate the future of the server widely acknowledged as the engine that is driving the Internet's phenomenal growth. With four in-depth tracks teaching Apache skills, techniques, and strategies, ApacheCon '98 is sure to be a hit with Internet professionals around the world.

This success has raised eyebrows all around the software industry. Coded by a team of volunteer programmers from around the world, Apache is an open-source HTTP server for various modern desktop and server operating systems, such as UNIX and Windows NT. The goal of the Apache project is to provide a secure, efficient and extensible server which provides HTTP services in sync with the current HTTP standards.

The Apache Web Server is coming off a year of explosive expansion and headlines in the computer press worldwide. "The Apache Project has changed thinking about software development across the industry," said Steve Cook, Vice President of Sales and Marketing of C2Net Software, Inc. "Open standards are the cutting edge of the computer industry, because they reflect the needs of the market and not any particular agenda."

"It really is a labour of love," said Jim Jagielski, member of the Apache Group. "Every one of us in the Group are committed to making Apache the best it can be. We are all experienced Net citizens and therefore have a real feel for what's needed. We also listen very intently to what is needed and desired by the Net community, so we can implement those features into Apache. And since we don't have the huge inertia of a commercial company to worry about, we can do it quicker and better than anyone else."

"Apache is the ideal platform for building mission-critical web-based applications," said Sameer Parekh, President of C2Net Software, Inc., whose Stronghold Web Server is the most widely used commercial Apache-based server. "We are especially excited about IBM's recent decision to support the Apache Web Server and the demonstration of this commitment to Apache by sponsoring this conference."

C2Net Software will be handling the logistics and execution of this conference, in keeping with its strategy of synergy with the Apache community. C2Net's Stronghold Secure Web Server, a full-strength, 128-bit encrypting SSL web server, is partially built using code from the Apache server; as a result, the growth of Apache as a web solution has been accompanied by the growth of Stronghold as a secure web solution. "We hope that by coordinating this conference, corporate IS and IT managers will see that Apache presents serious, world-class competition to commercial offerings," said Parekh.

C2Net Software, Inc. is a leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide.

The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, feature-rich, and freely-available source code implementation of an HTTP (Web) server known as the Apache Web Server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation.

C2Net names Brian Behlendorf as Vice President of web applications

Mon, 22 Jun 1998 00:00:00 GMT

OAKLAND, CA (June 22, 1998) - Internet security software provider C2Net Software, Inc. has named Brian Behlendorf to the newly created post of VP of Web Applications, effective June 8, 1998.

"We are fortunate to have someone of Brian's considerable talents join C2Net," said Sameer Parekh, President and CEO of C2Net Software, Inc. "As a founding member of the Apache Project, Brian has already played a crucial role in our company's success. C2Net's Stronghold Secure Web Server is built around the Apache Web Server, and we're excited to give Brian the opportunity to focus his talents on furthering this synergy and supporting the explosive growth of both Apache and Stronghold."

Behlendorf joins C2Net from Organic Online, where he was the company's co-founder and Chief Technology Officer. While at Organic, Brian developed the technology roadmap for Organic's engineering department and for Organic's clients including Barnes and Noble, Nike, Kinko's and Levi's. Before that, he was Chief Engineer behind the launch of HotWired, and established Wired's first web site in 1993.

Brian co-founded the Apache Project (http://www.apache.org) in 1995, helping to create the Apache Web Server, the software that powers over half the domains on the Internet. At C2Net, Brian will continue to actively develop the Apache Web Server as well as provide management to the overall development process for both the Apache Project and C2Net. Brian is also active in the IETF, co-founded the VRML Development Forum in 1994, and believes strongly that open standards are best enforced with an "Open Source" approach to software development.

Behlendorf's efforts will be directed towards developing Web server "framework" products as a complement to the current C2 product line. In addition, he will promote and manage relations with the Apache Group, as well as the open source development process. "C2Net has always been one of the leaders in the fields of cryptography and security, and shares my strong faith in the power of open-source software development," said Behlendorf. "I'm very excited to be a part of C2Net during this time of tremendous new opportunity and growth."

C2Net Software Joins as HP Security Technology Partner

Mon, 22 Jun 1998 00:00:00 GMT

Oakland, CA (June 22, 1998)--C2Net Software, Inc. today announced it has entered into an agreement with the Hewlett-Packard Company to integrate C2Net's Stronghold secure web server with the HP VirtualVault, a secure Web run-time environment designed to safely connect enterprise applications and databases to clients on the Internet.

"C2Net is dedicated to providing the highest levels of security for our customers, and we are pleased to be working with HP to make our products available on the VirtualVault, one of the most secure platforms in the world," said C2Net President Sameer Parekh.

C2Net's Stronghold web server is a secure implementation of Apache, the most popular web server on the Internet. Stronghold combines the power and flexibility of Apache with a proven, robust, 128-bit implementation of the Secure Sockets Layer (SSL) protocol used to protect sensitive communications over the Web. "Stronghold is fully compatible with Apache, which runs over half the domains on the Internet, making it by far the most popular web server in the world. The combination of Apache compatibility and C2Net's commercial support and no-compromised approach to security makes Stronghold the preferred front end for anyone creating secure, interactive Web-based solutions," said Parekh.

"VirtualVault goes well beyond a firewall product. It provides security for front-end application programs including Common Gateway Interface (CGI) scripts and a wide range of popular middleware tools, while firewalls only provide network and protocal security," said Jim Leuthauser, Director of HP's Internet & System Security Lab. "Using the VirtualVault together with an intelligent firewall greatly reduces security risks from the Internet."

Hewlett-Packard Company (NYSE: HWP) is a leading global provider of computing, Internet and intranet solutions, services, communications products and measurement solutions, all of which are recognized for excellence in quality and support. HP has 125,300 employees and had revenue of $42.9 billion in its 1997 fiscal year. Information about HP and its products can be found on the World Wide Web at http://www.hp.com/

Stronghold Web Server to power the fastest transaction platform in the world

Mon, 22 Jun 1998 00:00:00 GMT

Oakland, CA (June 22, 1998) -- C2Net Software Inc. today announced it has entered into a development agreement with IBM Corporation under which C2Net will port its popular Stronghold Secure Web Server to IBM's Transaction Processing Facility (TPF) - the fastest transaction platform in the world. C2Net will create a version of Stronghold specifically integrated with IBM's TPF technology, used throughout the world as the heart of high-performance systems that power such tasks as airline reservations and credit card authorizations.

TPF is widely acknowledged as the highest-throughput transaction processing platform in the world. Originally the result of an early 1960's project between IBM and several airlines, the TPF platform today provides unmatched processing speed, seamless scalability, mission-critical availability and other essential transaction functions for airlines, leading financial institutions and other corporations worldwide.

Currently, there is no native web server product for the TPF platform. In order to process TPF-powered transactions through a Web-based interface, separate systems designed to serve Web pages are used between the TPF machine and the website. These separate mainframes and minicomputers collect user input from a website, send that information to the TPF server, and then retrieve the transaction's output and post it back to the user. Therefore, transactions can only be processed as fast as the gateway computers can serve the pages, rather than harnessing the immense speed and power of the TPF server itself.

C2Net's Stronghold Secure Web Server is a commercial version of the Apache web server, incorporating full-strength cryptography to ensure against eavesdropping, tampering, and forgery of electronic documents. The Stronghold secure web server is the preferred solution for Internet and intranet administrators who need to be certain that transactions are handled in the most secure environment possible. C2Net's Stronghold is widely regarded as the most robust, easily configurable secure Web server on the market today.

"We are very excited to join forces with IBM to bring Stronghold's speed, power and security to the TPF platform," said Sameer Parekh, President of C2Net Software, Inc. "Administrators of TPF-powered systems will benefit greatly by having a direct gateway to the Web. We are proud to be providing technology to securely connect these immense systems to the Internet without compromising their best-of-breed performance in any way."

With Stronghold, IBM's customers will be able to serve pages directly to Web users directly from the TPF server. This will mean faster web-based credit card verification, travel reservations, and other common transactions. In addition, Stronghold brings its advanced security technology to each TPF transaction. "Web commerce will never be the same," said Steve Cook, C2Net's Vice President of Sales and Marketing. "Stronghold brings the Web solution, IBM brings the power, and the whole world benefits from a new high-performance platform for electronic transactions over the Internet."

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. The company's Stronghold secure web server is currently the number one full-strength secure web server worldwide, according to a secure web server survey by Netcraft, Ltd (http://www.netcraft.com/).

Stronghold Web Server first to support new Internet Security Protocol

Wed, 22 Apr 1998 00:00:00 GMT

OAKLAND, California, April 22, 1998 -- C2Net Software Inc. today announced the release of version 2.3 of its Stronghold secure web server -- the first-ever commercially available implementation of software supporting the Transport Layer Security (TLS) version 1.0 security protocol.

Recently approved by the Internet Engineering Task Force (IETF), the TLS protocol is designed to replace the Secure Sockets Layer (SSL) protocol in wide use on the Internet today. Both systems use "public" and "private" keys for securing information exchanges between web browsers and web servers. The SSL protocol, however, requires using a proprietary patented cryptographic algorithm; the new TLS protocol also supports non-proprietary ciphers, freeing developers from patent licensing issues.

"We were the first commercial vendor to support HTTP/1.1, and we are now the first to support TLS/1.0," said Sameer Parekh, President of C2Net Software, Inc. "Standards are important, because they let users put together the best products and avoid being locked into expensive, proprietary solutions. C2Net knows that open standards are the key to maintaining quality and interoperability of security systems."

C2Net's Stronghold product is a commercial version of the Apache web server incorporating full-strength 128-bit cryptography to ensure against eavesdropping, tampering, and forgery of electronic documents. The Stronghold secure web server is the preferred solution for Internet and intranet administrators who need to be certain that transactions are handled in the most secure environment possible.

In January, C2Net Software made available an online TLS test server and freely downloadable TLS client software so that other developers could test for interoperability. "What use is a standard that nobody adopts?" remarked Parekh. "TLS is an important standard for the Internet community, and C2Net is working hard to encourage its widespread use." The TLS test site is located at http://tls.c2.net/.

When devising the TLS protocol, the IETF sought to recreate the strength and ease-of-implementation of the SSL standard developed years ago by Netscape Communications Corporation, without the use of any proprietary elements whatsoever. TLS has been well received in cryptographic circles as an open, standards-based solution for security and privacy needs in electronic transactions. Pointing to this success, industry experts have predicted that TLS will quickly replace SSL as the primary protocol used to encrypt real-time communication over the Internet.

C2Net Software announces first TLS implementation

Mon, 12 Jan 1998 00:00:00 GMT

RSA Data Security Conference, SAN FRANCISCO, CA, January 12, 1998 -- C2Net Software today announced the first implementation of the Transport Layer Security (TLS) version 1.0 protocol, the new, standards-based replacement for the popular SSL protocol that provides communications privacy over the World Wide Web.

"We were the first commercial vendor to support HTTP/1.1, and we now are the first to support TLS/1.0," said Sameer Parekh, President of C2Net Software, Inc. "Many companies merely talk about standards compliance. We deliver."

The specification for the TLS protocol was developed under the auspices of the Internet Engineering Task Force (IETF) to allow client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. TLS is the open, standards-based replacement for the Secure Sockets Layer (SSL) protocol developed by Netscape Communications Corporation. Industry experts expect TLS to quickly replace SSL as the primary protocol used to encrypt real-time communication over the Internet.

C2Net has set up a Stronghold server at the company's offshore research facility so that other vendors developing products supporting the TLS standard may test for interoperability. This test server is available at http://tls.c2.net/.

A developer-release of SafePassage Web Proxy that supports TLS is available at http://www.eu.c2.net/tls-eval. This will enable all major web browsers to communicate with servers that implement the TLS standard.

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide. Its Stronghold Web Server is currently the number one full-strength web server worldwide, according to a survey by Netcraft, Ltd.

C2Net Software announces Stronghold Crypto Engine

Mon, 12 Jan 1998 00:00:00 GMT

RSA Data Security Conference, SAN FRANCISCO, CA, January 12, 1998 -- C2Net Software today announced the Stronghold Crypto Engine for Microsoft Windows NT. The Stronghold Crypto Engine replaces the cryptography system of the Microsoft Internet Information Server with the same robust, high-performance, high-security cryptography engine used in C2Net's world-popular Stronghold product, the most popular secure web server on the Internet.

The introduction of the Stronghold Crypto Engine makes it possible for non-US web sites running Microsoft's Internet Information Server to operate using the same high-security, full-strength encryption technology used in C2Net's Stronghold secure web server. In the past, such sites were limited to using weak, "export grade" cryptography which has been proven insufficient to resist even attacks by bored college students.

"Many website administrators run Microsoft IIS for reasons which make it impractical for them to use our Stronghold secure web server instead," said Sameer Parekh, President of C2Net Software, Inc. "I am glad we can now provide those customers with the high-security, performance, and flexibility of our advanced web server encryption technology."

Because C2Net develops its products outside the United States, the company's strong cryptography solutions can be sold legally to customers worldwide. For example, the Stronghold Crypto Engine along with other C2Net products are currently being used in the "maxi multimedia network," a pioneering project providing citizens of Victoria, Australia with secure online access for conducting government-related transactions such as vehicle registration, bill payments, changes of address, and so on.

The Stronghold Crypto Engine also supports hardware encryption acceleration from a number of vendors, including nCipher and Rainbow Technologies. Customers with high-volume secure transaction requirements can use the Stronghold Crypto Engine to run these hardware acceleration products with Microsoft IIS, increasing secure transaction throughput.

"Using nFast together with the Stronghold Crypto Engine is an ideal marriage of complimentary encryption technology and gives customers throughout the world a strong cryptography environment for conducting secure business on the Internet," said nCipher's president, Alex van Someren.

Stronghold Crypto Engine is available from the C2Net web site for evaluation downloads at http://www.c2.net/products/stronghold-ce/.

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide. Its Stronghold web server is the number one secure web server in the world, according to a recent survey by Netcraft, Ltd.

C2Net announces Stronghold Crypto Engine compatibility with nCipher accelerator

Mon, 12 Jan 1998 00:00:00 GMT

RSA Data Security Conference, SAN FRANCISCO, CA, January 12, 1998 -- C2Net Software, Inc. today announced compatibility of its Stronghold Crypto Engine with the nFast range of encryption accelerators from nCipher, Ltd. of Cambridge, England. With this announcement, customers worldwide using the Microsoft Internet Information Server web server (Microsoft IIS) are guaranteed fast, full-strength, 128-bit data encryption protection for their online communications. C2Net previously announced nFast support with its Stronghold secure web server in July, 1997.

"C2Net was the first company to offer support for the nFast encryption accelerator with its Stronghold server," said Mark Cox, managing director of C2Net Europe. "nFast support with the Stronghold Crypto Engine is a natural extension of that relationship, and extends the range of web security solutions and increased server performance we can offer for customers worldwide."

"nCipher's nFast cryptographic accelerators enhance e-commerce and online transactions by speeding up the processing of crypto keys," said Alex van Someren, President of nCipher. "Using nFast together with the Stronghold Crypto Engine is an ideal marriage of complimentary encryption technology and gives customers throughout the world a strong cryptography environment for conducting secure business on the Internet."

nFast accelerators off-load the processing burden of encryption key processing to a dedicated co-processor, which is able to handle up to 300 1024-bit key public signings per second. The accelerators provide an inexpensive, fast and platform-independent hardware solution that removes the burden of heavy computation from the host CPU without any alteration to the application software. Because the nFast accelerators simply plug into the SCSI port, they are easily scalable and can be used together to handle over 2000 key signings per second.

C2Net's Stronghold Crypto Engine

C2Net's Stronghold Crypto Engine (SHCE) replaces the cryptography engine currently used in the Microsoft Internet Information Server (Microsoft IIS). It provides significant server performance improvements and gives customers the ability to support full strength encryption worldwide while still using Microsoft IIS as the underlying web server. SHCE replaces the export-restricted encryption capabilities of Microsoft IIS to ensure that full 128-bit data is used to protect communications end-to-end across the Internet.

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer strong cryptography solutions to customers worldwide. Its Stronghold web server is currently the world's most popular secure web server, according to a survey by Netcraft, Ltd.

nCipher (http://www.ncipher.com/) is an affiliate of Canada's Newbridge Networks Corporation (NYSE: NN), developing cryptography products in applications such as Internet security and electronic commerce. Its nFast line of products was recently named a Hot Product for 1998 by Data Communications magazine.

C2Net Software forms C2Net Europe

Mon, 12 Jan 1998 00:00:00 GMT

RSA Data Security Conference, SAN FRANCISCO, CA, January 12, 1998 -- C2Net Software, Inc. today announced the creation of C2Net Europe, Ltd, a new sales and development subsidiary headquartered in the United Kingdom. C2Net Europe is now in charge of international sales and distribution for C2Net's product line, a role previously performed for the company by UK Web, Ltd.

"I am looking forward to being even more directly involved in the rapid growth of the multinational C2Net organization," said Mark Cox, Managing Director of C2Net Europe, Ltd. Prior to joining C2Net Europe, Mark Cox was Stronghold Product Manager and Technical Director at UK Web. Mark Cox and Paul Sutton, Technical Director for C2Net Europe, are both core member of the Apache Group, the organization which develops and maintains the Apache web server, the most popular web server in the world.

"Restructuring this part of our business as a direct subsidiary enables us to more effectively service the cryptography needs of all our customers, in every country," said Sameer Parekh, President of C2Net Software, Inc. "In cooperation with UK Web, we have hired all UK Web employees who were directly involved with our products, the Apache web server, and the Apache Week newsletter," he added.

"We are happy to see how C2Net has rapidly grown from a very small company to a very significant operation with offices in four countries substantially funded through its retained earnings," said Rob Noble, Finance Director for UK Web.

All existing Stronghold and SafePassage customers who have purchased product from UK Web will now receive sales and support assistance directly from C2Net Europe, Ltd. UK Web continues to act as a principle sales agent for C2Net products outside of the US and Canada.

C2Net Software, Inc. (http://www.c2.net/) is the leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net products are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide. Its Stronghold web server is the most popular secure web server in the world, according to a survey by Netcraft, Ltd.

C2Net Software secures international banking

Mon, 12 Jan 1998 00:00:00 GMT

RSA Data Security Conference, SAN FRANCISCO, CA, January 12, 1998 -- C2Net Software, Inc., today announced the deployment of its cryptography products in three international banking applications in Germany, Italy, and the Australia area. CommerzBank in Germany, Banca Popolare Di Verona in Italy, and Australia and New Zealand Bank Group Pty Ltd all are deploying C2Net products in order to secure their customers' banking transactions.

Customers of these banks are using C2Net's SafePassage Web Proxy in order to securely connect to the Stronghold Web Server or the Stronghold Crypto Engine running on the banks' servers. Using the secure link to their bank, customers can transfer funds, make payments, and check account balances without fear that an economic terrorist or other interloper will be able to rob them.

"As more companies are putting sensitive applications on the Internet, there is a growing awareness of the significant security issues inherent in Internet applications," said Steve Cook, Vice President of Sales & Marketing for C2Net Software, Inc. "Using C2Net products which are developed outside the US, these banks are making it clear to the world that it is possible to deploy secure applications internationally despite US government export restrictions on such technology."

"We have made it clear over the past few years that the US government's absurd cryptography policy has not made it difficult to deploy secure solutions internationally," said Sameer Parekh, President and Founder of C2Net. "There is no reasonable basis to deny people outside the United States access to the same full-strength encryption security enjoyed by their US counterparts. We are pleased to support these banks' efforts to provide such security to their customers," he said.

C2Net's SafePassage Web Proxy product upgrades the security of any SSL-capable web browser, even those which are encryption-crippled as required for export from the US. By acting as a proxy on the user's personal computer, SafePassage Web Proxy, not the web browser itself, makes the actual connection to the remote web server. In this way, users obtain the peace of mind they need for conducting serious business on the Internet.

C2Net's Stronghold secure web server is now the most popular secure web server on the Internet. Based on Apache, the world's most popular non-encrypting web server, Stronghold provides customers with full strength security, high-quality documentation, and world-class technical support, among other improvements.

The new Stronghold Crypto Engine from C2Net replaces the cryptography core of the Microsoft Internet Information Server with the same cryptography engine used in the Stronghold web server. The Stronghold Crypto Engine gives customers the ability to support full strength encryption worldwide while using Microsoft IIS as the underlying web server. Therefore, customers who are limited to running their web sites with Microsoft IIS are now able to have the same strong security and authentication common to all C2Net products.

C2Net Software and Maxi secure Victorian Government Electronic Service Delivery System

Mon, 12 Jan 1998 00:00:00 GMT

RSA Data Security Conference, SAN FRANCISCO, CA, January 12, 1998 -- C2Net Software, Inc. today announced deployment in Australia of its SafePassage Web Proxy and Stronghold Crypto Engine products in an innovative, online access-to-government service called "maxi," developed by maxi multimedia pty ltd, a joint venture between NEC Australia and Aspect Computing.

maxi is an advanced electronic service delivery network allowing secure remote access to Victorian Government services 24 hours a day, seven days a week. Citizens can access about 30 government-related transactions online, ranging from vehicle registration, applications for birth or marriage certificates, obtaining a permit to sell goods, changing address with government departments, paying bills, and so on. They can access the service over the Internet, or by using public multimedia kiosks located throughout the State, or over the telephone via an interactive voice response system.

"maxi is very pleased with the C2Net products," said Neil Yamagishi, General Manager, Marketing for NEC Australia, "We had complex requirements to upgrade export-crippled encryption products and provide a development platform for our own enhancements. maxi has integrated smartcard and server cryptography hardware enhancements, plus Certificate Revocation List handling. The C2Net products have proven robust and well supported and we have licensed C2Net's SafePassage Web Proxy product so that we can provide it to all of our customers as part of our service."

maxi selected C2Net's SafePassage Web Proxy software to upgrade the US export-restricted encryption of web browser programs such as Netscape Navigator or Communicator or Microsoft's Internet Explorer. SafePassage Web Proxy performs authentication using digital certificates to ensure the identity of individuals using the system. The KeyPOST Certification Authority, a division of the Australian postal service, provides the digital certificates used in the maxi system.

Behind the scenes, maxi servers use C2Net's new Stronghold Crypto Engine product to boost the US export-restricted encryption capabilities of the Microsoft Internet Information Sever to ensure that full 128-bit data encryption is used to protect communications end-to-end across the maxi system.

maxi multimedia pty ltd. (http://www/maxi.com.au/) is a leading provider of multimedia electronic service delivery systems. maxi provides its system in Australia and can provide similar services in other counties through technology licensing or joint ventures.

Apache Web Server serves over half the Internet

Mon, 05 Jan 1998 00:00:00 GMT

The Apache Web Server, from the Apache Group (http://www.apache.org/), now serves over half the domains on the Internet, according to the latest Netcraft Web Server Survey (http://www.netcraft.com/). According to the January 1998 survey, the Apache server and its derivatives serve 50.24% of the 1,834,710 sites found by Netcraft.

From its humble beginnings in early 1995 as a set of patches to the original NCSA Web Server, the Apache Web Server has steadily grown in popularity as well as power and capability. The Apache server was one of the first Web servers to implement the HTTP/1.1 protocol, for example. The Apache server has become established as the dominant Web server, far outpacing commercial offerings from the giants Microsoft and Netscape.

The key to the success of the Apache Web server is its dedicated development team. A core group of developers, known as the Apache Group, constantly update, fix, and improve the server in order to create the best server available.

Another key to the Apache server's impressive popularity is that it is freely available via the Internet. Webmasters can quickly and easily download the entire source code for the server to compile it themselves, or they can download various precompiled and "ready to run" versions. Since the source code is freely available, it is easy for webmasters to greatly enhance the Apache Web server's capability, either by adding numerous "modules" which extend the server's functions or by editing the actual server code to suit their needs.

"One of the strengths of the Apache project is that many of the core team and key contributors are themeselves running high profile sites, and so know what is required from first hand experience," said Mike Prettejohn, Director of Netcraft, "in particular, the support for virtual domains, and the server's overall stability and resilience has made Apache the de facto choice for ISPs and hosting companies throughout the world."

"Apache is the ideal platform for building mission-critical web-based applications," said Sameer Parekh, President of C2Net Software, Inc., whose Stronghold Web Server is the most widely used commercial Apache-based server. "Apache confuses most industry analysts because they have forgotten that mission-critical Internet services, from web services to domain name services to electronic mail, have been running on free software since Day One."

The latest version of the Apache Web server is 1.2.4, which runs on most UNIX platforms. The next release of the Apache server, version 1.3, currently in beta test, will run on both UNIX and Microsoft Windows NT.

Netcraft (http://www.netcraft.com/) is an networking consultancy based in Bath, England and is well known worldwide for its Web Server Survey, which is widely considered a primary empirical metric for the number of web sites and the relative popularity of web server software on the internet.

The Apache Group is a group of individuals who are committed to developing the best web server in the world and making it freely available.

Commerce Department Cryptography Regulations struck down

Mon, 25 Aug 1997 00:00:00 GMT

Oakland, CA - In a ruling in favor of free speech and the growth of the Internet, the United States District Court for the Northern District of California handed down an important decision for academic researchers engaged in the science of cryptography.

In her decision, Judge Marilyn Hall Patel ruled that source code, the language in which computer programs are written, is protected speech under the First Amendment, and that the Clinton Administration acted illegally when it implemented regulations which required academics to first obtain a license from the government before discussing their research with other scholars over the Internet.

"These cryptography regulations are more than just unconstitutional," said Sameer Parekh, President of C2Net Software, the leading worldwide provider of cryptography solutions. "They have crippled the growth of the worldwide Internet."

Judge Patel granted a permanent injunction covering the plaintiff, Daniel Bernstein, an Assistant Professor for Mathematics at the University of Illinois. Dr. Bernstein invented a novel encryption program called "Snuffle". The regulations prevented him from publishing his encryption program on the Internet. Patel struck down these regulations, citing the First Amendment.

"It does not appear that the Clinton Administration can learn from their mistakes. Nine months ago, Judge Patel handed down almost the exact same ruling when the State Department controlled the cryptography regulations." said Parekh. "The regulations were illegal then; They are illegal now."

"This only solves half the problem," continued Parekh. "Software companies which develop commercial products inside the United States, including Netscape and Microsoft, are still barred from selling secure versions of their software worldwide." Other companies, such as C2Net Software and Sun Microsystems, have performed an end-run around these regulations and have exported jobs, not crypto, completely legally.

C2Net Software's Stronghold Web Server Adds nCipher Hardware Encryption Support

Mon, 14 Jul 1997 00:00:00 GMT

OAKLAND, Calif., July 14 -- C2Net Software today announced its Stronghold(TM) secure web server now supports the nFast hardware cryptographic accelerator from nCipher Corporation Ltd. "Like Stronghold, the nFast accelerator is manufactured outside of the U.S., enabling us to offer our world-wide customers a simple, platform-independent way to speed up secure web server throughput," said C2Net Software president Sameer Parekh. "Many will find that Stronghold's terrific out-of-the-box performance is more than enough for their needs. If not, adding one or more nFast units is a fast, simple way to increase encryption performance as required."

"nCipher's nFast cryptographic accelerators enhance e-commerce and online transactions by speeding up the processing of crypto keys," said Alex van Someren, president of nCipher. "Using nFast together with the Stronghold web server gives customers throughout the world a quickly-scalable environment for conducting secure business on the Internet."

nCipher's nFast cryptographic accelerator interfaces via a standard SCSI2 interface, making it compatible with virtually any computer platform, and mounts within the space of a standard 3.5-inch disk drive bay. Each nFast accelerator can carry out approximately three hundred 1024-bit public key signings per second.

The Stronghold Web Server is an enhanced, secure, commercial version of the popular Apache server. Based on figures in a Netcraft survey (http://www.netcraft.com/survey/), Stronghold is the second most popular commercial server for UNIX and the second most popular for secure applications on the Internet.

nCipher Corporation Ltd. (http://www.ncipher.com/), an affiliate of the Newbridge Network Corporation (NYSE: NN), is a privately-owned developer of cryptographic technologies for securing server transactions, including both software and hardware cryptographic acceleration products. nCipher headquarters are located in Cambridge, England, with US offices in Andover, MA and in Santa Clara, CA.

Stronghold Web Server first to support Rainbow's Cryptoswift Hardware Encryption Accelerator Board

Mon, 30 Jun 1997 00:00:00 GMT

OAKLAND, Calif., June 30, 1997 - - C2Net Software today announced its Stronghold secure web server now supports the CryptoSwift secure server accelerator from Rainbow Technologies Internet Security Group. Stronghold is the first web server product to support a hardware encryption acceleration device, allowing fast, inexpensive scalability for secure Internet electronic commerce transactions and digital authentication.

"Secure communication is not a matter of choice for doing business on the Internet, it is a requirement," said C2Net president Sameer Parekh. "Internet service providers and corporate web site managers are hard pressed to keep their systems responsive as more and more consumers and businesses are demanding secure communications for Internet commerce. With Rainbow's CryptoSwift, we are meeting these demands for high performing secure servers."

"Rainbow's CryptoSwift will provide users of the Stronghold web server with the most technologically advanced capabilities for conducting high speed, secure electronic transactions over the Internet," said Peter Craig, vice chairman and Internet Security Group executive.

"Stronghold's support for Rainbow's CryptoSwift gives our customers a fast, easy, and inexpensive way to increase secure server throughput, simply by installing a hardware encryption accelerator device when needed," added Parekh.

A presentation at the January 1997 RSA Data Security Conference showed that servers providing SSL connections can spend over 90% of their processor time handling cryptography.

Rainbow's CryptoSwift is a PCI card that installs into the bus of a server computer and contains a high speed "public key" math co-processor which off-loads and accelerates security operations from a server's main processor. Using patent-pending technology, the product provides the necessary cryptographic functions to accelerate SSL, PCT, SET and other security protocols. CryptoSwift performs up to twenty 1024 bit public key calculations per second, and performance scales linearly with the number of boards installed, limited only by the number of PCI slots available in the server.

Rainbow's Internet Security Group is a world leader in providing cryptographic performance solutions. The Group has recently formed technical collaborations with prominent corporations including RSA Data Security, Microsoft, IBM, and Netscape. Founded in 1984, Rainbow Technologies (NASDAQ:RNBO) has offices in California, Connecticut, Maryland, France, Germany and the U.K., and an international network of authorized distributors. The company supplies security products to over 28,000 customers in over 100 countries. Demonstrating Rainbow's commitment to quality, the company has been ISO-9002 certified since 1994. Rainbow is a designated licensee of RSA Data Security. For more information on CryptoSwift please call 1-(888)-667-4728 or visit Rainbow's web site at http://isg.rnbo.com.

C2Net Software, Inc. (http://www.c2.net/) is a leading provider of uncompromised network security software. Through its international offshore development programs, all C2Net product are exempt from U.S. government export restrictions, allowing the company to offer uncrippled, strong cryptography solutions to customers worldwide.

Hackers smash US Government encryption standard

Wed, 18 Jun 1997 00:00:00 GMT

Oakland, California (June 18, 1997)-The 56-bit DES encryption standard, long claimed "adequate" by the U.S. Government, was shattered yesterday using an ordinary Pentium personal computer operated by Michael K. Sanders, an employee of iNetZ, a Salt Lake City, Utah-based online commerce provider. Sanders was part of a loosely organized group of computer users responding to the "RSA $10,000 DES Challenge." The code-breaking group distributed computer software over the Internet for harnessing idle moments of computers around the world to perform a 'brute force' attack on the encrypted data.

"That DES can be broken so quickly should send a chill through the heart of anyone relying on it for secure communications," said Sameer Parekh, one of the group's participants and president of C2Net Software, an Internet encryption provider headquartered in Oakland, California (http://www.c2.net/). "Unfortunately, most people today using the Internet assume the browser software is performing secure communications when an image of a lock or a key appears on the screen. Obviously, that is not true when the encryption scheme is 56-bit DES," he said.

INetZ vice president Jon Gay said "We hope that this will encourage people to demand the highest available encryption security, such as the 128-bit security provided by C2Net's Stronghold product, rather than the weak 56-bit ciphers used in many other platforms."

Many browser programs have been crippled to use an even weaker, 40-bit cipher, because that is the maximum encryption level the U.S. government has approved for export. "People located within the US can obtain more secure browser software, but that usually involves submitting an affidavit of eligibility, which many people have not done," said Parekh. "Strong encryption is not allowed to be exported from the U.S., making it harder for people and businesses in international locations to communicate securely," he explained.

According to computer security expert Ian Goldberg, "This effort emphasizes that security systems based on 56-bit DES or "export-quality" cryptography are out-of-date, and should be phased out. Certainly no new systems should be designed with such weak encryption.'' Goldberg is a member of the University of California at Berkeley's ISAAC group, which discovered a serious security flaw in the popular Netscape Navigator web browser software.

The 56-bit DES cipher was broken in 5 months, significantly faster than the hundreds of years thought to be required when DES was adopted as a national standard in 1977. The weakness of DES can be traced to its "key length," the number of binary digits (or "bits") used in its encryption algorithm. "Export grade" 40-bit encryption schemes can be broken in less than an hour, presenting serious security risks for companies seeking to protect sensitive information, especially those whose competitors might receive code-breaking assistance from foreign governments.

According to Parekh, today's common desktop computers are tremendously more powerful than any computer that existed when DES was created. "Using inexpensive (under $1000) computers, the group was able to crack DES in a very short time," he noted. "Anyone with the resources and motivation to employ modern "massively parallel" supercomputers for the task can break 56-bit DES ciphers even faster, and those types of advanced technologies will soon be present in common desktop systems, providing the keys to DES to virtually everyone in just a few more years."

56-bit DES uses a 56-bit key, but most security experts today consider a minimum key length of 128 bits to be necessary for secure encryption. Mathematically, breaking a 56-bit cipher requires just 65,000 times more work than breaking a 40-bit cipher. Breaking a 128-bit cipher requires 4.7 trillion billion times as much work as one using 56 bits, providing considerable protection against brute-force attacks and technical progress.

C2Net is the leading worldwide provider of uncompromised Internet security software. C2Net's encryption products are developed entirely outside the United States, allowing the firm to offer full-strength cryptography solutions for international communications and commerce. "Our products offer the highest levels of security available today. We refuse to sell weak products that might provide a false sense of security and create easy targets for foreign governments, criminals, and bored college students," said Parekh. "We also oppose so-called "key escrow" plans that would put everyone's cryptography keys in a few centralized locations where they can be stolen and sold to the highest bidder," he added. C2Net's products include the Stronghold secure web server and SafePassage Web Proxy, an enhancement that adds full-strength encryption to any security-crippled "export grade" web browser software.

Pentium is a registered trademark of Intel Corporation.

Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corporation

Stronghold and SafePassage are trademarks of C2Net Software, Inc.

Full-Strength Stronghold 2.0 Released Worldwide

Mon, 05 May 1997 00:00:00 GMT

C2Net President Sameer Parekh Rejects Weak Keys, Back Doors.

Oakland, CA - C2Net Software, Inc. annouced today the worldwide availability of Stronghold 2.0, a major upgrade to their secure web server based on Apache. With this release, Stronghold has added more functionality than ever, including uncompromised security, web-based configuration, and new protocol support.

"The Stronghold web server -- like all C2Net products -- supports full-sized keys, and will never support government back doors," said C2Net president Sameer Parekh. "We have development teams around the globe working on our products, free from US export control policy. Even if some of these countries cave in to US demands, we'll still be able to produce first-rate, uncompromised security products."

Others Use Compromised Security

In a recent announcement, Netscape Communications announced plans to include government back doors in their products. "By implementing this so-called 'key recovery', Netscape is getting a small increase in key length in exchange for putting your keys in the hands of the government," said Parekh. "This the same government that hired Aldrich Ames, the same goverment that has IRS employees surfing taxpayer databases at will. What do you think is going to happen to your keys?"

According to cryptography expert Bruce Schneier, "There is absolutely no business case for key recovery. Any benefit you get from longer key lengths is offset by the enormous security risk of concentrating keys in a few hands."

Current "export" versions of Netscape and Microsoft web servers use a weak 40-bit cipher that can be broken in hours by any bored systems administrator or college student with access to a few hundred idle machines. By comparison, all C2Net software can use at least 128-bit keys.

To understand this difference, imagine that the hundreds of computers needed to crack a 40 bit key in a few hours were compressed into a cube an inch on a side, and you built a computer the size of the Earth out of these cubes, it would still take this computer more than four times as long to crack a 128 bit key. It's easy to find a few hundred computers idle at any medium-sized business or university; Earth-sized computers are still relatively uncommon.

Stronghold Gaining Market Share

In several recent surveys, Stronghold has emerged as a leading contender in the web server market. An O'Reilly and Associates/Netcraft survey of secure web servers in use on the Internet found that Stronghold was second only to Netscape. The monthly Netcraft survey of all web servers on the Internet has indicated for some time that Stronghold is also the second most popular commercial web server for the Unix platform.

"We've been steadily gaining market share," indicated Parekh, "and to a great extent it's due to our firm stand that we won't sell deliberately weakened security products to our customers."

Features in Stronghold 2.0

"We've redesigned the security interfaces and built on the new Apache 1.2 code base," commented Mark Cox, Stronghold product manager at UK Web. "Stronghold has had many productivity and performance enhancements and it is now fully compliant with the new HTTP/1.1 standard." The HTTP/1.1 standard is a significant update to HTTP/1.0, the protocol that governs how web browsers and web servers communicate.

HTTP/1.1 brings many new features to the table, including improved content and language negotiation, improved persistent connections, and better recovery from interrupted transfers. (For more information on HTTP/1.1, see http://www.apacheweek.com/features/http11)

Stronghold 2.0 also includes a web-based configuration manager, allowing web administrators to securely administer their sites from the web browser of their choice. "We've had a lot of requests for this feature as Stronghold has grown in popularity," said Douglas Barnes, C2Net Vice President.

On the security front, the new release includes support for Secure Sockets Layer (SSL) version 3, which provides stronger security and more flexibility in choosing ciphers.

Background

UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design.

C2Net is the leading worldwide provider of uncompromised network security software.

Portions of Stronghold were developed by the Apache Group, and were taken with permission from the Apache Server http://www.apache.org/. Stronghold also includes software developed by Eric Young (eay@cryptsoft.com).

C2Net Software Thwarts US Encryption Policy

Mon, 24 Mar 1997 00:00:00 GMT

Products Provide Uncrippled, Secure Framework for Worldwide Net Commerce, Intranets, and Extranets.

Oakland, CA -- C2Net Software, Inc., and UK Web, Ltd., announced today the 1.0 release of a new product, "SafePassage Web Proxy." This product, developed entirely outside of the United States, provides full-strength, non-escrowed cryptography for users of any standard web browser.

No weak codes

"We don't believe in using codes so weak that foreign governments, criminals, or bored college students can break them," said C2Net President Sameer Parekh, "we also oppose plans to put all your cryptography keys in a few places, where they can be sold to the highest bidder by traitors like Aldrich Ames. Some companies are starting to release products that use this so-called 'key recovery' technology, but this will only create fat, tempting targets for hackers and spies -- and they're still restricted to short key lengths, such as 56 bits."

Current "export" versions of Netscape Navigator and Microsoft Internet Explorer use a weak cipher that has been broken by online groups, such as the "Cypherpunks." Companies like HP and IBM, bowing to government pressure, have been promoting seemingly innocuous "key recovery" plans that would require centralized key storage and easy government access to -- or abuse of -- cryptography keys.

SafePassage Web Proxy Fortifies Browsers

SafePassage is an enhancement for "export" browsers, an add-on product that works with any standard web browser. Acting as an intermediary, or proxy, it intercepts weakly encrypted connections on their way out and transforms them to use full-strength cryptography. "The weak connection never leaves your PC," explains Parekh, "it gets decrypted and then re-encrypted with a full-strength cipher."

"This is part of our overall strategy to provide strong cryptography world wide," said Parekh, "SafePassage is an add-on for web browsers, and Stronghold, our web server, can be used as an add-on for existing servers. Our plan is to offer a complete line of products for securing Internet communications in this fashion."

Some examples of how SafePassage can be used:

A multi-national corporation can use SafePassage to secure a far-flung Intranet that travels over insecure channels. Overseas banks can distribute SafePassage to their customers, to ensure that their transactions are secure and private. Internet Service Providers can provide SafePassage as part of the startup package to new users, so that they can connect securely to commercial sites around the world.

"We're still learning new ways that folks would like to use SafePassage," commented C2Net VP Douglas Barnes, "the response during the beta period has been overwhelming."

"SafePassage is the perfect complement to the Stronghold web server," said Mark Cox, Stronghold Product Manager for UK Web. "we've been marketing the international version of Stronghold with full strength cryptography for six months now, but we knew we would need matching strong cryptography on the browser side as well. SafePassage Web Proxy answers this need."

Details

SafePassage provides secure connections using strong cryptography for any browser that supports standard SSL tunneling, a feature normally used by firewall software. It currently runs on Windows 3.1, Windows 95, and Windows NT.

Evaluation versions of SafePassage can be downloaded at no cost from UK Web's site at: http://stronghold.ukweb.com/safepassage/. It is currently unavailable for distribution within the US and Canada, but a domestic version will be made available in the near future. A single- user license is $49, prices for volume licensing start at $995 for fifty users.

Background

UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design.

C2Net is the leading worldwide provider of uncompromised network security software.

Netscape Navigator and Netscape Enterprise are trademarks of Netscape Communications Corporation. Microsoft Internet Explorer and Microsoft Internet Information Server are trademarks of Microsoft Corporation. Stronghold and SafePassage are trademarks of C2Net Software, Inc. Portions of Stronghold were developed by the Apache Group, and are taken with permission from the Apache Server. Stronghold and SafePassage include portions developed by Eric Young.

BSDI Delivers Stronghold Encrypting SSL Web Server

Wed, 12 Mar 1997 00:00:00 GMT

No-Cost Trial Version Available For BSDI Customers.

Colorado Springs, CO (March 12, 1997) - Berkeley Software Design, Inc. (BSDI) and C2Net Software, Inc. announced today that BSDI will market and support C2Net's Stronghold encrypting SSL Web server.

Stronghold enables companies and their customers to conduct secure transactions using the World Wide Web. Stronghold is the only widely used, commercial encrypting Web server to provide full-strength, uncrippled cryptography worldwide. Other commercial servers are restricted by U.S. export restrictions from providing full-strength cryptography outside the U.S. Because Stronghold is developed outside of the United States, it is available in uncrippled form worldwide. Stronghold, a commercial version of Apache, the world's most popular Web server, is currently the second most popular encrypting Web server on the Internet, according to the Netcraft SSL server survey. (http://www.netcraft.co.uk/ssl/)

"Stronghold is an ideal commercial Web server for transaction-enabled sites because it delivers top-end security features and is based on the popular Apache Web server," said Rob Kolstad, Ph.D. President of BSDI. "Our customers will appreciate Stronghold's full source code, RSA public key technology, full 128-bit symmetric encryption, and SSL client authentication, as well as the opportunity to procure a commercial encrypting Web server and the underlying operating system from a single source."

"We are very pleased that BSDI will help introduce Stronghold to its ISP customer base," said Sameer Parekh, President of C2Net. "Thousands of BSDI installations that use the Apache Web server will find it easy to migrate to Stronghold as they add secure transaction capabilities to their Web sites."

In addition to the trial version of Stronghold, BSDI Internet Server Version 3.0 comes complete with two of the industry's most popular Web servers - Netscape's FastTrack and The Apache Group's Apache - and a 10-user license for Software.com's Post.Office E-mail server. BSDI 3.0 provides easy administration, top performance, and exceptional security for the most demanding Internet, Intranet, and enterprise gateway environments. BSDI 3.0 includes BSDI's new MaxIM graphical administration manager, BSDI's Web performance and service-protection software, enhanced TCP/IP networking, and Web and Internet/Intranet development tools.

Pricing and Availability

BSDI will include a 60-day trial version of Stronghold with its BSDI Internet Server Version 3.0. The Stronghold Web server is available from BSDI for U.S.D. $495. The Stronghold Web server will soon be available via BSDI's Web site at http://www.bsdi.com.

About C2Net Software, Inc.

C2Net is the leading provider of uncompromising security on the Internet. In addition to Stronghold, C2Net also markets SafePassage Web Proxy, a product that allows users of popular web browsers to use full-strength cryptography worldwide. C2Net Software, Inc. is a privately held company headquartered in Oakland, California. Contact C2Net at 510-986-8770 or http://www.c2.net/.

About Berkeley Software Design, Inc.

Berkeley Software Design, Inc. is the commercial supplier of the high-performance BSD Internet and networking system software originally developed at the University of California, Berkeley. Internet experts worldwide are powering the networked economy with over 25,000 deployed servers running BSDI software engines and applications. BSDI products include BSDI Internet Server, BSDI GroupGate, and BSD/OS and networking software for network appliance developers. BSDI serves many of the foremost Internet service providers including ANS, AT&T, BBN, EUNET, CompuServe, Demon Internet, IDT, Internet Direct, Internet Initiative Japan (IIJ), MCI, Mindspring, Sprint, Telia AB, U.S. WEST, UUNET Technologies, and more than 2,500 local, regional, and national Internet service providers worldwide. BSDI is privately held and headquartered in Colorado Springs, Colorado. Contact BSDI at 800-800-4273, 719-593-9445, info@bsdi.com, or http://www.bsdi.com.

BSDI, BSD/OS, and the BSDI logo are registered trademarks and GroupGate is a trademark of Berkeley Software Design, Inc. Portions of Stronghold were developed by the Apache Group, and are taken with permission from the Apache server. Stronghold also includes portions developed by Eric Young. All other product or service names are trademarks of their respective owners.

C2Net announces Stronghold 2.0, bundled Thawte certificates

Thu, 19 Dec 1996 00:00:00 GMT

Oakland, CA -- C2Net Software, an Oakland-based security software company, announced today the beta release of Stronghold 2.0. Stronghold is currently the second most popular commercial webserver on the Unix platform, according to the Netcraft survey of webservers on the Internet. (see: http://www.netcraft.co.uk/survey/)

Bundled With Thawte Certificates

Additionally, C2Net and Thawte Consulting cc, a certificate authority based in South Africa, jointly announced a bundled product: a Stronghold webserver and a Thawte server certificate. The bundle will sell for $545; Stronghold alone lists at $495. Thawte's main competitor, Verisign, sells web server certificates for $290; similar certificates are $100 when purchased separately from Thawte.

"We can now offer our customers the convenience of one-stop shopping when setting up a secure web site," said C2Net President Sameer Parekh. "Thawte is now poised to be a significant competitor to VeriSign, and we think that competition in this area is very healthy and will bring greater value to the entire Internet"

Certificates are used for secure connections to authenticate the server to the client. People using Netscape and Microsoft browsers can connect to sites using both Thawte and VeriSign certificates because the "root certificates" for these companies come pre-loaded with the Netscape and Microsoft browsers.

New Features in Version 2.0

Stronghold 2.0 is adding a number of new features users have been asking for.

Stronghold 2.0b1 also incorporates a number of popular features from the Thawte webserver, Sioux, including more flexible directives for specifying security properties and improved certificate-based authentication. A subsequent beta version of Stronghold 2.0 will contain a full-fledged grapical configuration manager, based on the one in Sioux, as well as support for the latest version of the SSL protocol, known as SSLv3.

Merged With Sioux

Along with the bundling agreement, Thawte and C2Net have merged their webserver products, Sioux and Stronghold. "This gives us a chance to focus more of our energy on our certificate business," said Mark Shuttleworth of Thawte Consulting. "By doing this, our two companies will be better able to compete in both the web server and certificate- issuing markets."

Existing Sioux customers will be able to upgrade to the new version of Stronghold for $95.

Upgrade Policy

Starting today, users who purchase Stronghold will be guaranteed a free upgrade to 2.0 when it gets out of beta testing. Other existing Stronghold users will probably need to pay a $95 upgrade fee, depending on when they purchased the product.

Stronghold is developed outside of the United States, and is distributed within the US and Canada by C2Net and in the rest of the world by UK Web. All versions of the product use uncompromised, full-strength cryptography.

Background

C2Net (previously known as Community ConneXion, Inc.) is the leading provider of uncompromising security on the Internet. In addition to Stronghold, C2Net also markets SafePassage Web Proxy, a product that allows users of popular web browsers to use full-strength cryptography worldwide.

UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design. They are the international distributors for both Stronghold and SafePassage products.

SafePassage brings strong crypto to web browsers worldwide

Mon, 25 Nov 1996 00:00:00 GMT

Oakland, CA -- C2Net and UK Web, Ltd., announced today the beta release of a new product, "SafePassage Web Proxy." International users of popular web browsers such as Netscape or Microsoft Internet Explorer can use SafePassage to make secure web connections using full-strength cryptography. Prior to this release, international users of these browsers had to use weak cryptography, which could be easily broken.

"SafePassage is the perfect complement to our Stronghold web server," said Mark Cox, Stronghold Product Manager for UK Web. "we've been marketing the international version of Stronghold with full strength cryptography for two months now, but we knew we would need matching strong cryptography on the browser side as well. SafePassage Web Proxy answers this need."

SafePassage provides secure connections using strong cryptography for any browser that supports standard SSL tunneling. It currently runs on Windows 3.1 and Windows 95.

"We don't believe in using codes so weak that foreign governments, criminals or bored college students can break them," said C2Net President Sameer Parekh, "we also oppose plans to put all your cryptography keys in a few places, where they can be sold to the highest bidder by traitors like Aldrich Ames, or recent suspect Harold J. Nicholson."

Current "export" versions of Netscape and MSIE use a weak cipher that has been broken by online groups, such as the "Cypherpunks." Companies like HP and IBM, bowing to government pressure, have been promoting seemingly innocuous "key recovery" plans that would require centralized key storage and easy government access to -- or abuse of -- cryptography keys.

Beta versions of SafePassage can be downloaded at no cost from UK Web's site at: http://stronghold.ukweb.com/safepassage. It is currently unavailable for distribution within the US and Canada, but a domestic version will be made available in the near future.

The final release will be free for personal, educational, or other non-commercial use; for information on site licenses and bundling, send e-mail to safepassage@c2.net; or by phone, contact Douglas Barnes at +1 510 986 8773, or Dave Williams at +44 113 222 0046.

UK Web Limited is a leading Internet services company specialising in server technology, Internet security, business solutions and effective site design.

C2Net is the leading provider of uncompromising security on the Internet. C2Net provides a wide array of Internet privacy services and powerful network security software.

Lawsuit dropped: SPA still demands monitoring

Thu, 24 Oct 1996 00:00:00 GMT

Oakland, CA - In an ongoing attempt to force Internet Service Providers (ISPs) to monitor their customers' web pages, the Software Publisher's Association (SPA), acting on behalf of three member software companies, dropped a lawsuit against Community ConneXion, Inc., dba C2Net, but reserved the right to bring the suit again if C2Net failed to adopt a policy of monitoring their users' web pages for copyright infringement.

The three plaintiffs, Adobe Systems, Inc., Claris Corporation, and Traveling Software, Inc., seemed surprised to find that they had filed the lawsuit, and sought to distance themselves from the action. For instance, Adobe's PR department maintained that Adobe has definitely not filed any such lawsuit. (Contact Carol Sacks -- (408) 536-4033)

C2Net, a small, Oakland-based ISP and software company, has always forbidden illegal activity on its servers. This includes copyright infringement and contributory copyright infringement. "We're very aware of the problems that software companies face from piracy; most of our revenue comes from software and we have our own problems with people pirating our software," said C2Net President Sameer Parekh. "I just don't think that bullying hard-working ISPs into embracing a highly questionable set of policies does anything constructive about the problem of piracy."

The Software Publishers Association wants ISPs to sign a 'Code of Conduct' which would force ISPs to actively monitor users. Under current case law, this greatly increases the ISP's liability, in addition to being extremely expensive, time-consuming, and distasteful to users.

"The telephone company isn't required to monitor all their users to make sure they're not saying illegal things," said Parekh. "How can we be expected to do that for our customers' use of the Internet?"

Of the over twenty ISPs contacted by the SPA, many caved in and signed the 'Code of Conduct', fearing a lawsuit from the SPA more than the future expense and liability problems that result from ongoing monitoring. A coalition of ISPs and other concerned parties, the ISP Defense Coalition, has formed to oppose these bullying tactics by the SPA.

"The SPA thought they could bully small ISPs, but they didn't realize we had principles and couldn't be cowed," said Parekh.

Mike Godwin, Staff Counsel for the Electronic Frontier Foundation said, "My personal view is that the Software Publishers Association has forgotten that it is the legislature, not the courts, that is the primary avenue for seeking changes in copyright policy. What we see here is a perversion of the notion that the courts should be used to seek justice -- SPA seems to have picked defendants in the hope that they'd be too weak to resist. I find that decision morally objectionable. Speaking as a lawyer, I have to say that this is the kind of tactic that justifiably confirms in people's minds whatever low opinions they may have of lawyers."

The suit alleged that C2Net users were providing tools to get around copy protection in the plaintiffs' software, and were providing pointers to other sites that actually contained pirated software. The SPA provided no examples, and did not allege any direct copyright infringement on C2Net machines.

"Despite our best efforts to get specific information," said Parekh, "the SPA did not provide us with any specifics about our customers engaging in infringing activity. We suspect that they had no evidence of infringement, but acted merely on vague reports of questionable conduct on the part of a few users."

C2Net provides high-security encryption solutions for the Internet worldwide. More information about C2Net's products are available at https://stronghold.c2.net/. Information about the forming coalition may be found at https://www.c2.net/ispdc/.

Community ConneXion sued in frivolous lawsuit

Mon, 14 Oct 1996 00:00:00 GMT

Oakland, CA - Community ConneXion, Inc, dba C2Net, condemns the lawsuit served by Adobe Systems, Inc., Claris Corporation, and Traveling Software, Inc. as a frivolous lawsuit. "As near as we can tell," said C2Net President Sameer Parekh, "we are being sued for being an Internet Service Provider."

C2Net is an ISP, providing shell accounts and web hosting services. But the company is primarily a software vendor, selling Stronghold, one of the most popular secure web servers on the market. "We were looking into joining the Software Publisher's Association, who filed the suit on behalf of the plaintiffs," said Parekh, "but it's not very likely to happen at this point."

The lawsuit appears to charge C2Net with liability based upon allegations that C2Net's customers provide links to pirated software on other machines and "cracker tools" that allow users to beat copy-protection mechanisms like software serial numbers.

"It's completely outrageous that the SPA has nothing better to do than to file frivolous lawsuits against hard-working Internet Service Providers," said Parekh. "We are not aware of any such links on our pages or our customer's pages, and if our customers are breaking any laws, we want to know about it so we can terminate their accounts." (The lawsuit provides no specific examples.)

The lawsuit was apparently filed after a single attempt to contact the company with a form-letter e-mail. The copy of the alleged e-mail included as an attachment to the suit shows the SPA's real motive. "They want us to sign a 'Code of Conduct'," said Parekh. "Among other things, we'd have to agree to routinely monitor our customer's web pages, which we won't do. We deal with complaints about our customers on a case by case basis, and we have a firm and clear policy against illegal activity of any sort. We've shut down accounts for less than what they're alleging in this lawsuit."

"This is clearly a frivolous lawsuit," said Terry Gross, counsel for C2Net. "The plaintiffs know that an ISP can only be liable if it participates in and has knowledge of the improper activity, and it is clear that they have no such basis."

Although the lawsuit does not mention the "Code of Conduct", it appears that most ISPs who received the e-mail ended up signing it, largely to avoid legal action from the much-feared SPA. Those that didn't kowtow got sued.

"The terms of the 'Code of Conduct' are completely unacceptable," said Parekh. "It basically gives the SPA the right to go on an ongoing fishing expedition through our customer's files, and requires us to do the same as their agent on a regular basis. The Code would classify us as 'publishers', and we would become responsible for everything our customers do. We've built this business on a solid foundation of respect for our customer's privacy. Monitoring their activities without grounds for suspicion is completely inconsistent with maintaining their privacy."

"This lawsuit is grossly unfair, and it's going to cost us a lot of time and money, but we don't have any choice but to fight it," said Parekh. "What we have here is three giant software companies and their well-funded bag of lawyers trying to bully a smaller software company into adopting costly policies that invade customers' privacy."

A coalition is currently being formed to fight this case and make sure that this form of legal terrorism does not occur in the future against internet providers. The coalition will probably include the three companies that have been served in the suit and other organizations with a stake in creating a rational legal enviroment for ISPs and their customers.

Community ConneXion and Caldera to bundle Stronghold with the Caldera Solutions CD

Mon, 07 Oct 1996 00:00:00 GMT

Oakland, CA - C2Net and Caldera, Inc. today announced the release of Stronghold: Apache-SSL for the US, bundled with the Caldera Solutions CD. Stronghold is a webserver based on the popular Apache server, which has the highest marketshare of all webservers on the Internet according to the Netcraft server survey at http://www.netcraft.com/survey/. Stronghold's marketshare has more than doubled every month since its release in January of this year.

"[The competition]'s secure servers just didn't work the way we wanted them to; the interface was clunky and required firewall adjustments to run, the access control didn't work well for us, and it was just too black-boxey for us," commented Dan Kearns, of the Motorola ISG Internet Business Group. "We like the lean/mean-ness of Apache in general, and the actual useful development that goes on. We look forward to generating client certificates for our channel partners using the bundled internal certificate authority tools."

As the only widely-used encrypting webserver that supports Linux, Stronghold integrates seamlessly with Caldera's Network Desktop. "Stronghold and Caldera Network Desktop are a perfect combination for building web-based applications in your company," said Sameer Parekh, President of C2Net

"Stronghold is the first widely used web server that can authenticate clients on the basis of their digital certificates," said Dr. Andrew Csinger, President of Xcert Software, Inc. "Stronghold is a natural server platform for Xcert's Sentry suite of security enhancement products. The combination of Stronghold's uncompromising security profile and Xcert's flexible certificate management and secure database technology represents great value and convenience for Internet users."

Xcert Software, Inc. is the premier provider of security enhancement software for safe and secure commercial Internet applications. Xcert's Sentry product line is the first cross-platform, server-independent public key infrastructure implementation. A live demonstration using the Stronghold webserver has been available on the company's website since April 1996 (http://www.xcert.com/).

Because it is based on Apache, Stronghold can be used with the innummerable third party CGI and Apache API applications which have been developed for Apache, including perl & python integration, database connectivity, and Kerberos support. "Direct support within the server for scripting languages can produce an excellent performance improvement over standard CGI methods," said Sameer Parekh, President of Community ConneXion, Inc.

Portions developed by the Apache Group, taken with permission from the Apache Server http://www.apache.org/. This product includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project. This product includes software developed by Eric Young (eay@mincom.oz.au).

Community ConneXion announces Stronghold version 1.3

Mon, 19 Aug 1996 00:00:00 GMT

Oakland, CA - Community ConneXion, Inc., the leader in uncompromising security for the Internet, today announced the version 1.3 release of Stronghold, the commercial version of Apache-SSL. Stronghold is based on the popular Apache server, the most popular webserver on the Internet, according to the Netcraft server survey at http://www.netcraft.com/survey/.

Stronghold 1.3 is a significant improvement from the Stronghold 1.2 product. The latest version is based on Apache 1.1.1, which supports features such as Keep-Alive, server information modules, a proxy server, an easier to use API, more flexibility in authentication, and greater configurability.

"We're happy to have a final release version of 1.3 available," said Sameer Parekh, President of Community ConneXion. "Because of our close involvement with the Apache Group, we can quickly track new Apache releases. We expect to have an Apache 1.2-based server available soon after the Apache 1.2 release." Stronghold 1.3 is the result of an extensive Internet-wide beta test, which started soon after the full release of Apache 1.1.1.

Apache 1.1.1 includes features such as the status module, which gives the server administrator the ability to monitor in real time the server's activity. An information module is also available which gives administrators easy access to a list of which modules have been installed on their server, as well as their configuration directives. The latest version includes modules which support database access, including mSQL and Postgres95.

Apache 1.1.1 has much more flexible configuration with regards to virtual hosts and multiple IP addresses. This feature allows such innovations as the ability within Stronghold 1.3 to serve both SSL and nonSSL documents from the same server instance.

The latest version of Stronghold supports "Session ID Caching," which allows for dramatic performance improvements. Session caching allows servers to process connections much faster because the processor intensive calculations happen less often. Limited performance tests have shown speed improvements of eight hundred percent. "With Session ID Caching, the SSL protocol is not noticably slower than not using the encryption protocol. There is no excuse not to encrypt everything," said Parekh.

Community ConneXion is now shipping binaries for Sparc Solaris 2.5, x86 Solaris 2.5, Sparc SunOS 4.1.3_U1, FreeBSD 2.1, BSDI 1.1, AIX 3.2.5, IRIX 5.3, HP/UX, OSF/1, Ultrix, BSDI 2.0, and Linux (ELF & a.out). More platforms will be available soon, and even more may be supported on request. Stronghold may be ordered and downloaded at http://www.us.apache-ssl.com/. Existing commercial licensees may download the latest version free of charge.

Community ConneXion announces Stronghold version 1.2

Tue, 16 Jul 1996 00:00:00 GMT

Oakland, CA - Community ConneXion, Inc., the leader in uncompromising security for the World Wide Web, today announced the release of its newest version of Stronghold: Apache-SSL for the US. Stronghold is a webserver based on the popular Apache server, which has the highest marketshare of all webservers on the Internet according to the Netcraft server survey at http://www.netcraft.com/survey/. Stronghold's marketshare has more than doubled every month since its release in January of this year.

"We have been working with Community ConneXion for over a year to enable our Digital IDs in their Stronghold server products," said Greg Smirin, Product Line Manager at VeriSign, Inc. "We look forward to using their new version of Stronghold to demonstrate client certification on our own website." VeriSign is the leading provider of digital authentication services and products for electronic commerce and other forms of secure communications.

Xcert and C2 have entered into a co-marketing agreement to provide easy access to the Stronghold/Sentry bundle. The Stronghold/Sentry combination puts organizations of any size in control of their own security, allowing them to cost-effectively implement secure Intranets based on public key certificates.

Community ConneXion ships binaries for Sparc Solaris 2.5, x86 Solaris 2.5, Sparc SunOS 4.1.3_U1, DG/UX, FreeBSD 2.1, BSDI 1.1, AIX 3.2.5, IRIX 5.3, HP/UX (9 & 10), OSF/1, UnixWare, Ultrix, BSDI 2.0, and Linux (ELF & a.out). Additional platforms may be supported on request. Stronghold may be ordered and downloaded at http://www.us.apache-ssl.com/.

Community ConneXion provides services to avoid Government censors in Korea

Thu, 20 Jun 1996 00:00:00 GMT

Oakland, CA - Community ConneXion, Inc., The Internet Privacy Provider, today announced that its services could be used by the South Korean general public to avoid government censorship.

On June 6th, South Korea warned its public against making contact with North Korea on the Internet, threatening prosecution under the South Korean National Security Law, which bars all unauthorized contacts with the North.

A number of web pages containing information about North Korea were specified by the South Korean government as pages which must be blocked by South Korean Internet providers.

South Koreans who are interested in unfettered global communications may use Community ConneXion services to send mail, setup web pages, and browse the World Wide Web anonymously.

"We are committed to providing full uncensored Internet services to all users," said Sameer Parekh, President of Community ConneXion. "The Internet does not tolerate censorship."

People on the Internet can browse web pages without government censorship at http://www.anonymizer.com/. If individuals wish to send mail anonymously, they have multiple options, from using the web remailer gateway at http://www.c2.net/remail/ to setting up a fully anonymous double blind pseudonym at http://alpha.c2.org/.

Community ConneXion is the leading provider of privacy on the Internet. They provide anonymous and pseudonymous internet access and web pages in addition to powerful web service, virtual hosts, and web design consultation. Information is available from their web pages at http://www.c2.net/.

Community Connexion announceds worldwide beta-test of The Anonymizer

Fri, 24 May 1996 00:00:00 GMT

BERKELEY, CA - Community ConneXion, Inc., The Internet Privacy Provider, announced today the worldwide Beta release of the "Anonymizer" service for the World-Wide-Web.

The Anonymizer allows people browsing the web to be completely anonymous when making web transactions. It protects people from having the sites they visit discover their email address, hostname, type of computer, and other potentially sensitive information.

"The Anonymizer finally brings Caller-ID-Block to the Internet," said Justin Boyan, who designed and implemented the system. "If you don't want records of your activities being kept by every web site you visit, you should definitely be using this service."

Community ConneXion ("C2") is glad to be able to provide such a service to the Internet community free of charge. C2's President, Sameer Parekh, commented on the availability of this service, "We feel that people's privacy is too important to make people pay directly for basic privacy services. Therefore, we've built The Anonymizer with a model that will allow people on the Internet to use the basic level of service at no charge."

Future enhancements to the system include support for Netscape's Secure Sockets Layer, which will provide web surfers with the ability not only to hide their identity from the remote site, but to hide the identity of the sites they are browsing from their employer, university, or ISP. The threat of a university clamping down on the ability of its students to browse the web freely is very strong, and C2 plans to make this service available in order to protect against such threats.

The Anonymizer can be accessed at http://www.anonymizer.com/. Users need only click on "BEGIN SURFING ANONYMOUSLY" and then choose a site to visit anonymously. All their web transactions from that point on are anonymized. As the service is only in Beta phase at this point, users may experience slow connections or downtime. As the service moves to Production release, these problems will be eliminated.

XCert announces co-marketing agreement to reach largest Internet server market

Mon, 13 May 1996 00:00:00 GMT

Vancouver BC - Xcert Software Inc.

Xcert Software Inc. announced a co-marketing agreement with Community ConneXion of Berkeley, CA. The joint release of the bundled Stronghold and Sentry products provides a complete Internet and Intranet security solution for organizations of any size.

The Xcert Sentry is the first commercial quality Internet Certification Authority Server. It makes it easy for organizations to issue, sign and manage public-key certificates. A certificate is a digital ID, similar to a driver's license or other document, that can be used to verify someone's identity on the Internet. Sentry allows corporations (or any group) to take charge of their own security by allowing them to decide who receives a digital certificate without the need for an external Certification Authority.

Community ConneXion, Inc. (http://www.c2.net/) is the leading provider of privacy on the Internet. Dedicated to uncompromising security, they provide anonymous and pseudonymous Internet services, and secure web services. Based on the popular Apache server, Community ConneXion's Stronghold: Apache-SSL-US Webserver securely distributes information over the World Wide Web using state-of-the-art encryption techniques. It has been modified to work with Xcert's Sentry, to become the first widely used secure Web Server product that can authenticate client certificates.

A May 1996 Internet server survey (http://www.netcraft.com/Survey/) revealed a 500% increase in Stronghold server installations over the last two months. As well, the survey showed at least 40,000 Apache servers in use, surpassing NCSA this month as the most commonly used server on the Internet. In addition to targeting the emerging Intranet market, Xcert and Community ConneXion will offer Apache users an easy to install upgrade package. Xcert's product line also interoperates with other servers including Netscape Commerce. (Xcert is a Netscape Technology Partner.) Interoperability with Microsoft IIS is also planned.

"The ability to build secure Intranet applications is vital for corporations to survive in the fastpaced market today. The combination of our encrypting webserver for security and Xcert's Certificate Authority tools for administration allows companies to build these applications," said Sameer Parekh, President of Community ConneXion. "Stronghold/Sentry is the only fully-integrated easy-to-use package available on the market today which gives corporations the flexibility and security that they need."

One of the first beta test customers to use the Stronghold/Sentry configuration is the Canadian Bankers Association. Like so many other businesses, the CBA wants to expand its use of the Internet, and identifies inadequate security as the major obstacle to broadening the range of its Internet activities. Gordon Campbell, Director of Telecommunications for the CBA headquartered in Toronto, stated that "a solution based on the Xcert security enhancement technology could be the answer for the Canadian Bankers Association."

"We are eager to participate in Xcert's beta test program," said Mr. Campbell. "We are particularly interested in using the Xcert Access Control Module to control the distribution of information."

Using Xcert's CA Server software can turn a public Internet site into a private Intranet, at very low cost. Xcert Sentry will sell for US$995. Stronghold is available for US$495; current users can upgrade to the certification-enhanced release free of charge. Instructions for purchasing and downloading the Stronghold/Sentry security enhancement bundle can be found at both the Xcert (http://www.xcert.com) and Community ConneXion (http://apachessl.c2.net/) websites.

Plug-in server modules developed by Xcert will soon be available to provide additional functionality including Pay Per View and Automatic Billing. Xcert plans a wide range of modules that will enable Internet Service Providers to restrict client access and to notarize a wide variety of on-line transactions. Xcert's product will provide a simple and flexible way for ISPs to meet parental requests to restrict children's access to pornographic material.

A demonstration of some of the capabilities of the Xcert Sentry can be found on the Internet at http://www.xcert.com.

Portions of Stronghold were developed by the Apache Group, taken with permission from the Apache Server http://www.apache.org/. Stronghold includes software developed by Ben Laurie for use in the Apache-SSL HTTP server project. Stronghold includes software developed by Eric Young.

Xcert Software Inc. is a privately held company based in Vancouver BC, Canada. The company's focus is on security enhancement technology and products for the large and rapidly growing Intranet and Internet marketplace. Xcert is actively seeking technology and marketing partners. Contact Diana Costain or Andrew Csinger at 604 737-1003 (phone) 604 737-4899 (FAX), or send email to info@xcert.com

Community ConneXion announces uncensored usenet access to the French Internet Community

Thu, 09 May 1996 00:00:00 GMT

Berkeley, CA - Community ConneXion, Inc., today announced that it will for a limited time offer free Usenet access to anyone in France.

The announcement comes in the wake of the arrest of two managers for French Internet service providers. The two managers at WorldNet and FranceNet are being held responsible for the pornographic material distributed on the "alt.binaries" newsgroups. They face up to three years in jail.

In response to these arrests, the Association of French Internet Professionals (AFPI) has called for a complete blackout of French newsgroups and many providers in France have cut off news service entirely. Community ConneXion, Inc., has announced free Usenet access to the French in response to the resulting blackout.

"The Internet views censorship as damage, and routes around it," said Community ConneXion President Sameer Parekh, quoting a famous saying on the net, "The Internet transcends national boundaries. This promotion makes that fact obvious."

Community ConneXion offers full Internet access to its customers, with no content-based restrictions on materials its customers may read or make available on the Internet.

During this limited time promotion, people connected to the Internet in France may access a full uncensored Usenet feed merely by pointing their newsreaders at news.c2.net. People in other countries may also get access to a full uncensored Usenet feed by purchasing service from Community ConneXion. Information on how to sign up for service with C2.NET is available at http://www.c2.net/

Community ConneXion, Inc. is the leading provider of privacy on the Internet. Dedicated to uncompromising security, they provide anonymous and pseudonymous Internet services, including secure web services. Information is available at their web site at http://www.c2.net/, or contact Sameer Parekh at 510-601-9777x3.