KnowledgeDrivenRevolution.com


NSA has a 'Back Door' on Every Windows Version BBC \|\| November 2, 2005 Cryptographers are sounding the alarm on a major security issue involving Microsoft Windows that could eclipse its Hotmail public relations disaster. The findings of a computer security expert that America’s National Security Agency (NSA) may have been given a back door into every copy of Windows 95, 98, NT4 and 2003 worldwide are being debated across the Internet. Microsoft has issued a strong denial of allegations of misuse of a second encryption “key” in Windows. “These are just used to ensure that we’re compliant with US export regulations,” said Scott Culp, Microsoft’s security manager for its Windows NT Server software. Article Posted at www.KnowledgeDrivenRevolution.com “We have not shared the private keys. We do not share our keys.” But cryptographers in the UK described the implications of the findings as “immense”. Windows is installed on more than 90% of the world’s computers. Second key for Windows Andrew Fernandes, Chief Scientist at the Ontario-based Cryptonym Corporation, is credited with discovering the identity of a second key used by Windows for encryption purposes. Caspar Bowden, director of London-based Internet think-tank FIPR, said: “The allegation is that every copy of Windows contains an extra ‘magic number’ which would permit it to work with encryption modules designed by the US National Security Agency, as well as those approved by Microsoft.” The approval mechanism was introduced to ensure that the weak encryption in non-US versions of Windows could not be replaced with stronger software without it being checked against a “key” embedded in Windows, proving that it had been digitally signed off by Microsoft. Two years ago, cryptographers found an alternative, and apparently superfluous, second embedded key. The new details came to light through debugging information erroneously left in the latest service pack for Windows NT. Significantly, the key has the data tag ”_NSAKEY” giving rise to speculation that the NSA persuaded Microsoft to give it special access to Windows in a secret deal. Microsoft says it called its function an “NSA key” because the bodyreviews technical details for the export of data-scrambling software. MS talked with NSA It is known that Microsoft negotiated with the NSA on including encryption in its product. The export of strong encryption was banned by the Clinton administration, which fears terrorists and other criminals could turn it against the US. There are two theories on why this unnecessary second key is included in Windows: Conspiracy theorists say the key can be used to infiltrate targeted computers. It gives the NSA a direct way of doing this without having to use Microsoft’s own key. A more charitable theory is that Microsoft allowed the NSA a special key to secure the thousands of government computers running Windows. “The innocent explanation is that the US wished to create bespoke encryption modules for official use on government systems without reference to Microsoft,” said Mr Bowden. “Ironically, introducing the second key has created a major security loophole in a mechanism which was designed to enforce US export controls on strong cryptography.” Microsoft suffered serious embarrassment before, like when hackers exposed a simple way of breaking into the mailboxes of more than 40 million users of its Hotmail e-mail service. Home	Weekly Features Coming Soon: Chicken Little Terror of the Week Propaganda of the week
In Depth Coming Soon: 9-11 Clinton vs. Bush
Archive September 2005 October November 2005 30 31 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 01 02 03

NSA has a 'Back Door' on Every Windows Version

BBC || November 2, 2005

Cryptographers are sounding the alarm on a major security issue involving Microsoft Windows that could eclipse its Hotmail public relations disaster.

The findings of a computer security expert that America’s National Security Agency (NSA) may have been given a back door into every copy of Windows 95, 98, NT4 and 2003 worldwide are being debated across the Internet.

Microsoft has issued a strong denial of allegations of misuse of a second encryption “key” in Windows.

“These are just used to ensure that we’re compliant with US export regulations,” said Scott Culp, Microsoft’s security manager for its Windows NT Server software.

Article Posted at www.KnowledgeDrivenRevolution.com

“We have not shared the private keys. We do not share our keys.”

But cryptographers in the UK described the implications of the findings as “immense”. Windows is installed on more than 90% of the world’s computers.

Second key for Windows

Andrew Fernandes, Chief Scientist at the Ontario-based Cryptonym Corporation, is credited with discovering the identity of a second key used by Windows for encryption purposes.

Caspar Bowden, director of London-based Internet think-tank FIPR, said: “The allegation is that every copy of Windows contains an extra ‘magic number’ which would permit it to work with encryption modules designed by the US National Security Agency, as well as those approved by Microsoft.”

The approval mechanism was introduced to ensure that the weak encryption in non-US versions of Windows could not be replaced with stronger software without it being checked against a “key” embedded in Windows, proving that it had been digitally signed off by Microsoft.

Two years ago, cryptographers found an alternative, and apparently superfluous, second embedded key. The new details came to light through debugging information erroneously left in the latest service pack for Windows NT.

Significantly, the key has the data tag ”_NSAKEY” giving rise to speculation that the NSA persuaded Microsoft to give it special access to Windows in a secret deal.

Microsoft says it called its function an “NSA key” because the bodyreviews technical details for the export of data-scrambling software.

MS talked with NSA

It is known that Microsoft negotiated with the NSA on including encryption in its product. The export of strong encryption was banned by the Clinton administration, which fears terrorists and other criminals could turn it against the US.

There are two theories on why this unnecessary second key is included in Windows:

Conspiracy theorists say the key can be used to infiltrate targeted computers. It gives the NSA a direct way of doing this without having to use Microsoft’s own key.

A more charitable theory is that Microsoft allowed the NSA a special key to secure the thousands of government computers running Windows.

“The innocent explanation is that the US wished to create bespoke encryption modules for official use on government systems without reference to Microsoft,” said Mr Bowden.

“Ironically, introducing the second key has created a major security loophole in a mechanism which was designed to enforce US export controls on strong cryptography.”

Microsoft suffered serious embarrassment before, like when hackers exposed a simple way of breaking into the mailboxes of more than 40 million users of its Hotmail e-mail service.

Home

Weekly Features

Coming Soon:

Chicken Little Terror of the Week

Propaganda of the week

In Depth

Coming Soon:

9-11

Clinton vs. Bush

NSA has a 'Back Door' on Every Windows Version

BBC || November 2, 2005

Weekly Features

In Depth

Archive