Linux Today: Linux News On Internet Time.

NSA Backdoor in Windows Crypto API found

Sep 03, 1999, 17:51 (10 Talkback[s])
(Other stories by Andrew Fernandes)

[ Thanks to Malte Cornils for this link. ]

"Microsoft Installs US Spy Agency with Windows"

"Between Hotmail hacks and browser bugs, Microsoft has a dismal track record in computer security. Most of us accept these minor security flaws and go on with life. But how is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a 'back door' for the National Security Agency (NSA - the USA's spy agency) making it orders of magnitude easier for the US government to access their computers?"

"While investigating the security subsystems of WindowsNT4, Cryptonym's Chief Scientist Andrew Fernandes discovered exactly that - a back door for the NSA in every copy of Win95/98/NT4 and Windows2000. Building on the work of Nicko van Someren (NCipher), and Adi Shamir (the 'S' in 'RSA'), Andrew was investigating Microsoft's 'CryptoAPI' architecture for security flaws. Since the CryptoAPI is the fundamental building block of cryptographic security in Windows, any flaw in it would open Windows to electronic attack."

Read More