InfoWorld: Microsoft disputes expert's characterization of Windows 'back door'Sep 06, 1999, 00:33 (6 Talkback[s])
(Other stories by Elizabeth Heichler, Bob Trott)
"A private security expert said he has found a 'back door' in Microsoft's Windows operating systems that could give a United States spy agency access to the systems.
Microsoft hotly denied that the encryption key -- publicized by Andrew Fernandes, chief scientist at Cryptonym, who charged that the back door exists in Windows 9x, Windows NT, and Windows 2000 -- gave the National Security Agency access to computers.
Fernandes said he discovered the weakness that exploits Microsoft's encryption architecture while investigating Windows NT 4.0 for security breaches.
Fernandes said that in Service Pack 5 for NT 4.0, Microsoft apparently forgot to remove symbolic information that details the meaning of a cryptographic key. The findings proved that two keys to the systems exist, he said -- one at Microsoft, and one in the possession of the National Security Agency (NSA).
Until the finding, the existence of the second key -- and the identity of its holder -- was not known because Microsoft had removed any identifying symbols. In Service Pack 5, the identifier 'nsa' is exposed."
[No one seems to be raising an issue about the second, Microsoft key, which apparently offers the same unauthorized access to your system as the NSA key? - LT ed.]