Wired: Critics Blast MS Security

May 17, 2000, 00:00 (0 Talkback[s])
(Other stories by Declan McCullagh)

"If you're a Windows 2000 user, be warned: Your security software may not work the way you think it does."

"Microsoft intentionally designed Windows 2000 so that export versions can use a notoriously weak encryption method to scramble information sent over the Internet and intranets, leaving sensitive data exposed to hackers and eavesdroppers...."

"A Microsoft manager on Monday defended why Windows 2000 computers in some circumstances switch from the highly secure triple-DES algorithm to the notoriously weak single-DES variant. Triple-DES is up to 70,000 trillion times stronger."

"Ron Cully, lead program manager for Windows networking, said that companies might have thousands of machines and some might not have triple-DES installed. Because of U.S. export and other import restrictions, Microsoft ships triple-DES in a separate "high encryption pack."

Complete Story

Related Stories:

• SRO: And The Loser Is ... [Bugtraq Record on MS Security](May 17, 2000)
• BBC News: Microsoft locks out [some] viruses(May 16, 2000)
• SJ Mercury/AP: Microsoft alters Outlook e-mail to block viruses -- and good programs(May 16, 2000)
• SRO: Who Deserves The ILOVEYOU Blame? Microsoft or you?(May 16, 2000)
• ZDNet News: Microsoft in the hot seat in new Net flap(May 12, 2000)
• Seattle Times: Bug loved Microsoft: Virus attack shows vulnerability of software 'monoculture'...(May 12, 2000)
• 32BitsOnline: ILOVEYOU too, Microsoft. . .(May 12, 2000)
• LinuxPlanet: The Real Lessons of ILOVEYOU(May 10, 2000)
• LinuxPlanet: Rant Mode Equals One: Just Say No, Bill!(May 09, 2000)
• VNU Net: Microsoft lambasted over Love Bug(May 06, 2000)
• LinuxPlanet: There but for the Grace of Bill....(May 06, 2000)
• SRO: ILOVEYOU Microsoft(May 05, 2000)