|
|
|
|
| |
| In a shocking article, Cryptonym has released information about Microsoft's CryptoAPI security vulnerability. This vulnerability is very extraordinary, since it allegedly enables the NSA (National Security Agency) full access to any "encrypted" transaction encrypted using Microsoft's CryptoAPI. Furthermore, since this backdoor exists, it is possible to silently replace any CryptoAPI functions without the user's knowledge and without the system alerting (or even knowing) about it. |
| |
Credit:
The original article can be found at: http://www.cryptonym.com/hottopics/msft-nsa.html
Cryptonym's home page can be found at: http://www.cryptonym.com/
Microsoft has denied this completely.
|
| |
Quoted from Cryptonym's published article:
"While investigating the security subsystems of WindowsNT4, Cryptonym's Chief Scientist Andrew Fernandes discovered exactly that - a back door for the NSA in every copy of Win95/98/NT4 and Windows2000. Building on the work of Nicko van Someren (NCipher), and Adi Shamir (the 'S' in 'RSA'), Andrew was investigating Microsoft's "CryptoAPI" architecture for security flaws. Since the CryptoAPI is the fundamental building block of cryptographic security in Windows, any flaw in it would open Windows to electronic attack...
...The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system. For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying. The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US; that they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers..."
|
|
|
|
|
|
|
|
|
|
