____/ Robin T Cox on Wednesday 02 April 2008 11:19 : \____
> NSA Had Access Built into Microsoft Windows
>
> <quote>
> A CARELESS mistake by Microsoft programmers has revealed that special
> access codes prepared by the US National Security Agency have been
> secretly built into Windows. The NSA access system is built into every
> version of the Windows operating system now in use, except early releases
> of Windows 95 (and its predecessors).
> </quote>
> http://www.nationalexpositor.com/News/1128.html
>
> <quote>
> "For non-American IT managers relying on Windows NT to operate highly
> secure data centres, this find is worrying", he added. "The US government
> is currently making it as difficult as possible for "strong" crypto to be
> used outside of the US. That they have also installed a cryptographic
> back-door in the world's most abundant operating system should send a
> strong message to foreign IT managers".
>
> "How is an IT manager to feel when they learn that in every copy of
> Windows sold, Microsoft has a 'back door' for NSA - making it orders of
> magnitude easier for the US government to access your computer?" he
> asked.
> </quote>
You're verging the forbidden territories. This is a tabooed area. If you speak
about it, some anonymous prick will attack. It's the same with the Gates
Fundation [sic], based on what people from various forums say, including
Slashdot.
[I'm reusing a recent post below]
Some Linux distributions are affected similarly. They are said to have back
doors in *standard protocols* [1,2,3,4] and these are hard to get by
unless you are a security professional (I'm not). What about hardware-based
hacks [5] (in which case "Intel" might be just an abbreviation)? Remember that
they just need to sniff packets and then decrypt successfully in order to gain
remote access.
Those whose role is to deny these things will of course attack the messenger,
but I haven't seen Bruce S getting attacked just yet.
___
[1] Did NSA Put a Secret Backdoor in New Encryption Standard?
,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency.
`----
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
[2] NSA Backdoors in Crypto AG Ciphering Machines
,----[ Quote ]
| We don't know the truth here, but the article lays out the evidence pretty
| well.
|
| See this essay of mine on how the NSA might have been able to read Iranian
| encrypted traffic.
`----
http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
[3] Dual_EC_DRBG Added to Windows Vista
,----[ Quote ]
| Microsoft has added the random-number generator Dual_EC-DRBG to Windows
| Vista, as part of SP1. Yes, this is the same RNG that could have an NSA
| backdoor.
|
| It's not enabled by default, and my advice is to never enable it. Ever.
`----
http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
[4] Duh! Windows Encryption Hacked Via Random Number Generator
,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas.
|
| Editors Note: I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux.
`----
http://www.linuxelectrons.com/news/general/14365/duh-windows-encryption-hacked-via-random-number-generator
[5] Chip Design Flaw Could Subvert Encryption
,----[ Quote ]
| Shamir said that if an intelligence organization discovered such a flaw,
| security software on a computer with a compromised chip could be "trivially
| broken with a single chosen message." The attacker would send a "poisoned"
| encrypted message to a protected computer, he wrote. It would then be
| possible to compute the value of the secret key used by the targeted system.
|
| Trouble with Design Secrets
|
| "Millions of PCs can be attacked simultaneously, without having to manipulate
| the operating environment of each one of them individually," Shamir wrote.
`----
http://www.crm-daily.com/story.xhtml?story_id=11200BH5USIO
--
~~ Best of wishes
The Intel-Dell-MS oligopoly/treo can be weakened by competition (Freedom)
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
http://iuron.com - proposing a non-profit search engine
|
|
