paularoid
05-22-2006, 09:41 PM
Something I knew about way back then,... but I thought that it had been fixed by subsequent patches and updates. I should have known better I guess.
http://benfrank.net/blog/2006/03/01/microsoft_nsa_backdoor/
March 1, 2006
Domestic Spying: NSA has backdoor key to ALL versions of Microsoft Windows
Circa 1999 from Techweb http://www.techweb.com/wire/story/TWB19990903S0014
A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system....
But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were stunned to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. This discovery, by van Someren, was based on advance search methods which test and report on the "entropy" of programming code...
According to Fernandes of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward...
"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a ’back door’ for the NSA -- making it orders of magnitude easier for the U.S. government to access your computer?" he said.
Van Someren said he felt the primary purpose of the NSA key might be for legitimate U.S. government use. But he said there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy," he said on Friday.
www.techweb.com/wire/story/TWB19990903S0014
or Bellaciao http://bellaciao.org/en/article.php3?id_article=9548
.
http://benfrank.net/blog/2006/03/01/microsoft_nsa_backdoor/
March 1, 2006
Domestic Spying: NSA has backdoor key to ALL versions of Microsoft Windows
Circa 1999 from Techweb http://www.techweb.com/wire/story/TWB19990903S0014
A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system....
But according to two witnesses attending the conference, even Microsoft’s top crypto programmers were stunned to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. This discovery, by van Someren, was based on advance search methods which test and report on the "entropy" of programming code...
According to Fernandes of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onward...
"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has installed a ’back door’ for the NSA -- making it orders of magnitude easier for the U.S. government to access your computer?" he said.
Van Someren said he felt the primary purpose of the NSA key might be for legitimate U.S. government use. But he said there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy," he said on Friday.
www.techweb.com/wire/story/TWB19990903S0014
or Bellaciao http://bellaciao.org/en/article.php3?id_article=9548
.