Microsoft and spying?
By R.Ramasubramoni | 09 Sep 1999
A US security software company, Cryptonym, in North Carolina claims to have detected a major flaw in Microsoft's Windows operating systems software.
Cryptonym says that Microsoft's version of Windows operating systems may be carrying 'bugs' from the US National Security Agency, which can gain access to the core security system.
Andrew Fernandes, chief scientist for the company, on his website said that there is a NSA key in the code of the software, which makes it easy for NSA to install security components on computers without the users' knowledge.
The key exists in all recent versions of Microsoft's Windows operating systems, including Windows 95, 98, 2000, and Windows NT.
The issue is basically about two keys that exist on all copies of Windows, which allow an intruder to install security components without the user's authorisation.
The first key is used by Microsoft to sign its own security service modules. But the identity of the holder of the second key is yet to be revealed.
Microsoft represented by Windows NT security product manager Scott Culp, while denying allegations said the NSA key for the software is granted on obtaining NSA's encryption standards.
Mr. Fernandes has, meanwhile, released a program on his site that will disable the key. He said that Microsoft which had disguised the holder of the second key by removing the identification information from all software, had left it intact while reverse-engineering its Windows NT Service Pack 5.
He discovered that the second secret key labelled "_NSAKEY." - was a pointer to the agency.
NSA has not immediately responded to a request for comment on the issue via fax, which is the only way the agency communicates with media for inquiries.
NSA listens to communications of other countries and operates Echelon, a global eavesdropping network which reportedly intercepts electronic communications anywhere in the world. It is, however, restrained from doing so on its own citizens.
The trouble for Microsoft comes in the wake of another security problem related to its free e-mail service, Hotmail. A group called Hackers Unite, exposed a gaping hole in Hotmail's security system. Earlier, experts had uncovered a major flaw in the way Microsoft implemented the Java computer language.
Clearly, a torrid time for Microsoft !!
Cryptonym says that Microsoft's version of Windows operating systems may be carrying 'bugs' from the US National Security Agency, which can gain access to the core security system.
Andrew Fernandes, chief scientist for the company, on his website said that there is a NSA key in the code of the software, which makes it easy for NSA to install security components on computers without the users' knowledge.
The key exists in all recent versions of Microsoft's Windows operating systems, including Windows 95, 98, 2000, and Windows NT.
The issue is basically about two keys that exist on all copies of Windows, which allow an intruder to install security components without the user's authorisation.
The first key is used by Microsoft to sign its own security service modules. But the identity of the holder of the second key is yet to be revealed.
Microsoft represented by Windows NT security product manager Scott Culp, while denying allegations said the NSA key for the software is granted on obtaining NSA's encryption standards.
Mr. Fernandes has, meanwhile, released a program on his site that will disable the key. He said that Microsoft which had disguised the holder of the second key by removing the identification information from all software, had left it intact while reverse-engineering its Windows NT Service Pack 5.
He discovered that the second secret key labelled "_NSAKEY." - was a pointer to the agency.
NSA has not immediately responded to a request for comment on the issue via fax, which is the only way the agency communicates with media for inquiries.
NSA listens to communications of other countries and operates Echelon, a global eavesdropping network which reportedly intercepts electronic communications anywhere in the world. It is, however, restrained from doing so on its own citizens.
The trouble for Microsoft comes in the wake of another security problem related to its free e-mail service, Hotmail. A group called Hackers Unite, exposed a gaping hole in Hotmail's security system. Earlier, experts had uncovered a major flaw in the way Microsoft implemented the Java computer language.
Clearly, a torrid time for Microsoft !!