Wednesday, January 28, 2009

MS Denies Windows 'Spy Key'

MS Denies Windows 'Spy Key'

Steve Kettmann Email James Glave Email 09.03.99
Microsoft is vehemently denying allegations by a leading cryptographer that its Windows platform contains a backdoor designed to give a US intelligence agency access to personal computers.

Andrew Fernandes, chief scientist for security software company Cryptonym in Mississauga, Ontario, claimed on his Web site Friday that the National Security Agency may have access to the core security of most major Windows operating systems.

"By adding the NSA's key, they have made it easier -- not easy, but easier -- for the NSA to install security components on your computer without your authorization or approval," Fernandes said.

But Microsoft denied that the NSA has anything to do with the key.

"The key is a Microsoft key -- it is not shared with any party including the NSA," said Windows NT security product manager Scott Culp. "We don't leave backdoors in any products."

Culp said the key was added to signify that it had passed NSA encryption standards.

Fernandes also simultaneously released a program on his site that will disable the key.

The key exists in all recent versions of the Windows operating systems, including Windows 95, 98, 2000, and NT.

The issue centers around two keys that ship with all copies of Windows. The keys grant an outside party the access it needs to install security components without user authorization.

The first key is used by Microsoft to sign its own security service modules. Until late Thursday, the identity and holder of the second key had remained a mystery.

In previous versions of Windows, Fernandes said Microsoft had disguised the holder of the second key by removing identifying symbols. But while reverse-engineering Windows NT Service Pack 5, Fernandes discovered that Microsoft left the identifying information intact.

He discovered that the second secret key is labeled "_NSAKEY."


Upon trying to access Fernandes' website, i found the foll msg posted

--------------------------------------------------------

Yes, this is the website of Cryptonym Corporation (of the "NSA Key" fame).

I hope to, sometime in the near future, put a brief explanation the whole story online, so stay tuned...

-------------------------------------------------------

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)