Crypto expert: Microsoft products leave door open to NSA

           

                  (CNN) -- A cryptography expert says that Microsoft operating systems include 
                  a back door that allows the National Security Agency to enter  systems using 
                  one of the operating system versions. 

                  The chief scientist at an Internet security company reported the flaw
                  at a recent conference in Santa Barbara where he discussed a "key"
                  entrance into the cryptographic standard used in Microsoft Windows  
                  products. That includes Windows 95,  Windows 98, Windows NT4 and  
                  Windows2000. 

                  "It turns out that there are really two keys used by Windows; the first belongs
                  to Microsoft, and it allows them to securely load (the cryptography services),"
                  said Andrew Fernandes in a press release. Fernandes works for Cryptonym, a
                  company based in Ontario. 

                  The press release states "the second belongs to the NSA. That means that the
                  NSA can also securely load (the services) on your machine, and without your
                  authorization." 

                  The discovery "highly suggests" that the NSA has a key it could use to enter
                  encrypted items on anybody's Windows operating system, said Ian Goldberg,
                  chief scientist at Zero-Knowledge Systems. Goldberg was among a few dozen
                  people in the audience at the conference when Fernandes dropped his bomb. 

                  The session occurred just before midnight so no one saw it coming, he said,
                  but the audience was shocked. 

                  "If you're trying to keep messages private, it's possible that they are not as
                  private as you thought they were," Goldberg said. 

                  Zero-Knowledge Systems is about to release a security product built specially
                  to make such security flaws impossible, he said. 

                  Microsoft was not immediately available for comment. 

                  It is unclear why or if Microsoft cooperated with the NSA on the key to its
                  "CryptoAPI," the standard interface to its cryptography services, Goldberg
                  said. 

BACK