|
(CNN) -- A cryptography expert says that Microsoft operating systems include
a back door that allows the National Security Agency to enter systems
using
one of the operating system versions.
The chief scientist at an Internet security company reported the flaw
at a recent conference in Santa Barbara where he discussed a "key"
entrance into the cryptographic standard used in Microsoft Windows
products. That includes Windows 95, Windows 98, Windows NT4 and
Windows2000.
"It turns out that there are really two keys used by Windows; the first
belongs
to Microsoft, and it allows them to securely load (the cryptography services),"
said Andrew Fernandes in a press release. Fernandes works for Cryptonym,
a
company based in Ontario.
The press release states "the second belongs to the NSA. That means that
the
NSA can also securely load (the services) on your machine, and without
your
authorization."
The discovery "highly suggests" that the NSA has a key it could use to
enter
encrypted items on anybody's Windows operating system, said Ian Goldberg,
chief scientist at Zero-Knowledge Systems. Goldberg was among a few dozen
people in the audience at the conference when Fernandes dropped his bomb.
The session occurred just before midnight so no one saw it coming, he said,
but the audience was shocked.
"If you're trying to keep messages private, it's possible that they are
not as
private as you thought they were," Goldberg said.
Zero-Knowledge Systems is about to release a security product built specially
to make such security flaws impossible, he said.
Microsoft was not immediately available for comment.
It is unclear why or if Microsoft cooperated with the NSA on the key to
its
"CryptoAPI," the standard interface to its cryptography services, Goldberg
said. |
