ad info




CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:

Computing

Crypto expert: Microsoft products leave door open to NSA

Windows NSA graphic

 ALSO
   Message Boards:
   Online privacy
   Microsoft

   Sign up for the Computer Connection e-mail service

   For more computing stories

  

September 3, 1999
Web posted at: 2:06 p.m. EDT (1806 GMT)

(CNN) -- A cryptography expert says that Microsoft operating systems include a back door that allows the National Security Agency to enter systems using one of the operating system versions.

The chief scientist at an Internet security company reported the flaw at a recent conference in Santa Barbara where he discussed a "key" entrance into the cryptographic standard used in Microsoft Windows products. That includes Windows 95, Windows 98, Windows NT4 and Windows2000.

"It turns out that there are really two keys used by Windows; the first belongs to Microsoft, and it allows them to securely load (the cryptography services)," said Andrew Fernandes in a press release. Fernandes works for Cryptonym, a company based in Ontario.

The press release states "the second belongs to the NSA. That means that the NSA can also securely load (the services) on your machine, and without your authorization."

The discovery "highly suggests" that the NSA has a key it could use to enter encrypted items on anybody's Windows operating system, said Ian Goldberg, chief scientist at Zero-Knowledge Systems. Goldberg was among a few dozen people in the audience at the conference when Fernandes dropped his bomb.

The session occurred just before midnight so no one saw it coming, he said, but the audience was shocked.

"If you're trying to keep messages private, it's possible that they are not as private as you thought they were," Goldberg said.

Zero-Knowledge Systems is about to release a security product built specially to make such security flaws impossible, he said.

Microsoft was not immediately available for comment.

It is unclear why or if Microsoft cooperated with the NSA on the key to its "CryptoAPI," the standard interface to its cryptography services, Goldberg said.

More details to follow.


RELATED STORIES:
Federal agency recruits hacker teens
August 26, 1999
Clinton orders study on policing the Internet
August 6, 1999
Efforts made to prevent privacy abuses against U.S. citizens
June 7, 1999
Internet industry group to focus on 'consumer protection'
June 28, 1999

RELATED SITES:
The National Security Agency
Windows
Zero-Knowledge Systems
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.