ad info
   personal technology

 Headline News brief
 news quiz
 daily almanac

 video archive
 multimedia showcase
 more services

Subscribe to one of our news e-mail lists.
Enter your address:
Get a free e-mail account

 message boards

CNN Websites
 En Español
 Em Português


Networks image
 more networks

 ad info



Crypto expert: Microsoft products leave door open to NSA

Windows NSA graphic

   Message Boards:
   Online privacy

   Sign up for the Computer Connection e-mail service

   For more computing stories


September 3, 1999
Web posted at: 2:06 p.m. EDT (1806 GMT)

(CNN) -- A cryptography expert says that Microsoft operating systems include a back door that allows the National Security Agency to enter systems using one of the operating system versions.

The chief scientist at an Internet security company reported the flaw at a recent conference in Santa Barbara where he discussed a "key" entrance into the cryptographic standard used in Microsoft Windows products. That includes Windows 95, Windows 98, Windows NT4 and Windows2000.

"It turns out that there are really two keys used by Windows; the first belongs to Microsoft, and it allows them to securely load (the cryptography services)," said Andrew Fernandes in a press release. Fernandes works for Cryptonym, a company based in Ontario.

The press release states "the second belongs to the NSA. That means that the NSA can also securely load (the services) on your machine, and without your authorization."

The discovery "highly suggests" that the NSA has a key it could use to enter encrypted items on anybody's Windows operating system, said Ian Goldberg, chief scientist at Zero-Knowledge Systems. Goldberg was among a few dozen people in the audience at the conference when Fernandes dropped his bomb.

The session occurred just before midnight so no one saw it coming, he said, but the audience was shocked.

"If you're trying to keep messages private, it's possible that they are not as private as you thought they were," Goldberg said.

Zero-Knowledge Systems is about to release a security product built specially to make such security flaws impossible, he said.

Microsoft was not immediately available for comment.

It is unclear why or if Microsoft cooperated with the NSA on the key to its "CryptoAPI," the standard interface to its cryptography services, Goldberg said.

More details to follow.

Federal agency recruits hacker teens
August 26, 1999
Clinton orders study on policing the Internet
August 6, 1999
Efforts made to prevent privacy abuses against U.S. citizens
June 7, 1999
Internet industry group to focus on 'consumer protection'
June 28, 1999

The National Security Agency
Zero-Knowledge Systems
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.