A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren .
But it was only a few weeks ago when a second researcher rediscovered
the access system. With it, he found the evidence linking it to NSA.
Two weeks ago, a US security company came up with conclusive evidence
that the second key belongs to NSA. Like Dr van Someren, Andrew
Fernandez, chief scientist with Cryptonym of Morrisville, North
Carolina, had been probing the presence and significance of the two
keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5.
He found that Microsoft’s developers had failed to remove or “strip”
the debugging symbols used to test this software before they released
it. Inside the code were the labels for the two keys. One was called
“KEY”. The other was called “NSAKEY”.
Fernandes reported his re-discovery of the two CAPI keys, and their
secret meaning, to “Advances in Cryptology, Crypto’99″ conference held
in Santa Barbara. According to those present at the conference, Windows
developers attending the conference did not deny that the “NSA” key was
built into their software. But they refused to talk about what the key
did, or why it had been put there without users’ knowledge.
But according to two witnesses attending the conference, even
Microsoft’s top crypto programmers were astonished to learn that the
version of ADVAPI.DLL shipping with Windows 2000 contains not two, but
three keys. Brian LaMachia, head of CAPI development at Microsoft was
“stunned” to learn of these discoveries, by outsiders. The latest
discovery by Dr van Someren is based on advanced search methods which
test and report on the “entropy” of programming code.
Within the Microsoft organisation, access
to Windows source code is said to be highly compartmentalized, making
it easy for modifications to be inserted without the knowledge of even
the respective product managers.
source: Washington's Blog
It turns out that Bradley Manning, in making government correspondence available for us to read, was just turning the tables on the US government, which The Guardian and the Washington Post have revealed has this back door called PRISM into all our internet communications (emails, over-the-internet phone calls, browser search history, etc.) with 9 major companies, including
Microsoft, Google and Yahoo! The program is detailed in a Powerpoint slide presentation for initiating new NSA employees into its workings.
The sordid police states that have a paltry few tens of thousands of
domestic spies monitoring the activities of ordinary citizens turn out to
be minor players in this game compared to the home of the brave and the
land of the free.
Microsoft, Google and Yahoo! The program is detailed in a Powerpoint slide presentation for initiating new NSA employees into its workings.
The sordid police states that have a paltry few tens of thousands of
domestic spies monitoring the activities of ordinary citizens turn out to
be minor players in this game compared to the home of the brave and the
land of the free.
i'm also pretty sure i read somewhere a few years ago that the US government demanded and got that unbreakable encryption soft-ware programmes have a "back-door" entrance to them also, to provide the police and security agencies with access when required, otherwise their sale was going to be forbidden in the US.
ReplyDelete