-->

Another Borg Sighting

Resistance is futile

While the NSA is in the news these days, another NSA sighting crops up. It seems that all versions of Windows since a late version of W95 have a ‘back door’ in the security suite that allows the NSA to do pretty much what they want with the computer. And the latest version of W2000 has additional deliberate doors for people with the right keys. canadadrugcenter.com

From this article at Heise Online Technology Review, this information was reported at the Advances in Cryptology, Crypto’99 conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the NSA key was built into their software. Even Microsoft’s top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys.

Potentially on the bonus side for some people, the NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or third parties unapproved by Microsoft or the NSA. A demonstration how to do it program is available. Might be worth changing the key anyway, even if you don’t use it.

An interesting Microsoft quote on a tangentially related topic applies here as well. Microsoft “works closely with law enforcement officials worldwide to assist them when requested.” And: “It is our policy to respond to legal requests in a very responsive and timely manner in full compliance with applicable law”

Remember, if it’s not against the law, Microsoft’s policy is to do whatever the local officials ask, regardless if it is legally required or if it is right. Including hacking their own OS to let the NSA take over your computer.

Trackback

Leave a Comment

Your first comment is human moderated to reduce spam. It can take us a while (hours) to do that. Subsequent comments will appear much faster. We greatly sympathize with any frustration this causes, but given the amount of spam we have to deal with already we're not likely to change things soon.

You must be logged in to post a comment.