Novell (NOVL) dirt cheap, good buy? Message Board

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy?

Public Reply Prvt Reply Mark as Last Read File

Previous 10 Next 10 Previous Next

To: Frederick Smart who wrote (28041)	9/9/1999 12:12:00 PM
From: ToySoldier	of 42771

Some other reports and opinions on this issue.... zdnet.com cryptonym.com Read the forum comments on the www.securityfocus.com site under "FORUMS" --> "BUTRAQ" --> "ARCHIVE" and in the Sep 3rd date range. Here is one of the comments/posts... To: BugTraq Subject: Re: NSA key in MSFT Crypto API Date: Fri Sep 03 1999 02:15:08 Author: Tim Dierks Message-ID: <001801bef66a$8c125310$8706010a@haruspex.certicom.com> It's not clear to me why being able to sign CSP modules is a risky thing anyway; all it means is that Windows will load and execute your crypto. The mechanism is designed to keep overseas end users from being able to build and install strong crypto libraries. If the NSA has a key, all they can do is vouch for their libraries as export-qualified and thus enable their use. It's not a secret backdoor or anything, and modules need to be on the machine before their signatures are checked. If I can get you to execute code on our Windows machine, I can penetrate your security, period. These authorizing signatures have nothing to do with it. Even if the key belongs to the NSA, I suspect that the NSA just wanted to be able to load classified Crypto Service Providers into Windows and didn't want to have to send said classified software to Microsoft for approval, so they got the key installed so they could approve software in house. - Tim Tim Dierks VP of Engineering, Certicom tdierks@certicom.com 510.780.5409 [Hayward] -- 905.501.3791 [Mississauga] and another comment/posting on this forum... To: BugTraq Subject: Re: NSA key in MSFT Crypto API Date: Thu Sep 02 1999 22:32:19 Author: John Gilmore Message-ID: <199909032032.NAA10419@toad.com> > >http://www.cryptonym.com/hottopics/msft-nsa.html > > Perhaps more interestingly, the program lets you replace the key, too. Microsoft prevents third parties from installing un-authorized crypto code under CAPI by checking the signature on the code. Under their export deal, they refuse to sign anyone's non-US code that does strong crypto. So if you want to add your own strong crypto, you need to sign it with a key that the CAPI recognizes. You could patch out Microsoft's key but then the Microsoft modules won't load properly. It works better to patch out NSA's key with your own -- then you can load both your own crypto code and all the standard MS stuff. John Sounds like more of an opportunity to hack Windows against the Government than a Government spying operation. Not being a security guru myself I would have to say the jury is out as to the real initial intent and the net results of this NSAKEY being revealed. Toy

Report TOU Violation

Share This Post

Public Reply Prvt Reply Mark as Last Read File

Previous 10 Next 10 Previous Next