Another MSFT Security Breach:
news.com
Expert says Windows has a security breach
By Joe Wilcox
Staff Writer, CNET News.com
September 3, 1999, 10:05 a.m. PT
update A security expert at a private company in North Carolina today has allegedly revealed a weakness in Microsoft Windows that would allow hackers to seize control of the operating system, a computer network, or corporate data center.
The weakness exploits a little-known back door to Windows, involving how it authenticates software programs, such as software drivers, the security expert said.
The alleged flaw was discovered by Andrew Fernandes, chief scientist with Cryptonym, a Canadian software/consulting firm with offices in North Carolina. A copy of the program is posted at this Cryptonym Web site.
Although the effects or the purpose of the alleged back door are far from clear, Cryptonym said that it is possibly there for the use of the National Security Agency, Fernandes said. He has demonstrated how a hacker could use it to quietly crack open Windows security for other purposes.
The back door would also let the NSA silently use any copy of Windows to spy on corporate networks, Fernandes speculated. The weakness affects Windows 95, 98, NT, and 2000, the expert said. Neither Microsoft nor the NSA was immediately available for comment.
Michael |
