Researchers warn of serious Windows flaw

Powered by SC Magazine

A group of Israeli researchers claims to have discovered a serious vulnerability in Microsoft's Windows 2000 operating system..

The flaw allows for the tracking of all text typed into a Windows 2000 computer, including emails, passwords and credit card numbers, according to a team led by Dr Benny Pinkas from the Department of Computer Science at the University of Haifa.

"This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers," warned Dr Pinkas.

The flaw could enable hackers to access information sent from the computer prior to the security breach, and even information that is no longer stored on the computer.

The researchers found the flaw in the random number generator in Windows. This program plays a critical role in file and email encryption, and the SSL encryption protocol which is used by all internet browsers.

For example, any correspondence with a bank or any other website that requires typing in a password or a credit card number, will invoke the random number generator to create a random encryption key.

This key is used to encrypt the communication so that only the relevant website can read the correspondence.

The research team found a way to decipher how the random number generator works and thereby compute previous and future encryption keys used by the computer, and eavesdrop on private communication.

"There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning," said Dr Pinkas.

"I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk."

The researchers said that they have already notified Microsoft's security response team about their discovery.

Although the researchers only checked Windows 2000, which is currently the third most popular operating system in use, they assume that newer versions of Windows, such as XP and Vista, use similar random number generators and may also be vulnerable.

Their conclusion is that Microsoft needs to improve the way it encodes information.

Copyright ©

Researchers warn of serious Windows flaw
Top Stories
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
Amazon forced to reboot EC2 to patch Xen bug
Rolling restarts over next week.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats