Paranoia about a Windows security hole is blinding people to the real danger, according to a local security expert
New Zealand cryptography expert Peter Gutmann says the debate, about a 'backdoor' labelled '_NSAKEY' misses the point.
"Even if _NSAKEY wasn't meant as a (US) National Security Agency backdoor as a way of replacing the crypto with crippled crypto, it can still be abused by anyone with a bit of skill," says Gutmann.
He says intruders could replace the _NSAKEY with one of their own or use ActiveX to "run their code on your machine".
"If you're protecting high-value data, financial information, details of confidential business processes/trade secrets, sensitive government data, I'd be concerned."
Andre Fernandes, chief scientist at Cryptonym — a Canadian cryptography developer — claims the backdoor exists in Windows 9x, Windows NT, and Windows 2000 and gives the NSA access to computers running these systems. Fernandes said he discovered the weakness that exploits Microsoft's encryption architecture while investigating Windows NT 4.0 for security breaches.
Fernandes said that in Service Pack 5 for NT 4.0, Microsoft apparently forgot to remove symbolic information that details the meaning of a cryptographic key. The findings proved that two keys to the systems exist, he said — one at Microsoft, and one in the possession of the NSA, identified as _NSAKEY.
Until the finding, the identity of the second key's holder was not known because Microsoft had removed any identifying symbols. In Service Pack 5, the identifier "NSA" is exposed.
"That means that the NSA can also securely load CryptoAPI [application programming interface] services on your machine, and without your authorisation," Fernandes said in a statement posted on the company's Web site. "The result is that it is tremendously easier for the NSA to load unauthorised security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system."
Microsoft , however, hotly denies the key gives the NSA access to computers.
"The key in question is a Microsoft key, it's not held or shared with any party, including the NSA," said Jim Cullinan, a Microsoft spokesman in the US.
Gutmann says the problem is that most Microsoft software uses CryptoAPI for security. "If you can compromise that you've [indirectly] compromised everything which uses it."
Gutmann says the best defence is to change the _NSAKEY in your own system. Changes made to the first key, the _KEY, mean Windows operating systems cannot verify their own security subsystem and so fail. Changes can be made to the _NSAKEY, however, since Windows "quietly falls back" to the _NSAKEY.
"If you have the _NSAKEY signing key, load a doctored crypto module signed with it. If you don't have the _NSAKEY signing key, replace it with your own one and load a doctored crypto module signed with it," says Gutmann.
The Cryptonym Web site includes a small sample program that enables IT managers to replace the _NSAKEY with a test key. It can be found at www.cryptonym.com.