German hackers: companies must confess "backdoors"

A prominent German hacker group has weighed in on the reported security hole in Microsoft's software security system, demanding that legislators require companies to reveal to users any 'backdoors' in its software which allows third parties access to data.

A prominent German hacker group has weighed in on the reported security hole in Microsoft's software security system, demanding that legislators require companies to reveal to users any "backdoors" in its software which allows third parties access to data.

The Chaos Computer Club (CCC) also called for a European open-source software initiative which would work to make sure such backdoors are not created.

"Users should no longer be deceived with apparent security functions," the group said in the statement.

The move follows the controversy over whether there is a "backdoor" into Microsoft's cryptography system, which Cryptonym of Canada alleged allowed the US National Security Agency (NSA) access to Windows programs.

Based on Cryptonym's allegations, the CCC said that users cannot rely on the security of Microsoft's software products, even when the software has been found secure through public tests and documentation, because these can be replaced through manipulated versions owned by the NSA.

"The economic and social damage done by such programs in American software products can hardly be estimated," said CCC spokesman Andy Müller-Maguhn in a statement. He also criticised the German government for rejecting the holding of encryption keys by third parties on the one hand, while still itself using Windows-based software even in the most sensitive areas of the government.

Microsoft's cryptography system allows external programmers or companies to offer encryption functions for Windows applications. Microsoft can then check the authenticity of these cryptography software programs with its own public key.

Cryptonym maintains, however, that a second key exists which it believes to be held by the NSA.

Microsoft has called the charges "completely false," though the company did confirm the existence of a second, back-up Microsoft key.

"The key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party," said Microsoft in a statement issued late last Friday.

CCC, in Berlin, can be reached at http://www.ccc.de/. Cryptonym can be reached at http://www.cryptonym.com. Microsoft is at http://www.microsoft.com/.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]