Featured Research

from universities, journals, and other organizations

Security Loophole Found In Windows Operating System

Date:
November 12, 2007
Source:
University of Haifa
Summary:
Computer scientists have found a security vulnerability in Microsoft's Windows 2000 operating system. The significance of the loophole: e-mails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using Windows 2000 is susceptible to tracking.

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system. The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using "Windows 2000" is susceptible to tracking. "This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers," remarked Dr. Pinkas.

Various security vulnerabilities in different computer operating systems have been discovered over the years. Previous security breaches have enabled hackers to follow correspondence from a computer from the time of the breach onwards. This newly discovered loophole, exposed by a team of researchers which included, along with Dr. Pinkas, Hebrew University graduate students Zvi Gutterman and Leo Dorrendorf, enables hackers to access information that was sent from the computer prior to the security breach and even information that is no longer stored on the computer.

The researchers found the security loophole in the random number generator of Windows. This is a program which is, among other things, a critical building block for file and email encryption, and for the SSL encryption protocol which is used by all Internet browsers.

For example: in correspondence with a bank or any other website that requires typing in a password, or a credit card number, the random number generator creates a random encryption key, which is used to encrypt the communication so that only the relevant website can read the correspondence. The research team found a way to decipher how the random number generator works and thereby compute previous and future encryption keys used by the computer, and eavesdrop on private communication.

"There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk," explained Dr. Pinkas.

According to the researchers, who have already notified the Microsoft security response team about their discovery, although they only checked "Windows 2000" (which is currently the third most popular operating system in use) they assume that newer versions of "Windows", XP and Vista, use similar random number generators and may also be vulnerable.

Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the "Windows" security system to enable computer security experts outside Microsoft to evaluate their effectiveness.

The results of the research are described in a scientific paper entitled "Cryptanalysis of the Windows Random Number Generator", which was presented at the ACM Conference on Computer and Communications Security which took place in Alexandria, Virginia on October 29 - November 2, 2007.


Story Source:

The above story is based on materials provided by University of Haifa. Note: Materials may be edited for content and length.


Cite This Page:

University of Haifa. "Security Loophole Found In Windows Operating System." ScienceDaily. ScienceDaily, 12 November 2007. <www.sciencedaily.com/releases/2007/11/071112091850.htm>.
University of Haifa. (2007, November 12). Security Loophole Found In Windows Operating System. ScienceDaily. Retrieved April 23, 2014 from www.sciencedaily.com/releases/2007/11/071112091850.htm
University of Haifa. "Security Loophole Found In Windows Operating System." ScienceDaily. www.sciencedaily.com/releases/2007/11/071112091850.htm (accessed April 23, 2014).

Share This



More Computers & Math News

Wednesday, April 23, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

High Court to Hear Dispute of TV Over Internet

High Court to Hear Dispute of TV Over Internet

AP (Apr. 22, 2014) The future of Aereo, an online service that provides over-the-air TV channels, hinges on a battle with broadcasters that goes before the U.S. Supreme Court on Tuesday. (April 22) Video provided by AP
Powered by NewsLook.com
Aereo Takes on Broadcast TV Titans in Supreme Court Today

Aereo Takes on Broadcast TV Titans in Supreme Court Today

TheStreet (Apr. 22, 2014) Aereo heads to the Supreme Court today to fight for its right to stream broadcast TV over the Internet -- against broadcasters who say the start-up infringes upon copyright law. TheStreet Deputy Managing Editor Leon Lazaroff explains the importance of the case in the TV industry and details what the outcome of it could mean for broadcasters and for cloud storage services -- as Aereo allows its subscribers to not just watch live TV shows but also store content to a DVR in the cloud. Video provided by TheStreet
Powered by NewsLook.com
Lytro Introduces 'Illum,' A Professional Light-Field Camera

Lytro Introduces 'Illum,' A Professional Light-Field Camera

Newsy (Apr. 22, 2014) The light-field photography engineers at Lytro unveiled their next innovation: a professional DSLR-like camera called "Illum." Video provided by Newsy
Powered by NewsLook.com
Netflix To Raise Prices For New Subscribers

Netflix To Raise Prices For New Subscribers

Newsy (Apr. 21, 2014) Netflix executives say they don't think a $1 or $2 price hike will hurt the service, and they have their sites set on overtaking HBO. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

    Health News

    Environment News

    Technology News



      Save/Print:
      Share:

      Free Subscriptions


      Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

      Get Social & Mobile


      Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

      Have Feedback?


      Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
      Mobile: iPhone Android Web
      Follow: Facebook Twitter Google+
      Subscribe: RSS Feeds Email Newsletters
      Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins