Here is an exceptionally interesting article (via slashdot) on a security hole that was discovered by a team from the University of Haifa. The hole deals with a loophole specifically in the Windows 2000 operating systems random number generator.
From Eurekalert:
A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft’s “Windows 2000″ operating system. The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using “Windows 2000″ is susceptible to tracking. “This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers,” remarked Dr. Pinkas.
Various security vulnerabilities in different computer operating systems have been discovered over the years. Previous security breaches have enabled hackers to follow correspondence from a computer from the time of the breach onwards. This newly discovered loophole, exposed by a team of researchers which included, along with Dr. Pinkas, Hebrew University graduate students Zvi Gutterman and Leo Dorrendorf, enables hackers to access information that was sent from the computer prior to the security breach and even information that is no longer stored on the computer.
The researchers found the security loophole in the random number generator of Windows. This is a program which is, among other things, a critical building block for file and email encryption, and for the SSL encryption protocol which is used by all Internet browsers.
Read on.
Tags: Windows 2000 Security, Windows Security, Windows Random Number Generator
