‘Windows 2000′ users’ emails, credit card numbers susceptible to hackingNovember 14th, 2007 - 10:37 am ICT by admin
“This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers,” said Dr. Benny Pinkas from the Department of Computer Science at the university.
The researchers have discovered the security loophole in the random number generator of Windows, a program that acts as a critical building block for file and email encryption.
When an internet user types a password or a credit card number while surfing a website, the random number generator changes the information into a secret code so that it can be read by the relevant website only.
The researcher say that they have deciphered how the random number generator works, and this has enabled them to compute previous and future encryption keys used by the computer.
According to them, this information can be used to spy on private communication.
“There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk,” said Dr. Pinkas.
The researchers believe that Windows XP and Vista also use similar random number generators, and may be vulnerable.
They have intimated the Microsoft security response team about their discovery.
They have also suggested that the company publish the code of their random number generators as well as of other elements of the “Windows” security system to enable computer security experts outside Microsoft to evaluate their effectiveness. (ANI)
Tags: advanced planning, also suggested that, benny pinkas, computer security experts, credit card, discovery, email encryption, encryption keys, generator works, intimated, microsoft, no doubt, private communication, random number generator, random number generators, relevant website, secret code, security breaches, security loophole, security response team