Actually, that much-discussed "backdoor" is not as huge as the
alarmists make out:
http://www.counterpane.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryp
toAPI
As he points out, for the NSA key to install a key (which can be used
to sign modules for use by cryptoAPI) and actually call it "NSAKEY"
would be Hollywood-Spy-Movie stupid. It was all over the press, and
there was much noise about it, but at the bottom of it all was this
simple truth:
IF the NSA wanted to sign customized modules for use by themselves, it
would make sense to have MS install there own signing key. However,
this isn't a backdoor into your system. Somebody would still have to
install the module on your machine for the NSAKEY to sign it. And if
they were trying to undermine MS security, they could simply tell MS
they needed the Microsoft key which is also installed by default.
> -----Original Message-----
> From: Larry Paul [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 29, 2000 10:52 AM
> To: [EMAIL PROTECTED]
> Cc: firewalls_list
> Subject: RE: Emily's response to the rumors
>
>
> Actually there IS sort of a hole in MS Products (NT) concerning an
NSA
> crypto key placed there BY Microsoft FOR the NSA.(documented)
> I believe Ben
> N. or Bernd E. has more info on that. Or is anyone else
> familiar with that?
>
> *-----Original Message-----
> *From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> *Sent: Tuesday, November 28, 2000 5:23 PM
> *To: [EMAIL PROTECTED]
> *Subject: Re: Emily's response to the rumors
> *
> *
> *In a message dated 11/28/2000 6:09:23 PM Eastern Standard Time,
> *[EMAIL PROTECTED] writes:
> *
> *<< Emily G. Cohen wrote:
> * >| Check Point Software Technologies Ltd. would like to assure its
> * >| customers, security experts, and others that there is
> no, and never
> * >| has been, an "agreement" or relationship between Check
> Point Software
> * >| and the Mossad, or any other branch of the Israeli government
or
> * military,
> * >| to create a "back door" into Check Point products. >>
> *
> *
> *
> *That was an excellent response I will file this one and keep it
> *thanks for
> *accurate
> *and authoritive information.
> *
> *Now has any one heard about the hole in Microsoft products,
> that you pour
> *money into.
> *Its gotta be accurate I heard if rom this guy down the
> street who new a
> *friend of his cousin that worked with a secret agent that
> discovered it .
> *
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
