The meaning: emails, passwords, the credit card number if typed and, in fact, all the correspondence that goes out from the computer running under "Windows 2000" can be tracked * Update - the problem also exists in Windows XP, Microsoft has acknowledged its existence and will fix it in six months
A team of researchers led by Dr. Benny Pankas from the Department of Computer Science at the University of Haifa uncovered a loophole in the security of Microsoft's "Windows 2000" operating system.
Meaning: e-mails, passwords, the credit card number if typed and, in fact, all the correspondence that comes out of the computer running under "Windows 2000" can be tracked. "This is not just a theoretical discovery. Whoever manages to find the loophole we found will be able to perform these operations on other people's computers", explained Dr. Pankas.
Today, various loopholes in computer operating systems are known, with the most recent prominent example being the "Trojan horse affair". In all the known cases so far, the hackers were able to track correspondence that left the computer from the moment of the hack and after it. The current breach discovered by the team of researchers, which included, in addition to Dr. Pankas, research students Zvi Guterman and Leo Dorndorff from the Hebrew University, allows the hacker to also track information that left the computer even before the hack - and in fact, to track information that no longer exists on the computer.
The researchers found the loophole itself in the random number generator of the operating system. This is software whose function, among other things, is to generate keys that will encrypt files on the computer and will also be used to encrypt the correspondence that comes out of the computer. Only those who have the "key" to this cipher will be able to understand the meaning. For example: in correspondence with the bank or with any other website that requires typing in passwords or that asks for your credit card number, the random number generator provides an encrypted code that only the relevant website can understand. The researchers found a method to decipher the operation of the random number generator and thus decipher the cipher.
The good news is that in order to "attack" in this way, you need to perform a series of difficult actions: first, you need extensive knowledge of computers to succeed in deciphering the code. Second, the hacker must take control of the computer he wishes to "attack" - physically, by installing software on it or in other ways via the Internet. Third, in order to track correspondence that has already left the computer and know how to decipher, for example, the credit card number you typed two days ago when you purchased a book in an online store, it is necessary to "listen" to your computer for several days, which also requires difficult hacking skills.
The worrying news: all these actions are possible and for good "hackers", these are not too high obstacles. "There is no doubt that in order to attack a computer in the way we discovered, advance planning is necessary and although it is possible to think of such possibilities, it is likely that these actions will not be taken against the individual user. On the other hand, thefts and hacking through 'normal' means also require planning and I definitely think that large companies have reason to be concerned and it is important that they know that their computers are not safe", explained Dr. Pankas.
The researchers will already notify Microsoft's security personnel of their discovery. Although they tested the "Windows 2000" operating system (which as of the middle of 2007 is the second most popular operating system), the researchers believe that newer versions of Windows such as XP or Vista, use a similar mechanism and may also be vulnerable.
Their conclusion is that the way the random number generator works needs to be improved and they recommend that Microsoft openly publish the way the generator works and the other security components of Windows programming to allow security researchers outside of Microsoft to test their safety.
The results of the research were presented in an article called "Cryptanalysis of the Windows Random Number Generator" at the ACM Conference on Computer and Communications Security held in Alexandria, Virginia from October 29 to November 2.
It's a shame it took Microsoft ten years to admit the mistake in the random number generator
Says Dr. Benny Pankas from the Department of Computer Science at the University of Haifa, whose team led by him revealed a loophole in the security of Microsoft's "Windows 2000" operating system * The loophole, in the random number generator, also remained in Windows XP and Microsoft will fix it in six months
Avi Blizovsky
If Microsoft had published the algorithm (without the encryption key) of the random number generator, cryptography experts could have discovered the bug in the generator ten years ago, and there would have been no need to wait for scientists to find the fault. This is what Dr. Benny Pankas from the Department of Computer Science at the University of Haifa, who headed a team of researchers in Haifa and the Hebrew University who uncovered a loophole in the security of Microsoft's "Windows 2000" operating system, says in a conversation with the Daily Mail.
The current loophole discovered by the team of researchers, which in addition to Dr. Pankas also included research students Zvi Guterman and Leo Dorndorff from the Hebrew University, allows the hacker to track information that left the computer even before the hack - and in fact, to track information that no longer exists on the computer.
"Windows 2000 is an almost ten-year-old system. The fact that Microsoft hides the systems they use makes it difficult for users to check that the systems are indeed safe." Says a notepad. In response to the Daily Mail's question about how the algorithm of the random number generator can be published without thereby causing hackers to find a way to break into the system, Penkes says: "The design of encryption systems should make them safe even if they are public. Everything should be public except the key used. This is the accepted form in any encryption standard, it is accepted to publish the algorithm used, so that independent experts can check that it is safe."
The meaning of the breach published by Penkes and two research students who worked with it is that emails, passwords, the credit card number if typed and in fact, all the correspondence that comes out of the computer running under "Windows 2000" can be tracked. "This is not just a theoretical discovery. Whoever manages to find the loophole we found will be able to perform these operations on other people's computers", explained Dr. Pankas.
About two weeks ago, the University of Haifa published a press release in Hebrew and English, and one of the sites that published it was the Slash-Dot computer site. According to Pankas, this news was quoted on many websites and magazines around the world, and among other things caused a reporter from Computer World to harass Microsoft and try to understand whether the hacked algorithm is also used by the random number generator in the more common operating system - Windows XP. "The first answers were that XP is different than Windows 2000, and only on Wednesday they admitted that XP has the same problem as Windows 2000. It's not that they lied, they claimed that these are different systems from a technological point of view, and this is true, but not relevant to this specific case . "
According to Panax, Microsoft indicated that the next big update to the XP operating system, which will be called SP3, and which will be released in six months, will solve the problem. Meanwhile the problem exists.
Does the problem continue in Vista as well?
Penkas: "Microsoft claims that Vista is safe, we are not yet convinced of this, I have not been able to verify this yet."
What will you do next?
"We continue our research to find the strength of the readable number generator in other operating systems, both Microsoft's and in general.
7 תגובות
You can easily take control of your computer physically, the simplest way is to steal a computer that you accidentally left in the wrong place, etc. In case this happens, if you had important information on your computer, it could easily be hacked.
– smart response here –
Pay attention to what is written in the fourth paragraph of the article: "Second, the hacker must take control of the computer he wishes to "attack" - physically, by installing software on it or in other ways via the Internet."
Be sure that if someone has already taken over your computer then it will be much easier for him to install a keylogger for you that will send him everything you type, including the credit card number, and he has a million other ways to extract every possible detail of your information without being a math professor.
In short, you can continue shopping online without fear - no one will use the new "loophole" against you because if he doesn't have full control over your computer then it's useless and if he does then he doesn't need it anyway.
From what you wrote, you don't know too much about cryptography either... The goal in building a random number generator is to create something chaotic enough (see definition on Wikipedia) that its operation on serial data is almost unpredictable. A random number generator that is not integrated with dedicated hardware (for example: radioactive material and a Geiger counter) cannot really be random by nature...
Anyone who knows anything about encryption knows that there is no such thing as a true random number generator, there are only fixed algorithms, and any algorithm can be hacked, the latest methods use random data, such as the exact rotation speed of the computer's processor at that moment, and put it into the calculation.
Kudos to you for your determination and patience.
H##A of a company