Another MS "feature"? This just blows my mind...

The story: www.wired.com/news/news/technology/story/21577.html (http://www.wired.com/news/news/technology/story/21577.html)



[This message has been edited by socalgal (edited 09-03-99).]

Socalgal, this is a very good thread. Do you mean that we are "up the creek" with this latest "discovery"? (with the title "A River in Egypt")

[This message has been edited by Bob-NB (edited 09-03-99).]

..................DENIAL.............

Get it?

(the nile)

[This message has been edited by dave8311 (edited 09-03-99).]

[This message has been edited by SysOpt (edited 09-04-99).]

The more I delve into privacy/security issues, the more alarmed and concerned I become. This article raises more of my awareness on this topic ... as do the other related Wired links.

By my subject title, I was referring to MS's mantra - "denial". (It's from a country western song a few years back <g> )

http://www.cryptonym.com/hottopics/msft-nsa.html


Microsoft Installs US Spy Agency with Windows

Research Triangle Park, NC - 31 August 1999 - Between Hotmail hacks and
browser bugs, Microsoft has a dismal track record in computer security. Most
of us accept these minor security flaws and go on with life. But how is an IT
manager to feel when they learn that in every copy of Windows sold, Microsoft
has installed a 'back door' for the National Security Agency (NSA - the USA's
spy agency) making it orders of magnitude easier for the US government to
access their computers?

While investigating the security subsystems of WindowsNT4, Cryptonym's
Chief Scientist Andrew Fernandes discovered exactly that - a back door
for the NSA in every copy of Win95/98/NT4 and Windows2000. Building on
the work of Nicko van Someren (NCipher), and Adi Shamir (the 'S' in
'RSA'), Andrew was investigating Microsoft's "CryptoAPI" architecture
for security flaws. Since the CryptoAPI is the fundamental building
block of cryptographic security in Windows, any flaw in it would open
Windows to electronic attack.

Normally, Windows components are stripped of identifying information. If the
computer is calculating "number_of_hours = 24 * number_of_days", the only
thing a human can understand is that the computer is multiplying "a = 24 * b".
Without the symbols "number_of_hours" and "number_of_days", we may have no
idea what 'a' and 'b' stand for, or even that they calculate units of time.

In the CryptoAPI system, it was well known that Windows used special numbers
called "cryptographic public keys" to verify the integrity of a CryptoAPI
component before using that component's services. In other words, programmers
already knew that windows performed the calculation "component_validity =
crypto_verify(23479237498234...,crypto_component)", but no-one knew exactly
what the cryptographic key "23479237498234..." meant semantically.

Then came WindowsNT4's Service Pack 5. In this service release of software
from Microsoft, the company crucially forgot to remove the symbolic
information identifying the security components. It turns out that there are
really two keys used by Windows; the first belongs to Microsoft, and it allows
them to securely load CryptoAPI services; the second belongs to the NSA. That
means that the NSA can also securely load CryptoAPI services... on your
machine, and without your authorization.

The result is that it is tremendously easier for the NSA to load unauthorized
security services on all copies of Microsoft Windows, and once these security
services are loaded, they can effectively compromise your entire operating
system. For non-American IT managers relying on WinNT to operate highly secure
data centers, this find is worrying. The US government is currently making it
as difficult as possible for "strong" crypto to be used outside of the US;
that they have also installed a cryptographic back-door in the world's most
abundant operating system should send a strong message to foreign IT managers.

There is good news among the bad, however. It turns out that there is a flaw
in the way the "crypto_verify" function is implemented. Because of the way the
crypto verification occurs, users can easily eliminate or replace the NSA key
from the operating system without modifying any of Microsoft's original
components. Since the NSA key is easily replaced, it means that non-US
companies are free to install "strong" crypto services into Windows, without
Microsoft's or the NSA's approval. Thus the NSA has effectively removed export
control of "strong" crypto from Windows. A demonstration program that replaces
the NSA key can be found on Cryptonym's website.

Dooh...I guess I just got off the banana boat. Please forgive my un-educated self.

The problem is I usually figure these things out. What do you think about the try about being "up the creek?"

If you were grading on a curve, you would at least give me partial credit for the effort wouldn't you? /forum/frown.gif

[This message has been edited by Bob-NB (edited 09-03-99).]

Bob-NB ~ I would venture to say that your "up the creek" aptly describes the continuing wonders we are still discovering with MS!

And I wouldn't be too concerned about your place on that learning curve if I were you /forum/wink.gif

Thanks for that further info IRED! /forum/smile.gif

I said once before, I'll say it again: This just keeps getting better and better /forum/frown.gif

Always remember, if it's in a hollywood movie, it will become reality sooner or later, unfortunately. If you will watch the movies of many years ago, you will understand what I mean.

"Enemy of the State" You laugh at what I said now, but someday you will understand.

[This message has been edited by Nathan (edited 09-03-99).]

I haven't seen "Enemy of the State" yet, looks like I'll have to rent it!

Remember "The Net"? Highly fantastical, but maybe there is some truth in there as well...



[This message has been edited by socalgal (edited 09-04-99).]

All of you who visited that site long enough to read the article have been tagged - we are watching -

Socalgal - looking to visit Yosemite for a little vacation?????

[This message has been edited by SysOpt (edited 09-04-99).]

edited


[This message has been edited by welsh wizard (edited 09-20-99).]

CMonster - HECK Ya! Email me /forum/wink.gif

welsh wizard - now's there's a thought... /forum/smile.gifThink they'd keep each other busy enough to leave us common folk alone? nah.. I didn't think so either...

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

Today's Update: http://www.wired.com/news/news/technology/story/21589.html

Has anyone found this _NSAKEY yet? I can't find it in my Registry. I sent an email to Mr. Fernandes to ask if he has the remover for Win98 (the remover at the Crypto site is for NT and W2K)

Guess I must be one of them "Ruby Ridge" folks. /forum/wink.gif

I'm glad I'm making the transition to Linux!
It's next to impossible to hide backdoors in Open Source! And any security hole can be patched in a lot less time than in a closed source OS. I'm glad I finally got my ADSL working in it, now as soon as I get a proxy/firewall set up for the internal network, no more evil Micros~1 products for me. It's all downhill from here folks. Jump on the alternative OS bandwagon while you can!

I'm not going to bother making any grim, forboding predictions about our Orwellian future; I can't seem to make my prophecies do any justice to the darkness of reality.

It's in the registry.

User/software/microsoft/windows/currentversion/explorer/doc find spec MRU

I searched my entire Win98 registry for "nsa"

I found 25 or so references, all pertaining to "traNSActions", or "screeNSAvers"

Perhaps MS already remotely removed them?

Nathan, isn't that the logview of the StartMenu/Find?

Same here as Dominus, only those words found with 'nsa' as part of the spelling of a word.

Hmmm, it must be deeper and more subversive that we thought? Intriguing!

Actually, if it wasn't so unfunny, this would be fun.

Yes, I know what you mean Socalgal.

I ran regedit at the start/run. Here is more info.

(default), (value not set)
a, ""
b, "NSAKEY"
MRUList, "ba"

Windows 98 FE (first edition) OEM
Celeron 400, 128 MB

[This message has been edited by Nathan (edited 09-04-99).]

But Nathan, isn't this only the logview of the Start/Find? Did you do a Start/Find for NSAKEY? If so, isn't that why it's there? (I'm pretty sure.)

HKEY_CURRENT_USER
Software/Microsoft/Windows/Current Version/
Explorer/DocFindSpecMRU/(ab)MRU List.

I have:
(ab) a through j = my last "Start/Find" entries;
(ab)MRUList "afieddghcbj"

NSAKEY isn't there. I did Ctrl+F for NSAKEY at the top of regedit though and F3 all the way thru and still no NSAKEY.

I'm baffled.

Win98 4.10.1998 SP1
PIII-450 @527
256mgs
PSN disabled (if that makes any difference)


btw - still haven't heard from Mr. Fernandes, but I'll bet he's deluged with email!


[This message has been edited by socalgal (edited 09-05-99).]

You are correct Socalgal. According to this article, which IRED provided, this is embedded in the programing of this file

advapi32.dll

[This message has been edited by Nathan (edited 09-05-99).]

Guess I didn't read the Crypto article that thoroughly.. /forum/redface.gif All the debugging info is in that article and they even have some good screenshots of it!

Ok, so how do we get into that? /forum/wink.gif

~Edit: I opened it in Wordpad, lots of code in there and lots of crypto description lines towards the bottom! It won't even c&p out of there!

Of course Find didn't find NSA - it's truly crytped!

Also found CryptPKO and variants in the Registry, I wonder if they are related.


[This message has been edited by socalgal (edited 09-05-99).]

here's the link to disable the key /forum/smile.gif
http://www.cryptonym.com/hottopics/msft-nsa.html#removensa


[This message has been edited by smokin1 (edited 09-05-99).]

Oh by the way ....you won't find NSA in the reg unless you look at Ox77DF55D0 with a debugging tool... it's encrypted..
2/c
/forum/wink.gif

Hi smokin! Unfortunately, it's only for NT and W2K. I do have a letter out to Mr. Fernandes, asking if he has the removal key for Win98.

"A sample program which replaces the NSA key with a test key, and leaves the rest of the CryptoAPI system intact, can be downloaded here (currently only for WinNT and Win2k)."

This is scary!!!

When you get your reply from him, Socalgal, be sure to let us know what he has to say about Win98 SP1.

I wonder now, if removing it, will somehow cause Windows to run eratically (more so). I wonder if they have safeguards against removing it permanately. Something for us to think about. If they went to that much trouble to hide and encrypt, will they have another entry to re-add it once the absence of it is detected??????????

As for the movie references, I've always believed: If it's in the movies, it either has to be real, or they're working on making it a reality. (in regards to that Enemy of the State movie)

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

I think we are now at the mercy of those programers that can spot these things and tell us how to get rid of them. A lot of good questions here. And here is another one. What if they put another one in somewhere that can not be removed?

However, there is hope. They can't keep hackers out of the CIA, Pentagon, FBI, etc. right? So when these things are spotted, someone will right a program to disable or remove these items. I'm sure of it.

[This message has been edited by Nathan (edited 09-05-99).]

How about some really paraniod thinking?
How do I know that a program to remove the NSAKey does not install a backdoor?

Decompile it in Linux.

You better believe I'll post the Win98 removal key here - if M$/NSA hasn't whacked Mr. Fernandes by now (JK bad joke sorry couldn't help it).

Seriously though, these are all good and valid questions!

I was doing a little sightseeing over at Mr. Fernandes' site http://www.cryptonym.com/ The site is apparently quite new... yes, who are these guys? Some very smart guys apparently. Not much info, but the site is still new also. Hopefully more to follow there.

And, the illustrious NSA http://www.nsa.gov:8080/ This stuff is fascinating.

I wish I had gotten into computers a long time ago, I wouldn't have mind working at NSA. Just think of the minds there. At MS too. These guys are brilliant, I have to respect that. That's also what can make them dangerous.

I would love to see any ideas or results anyone could come up with, like Dominus' suggestion...? Cryptonym used MS Visual C++ to debug the code.

I won't be around much today but I hope you're all having a good Holiday!

Thanks for all your input, thoughts and feedback! /forum/smile.gif

Keep digging.... /forum/wink.gif

I just rented Enemy of the State. Great movie! But I changed my mind, I don't think I'd like to be associated with the NSA after all... /forum/wink.gif

Welsh Wizard,

I have an external USB modem{with all the flashy lights}

When I go to m$ update site my modem is clocking faster AFTER a download than during.

Downloads take forever an then when they are done the modem is working harder for that 15 to 20 seconds before m$ turns you loose than it did the whole time during the download.

Get an external modem and check it out.

Now you all know why I like the pretty little lights on my computer and external modem!

Incidentally, most of that stuff in 'Enemy of the State', is real!

A few years ago the NSA, CIA, & FBI tried to get the world's modem manufacturers to put a little chip on the modem that would allow the government access to anything and everything on your computer whenever it was on! Now with this NSAKEY in Windows, I know why they dropped the issue!

Want to hear some more U.S. Government plots?

You know that little metal strip in your dollar bills? The feds can detect that with a satellite and tell how much money you have on you. Of course, this is currently limited to 10's and up.

And that Hubble Telescope, the U.S. has satellites pointed down at the Earth that are so sensitive they can detect a match being lit and can read newsprint.

The NSA also has a supercomputer that can process 30 billion operations per second! They use it to break the unbreakable codes. What would take the average desktop decades to break, this thing can do in a few minutes! And that was 5 years ago!

There are many technologies that are just now being released that were developed decades ago. The only reason we even know about these things is because they government has already built something better.

By the way, some of the info I just told you, I got from people who used to work in some of these places. A couple of them have disappeared...
For that reason I won't tell you everything that I know!

ps - de nile, it isn't just a river in Egypt anymore, is it?!

[This message has been edited by nilknarf (edited 09-07-99).]

Still no word from Mr. Fernandes on the Win9x removal key /forum/frown.gif

Rollin' Down The River...

http://www.microsoft.com/security/bulletins/backdoor.asp

There's two sides to every story ... so who do you believe? /forum/wink.gif

IRED ~ is your post in the right thread? Or did I miss something?

nilknarf ~ I believe it. Good material for X-Files in the upcoming season, no?

Oh, No..... I think they got Mr. Fernandes!!!

We may never know the answer now Socalgal!!!!
/forum/biggrin.gif

-MrEd
/forum/smile.gif

Just read that article: LIES, LIES, LIES.... /forum/biggrin.gif Besides, isn't the first order of accusations to DENY EVERYTHING???!!!??? Then come back and say:"OOOPS we made a mistake, oh well." Worked for Bill anyway. (both Bill's now that I think about it....)

[This message has been edited by MrEd (edited 09-07-99).]

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

Trust no one, keep your laser handy, and obey the computer. The computer is your friend. At long as its running a Microsoft OS its your friend that is...

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

I think it's time I learn Linux...

Actually, I think it's time I write my own OS so that no one else can f*&k around on my system!

As for the X-files, have you ever wondered how much of that has actually happened? (I mean the older X-files, the new ones are more of a multipart episode that are a follow-on to the movie)

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

WooHoo Welsh Wizard! /forum/smile.gif You go. hehe

Have you used Linux before? I hear it's kind of difficult if you're just getting started on it, but that it's worth it.

welshwizard, if you ever need help with your passage into the world of Linux, drop me a line.

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

I've been wondering about Mr. Fernandes since I have not received a reply email from him.

Apparently, he is still among us, because his site has an update - some interesting FAQ's regarding the NSAKey.

Go to http://www.cryptonym.com/ , hit the Home button and then Headlines "New" to read all about it.

An excerpt:

When will a Win95/98 version be available?

Whenever a programmer with lots of experience in kernel-mode virtual memory management under these operating systems donates his/her time to produce it. We've had a very few number of offers, but no serious discussions have occurred so far.

Mr. Fernandes is still accepting email questions and comments.

The problem with all this is that the Linux Open source just means that if someone wanted to write something into it to betray you, you would never know the source! Even if somehow you figured it out!

Also, any software sold in the US falls under the US laws for security, which require it be penetrable by the gov't. OS2 has it also, just in case you were wandering!

Nilky, I really don't think uncle sam is gonna track my $10.00 bills, when they even get duped by counterfiets sometimes... The Hubble has a hard enough time just looking into space, and it would be easier to hire a CIA agent to track me than to find me from space!

Now, we have an opurtunity here to make a MS product safe to us all because we know about this "feature", thats enough reason for me to try to set it up to work without the NSA key than any other OS.

Trust me, if the publically available UNIX/LINUX is on the streets, it's been tapped by Uncle Sam's geeks.

This knowledge is really a blessing in disguise, and Bill the Liar wants to make it more effective, while at the same time taking contributions to let the chinese have Nuclear weapons secrets so they can build more nukes more cost effectively without wasting money on testing. I guess they can afford to make more since we paid for their test's.

Thats all I have to say!

BBA

Couldn't have said it better myself welsh wizard!!

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

welsh wizard ~ why not try posting for a solution for your Linux problem in the Operating Systems forum?

edited

[This message has been edited by welsh wizard (edited 09-20-99).]

Okay, I leave for a few days and look what happens!

MS strikes again!$#%FDGJ($)YYY#"{

Anyone heard anything new about the MSNSA conspiracy?

BBA, if there is something the US gov't hasn't penetrated let me know, because they can pentrate programming wether you want them to or not. Remember, much of our modern technology & programming was based on work done for various governments.

BTW, Big Brother is watching, has always been watching, and always will be watching.

Hi guys, check out this site

http://www.microsoft.com/security/bulletins/backdoor.asp

If it's true i don't know!

edited

(vengeance is mine saith [shh you know who])

[This message has been edited by welsh wizard (edited 09-20-99).]

Ahh