SIGHTINGS



Microsoft A 'Proprietary'
Of The NSA?
From Wes Thomas <west@sonic.net>
2-21-00
 
 
MS Denies Windows 'Spy Key' By Steve Kettmann and James Glave 10:20 a.m. 3.Sep.99.PDT
 
Microsoft is vehemently denying allegations by a leading cryptographer that its Windows platform contains a backdoor designed to give a US intelligence agency access to personal computers.
 
Andrew Fernandes, chief scientist for security software company Cryptonym in Mississauga, Ontario, claimed on his Web site Friday that the National Security Agency may have access to the core security of most major Windows operating systems.
 
"By adding the NSA's key, they have made it easier -- not easy, but easier -- for the NSA to install security components on your computer without your authorization or approval," Fernandes said.
 
[More at http://www.wired.com/news/news/story/21577.html] _____
 
The Spy Who Encrypted Me
 
By Joel Deane, ZDNN February 26, 1999 1:08 PM PT http://www.zdnet.com/zdnn/stories/news/0,4586,2215192,00.html
 
WASHINGTON -- It's all very Tom Clancy.
 
Within a few weeks civilians will be able to rig their laptops to transmit and contain classified-level information, safe in the knowledge that their system has the blessing of the home of high-tech spying, the National Security Agency. But it seems most road warriors are too paranoid to come in from the cold.
 
The problem: Who wants the government inside their computer?
 
The NSA is currently in the final round of tests for two new products developed by Kasten Chase Applied Research that use the NSA's Fortezza encryption technology. Designed to provide secure connections to a LAN over standard phone lines, the 56Kbps Mykotronx Palladium modem and Spyrus Talisman software are already on the civilian market and in use by the U.S. military.
 
Kasten Chase Regional Sales Manager Blair Semple said the NSA tests should finish this week.
 
Modem and crypto card With its Fortezza 80-bit Skipjack encryption, the Palladium modem meets the NSA's PCMIA card security standards. It also doubles as a Fortezza crypto card that guards the computer's data against theft.
 
Here's how the Fortezza crypto card works. Once a PC is loaded with the Talisman software it automatically encrypts every file that's loaded onto a computer -- and ensures that only a user with the correct Fortezza crypto card and seven-digit password can gain access to that encrypted data.
 
"A Fortezza card also requires a PIN. So that even if someone stole my computer and got my Fortezza card they have to enter a seven-digit PIN within 10 tries or the card shuts itself down and they can't access the data," Semple said.
 
Military clientele The Treasury Department, Commerce Department and Department of Energy already use Kasten Chase's secure Fortezza products, but most customers hail from the U.S. Army, Navy, Air Force and Marines.
 
As yet, the products haven't won a large following in the corporate world. That could be partly to do with the system's price tag. Customers also have to buy the OPtiva Secure Plus, Kasten Chase's eight-slot PCMIA RAS -- once they've outfitted 50 or more road warriors, Semple said, the cost evens out to about $1,000 a head.
 
But the main obstacle is -- you guessed it -- paranoia: people just don't trust the government.
 
"Within the corporate world there's a little bit of fear that it's a government-developed technology and therefore the government has a way to get into it. A backdoor," Semple explained.
 
"At one point in time this technology did have backdoors, the Fortezza technology did, but those have all been removed now. There's a little bit of convincing required."
 
Very Tom Clancy.
---------- Microsoft beefs up NT security By Tim Clark Staff Writer, CNET News.com August 31, 1998, 9:40 a.m. PT Aiming to expand its business with federal agencies, Microsoft will boost security for Windows NT by supporting FIPS 140-1 and Fortezza, two key cryptographic standards for federal government users.
 
Microsoft will add support to Windows NT Workstation and Server 4.0 operating systems later this year. Support of FIPS 140-1 and Fortezza will be achieved through security plug-ins for Microsoft's CryptoAPI, a set of programming interfaces.
 
[More at link]

 
SIGHTINGS HOMEPAGE

This Site Served by TheHostPros