Security Issues with MS Windows |
|
|
|
Can things get shoddier?
Well shoddier is the least they can get -- Let us see why and how?
The link below shows - CryptoAPI has NOT passed tests for "standard functionality" according to US Government
FIPS-140-1 evaluations
<URL: http://www.microsoft.com/security/tech/cryptoapi
/default.asp>
... and a copy of those
standards at NIST (The National Institute of Standards and Technology)
<URL: http://csrc.nist.gov/fips/fips1401.htm>
When asked "Could someone use these keys to weaken my
security?"
Here is what Microsoft says:
<URL: http://msdn.microsoft.com/workshop/security/capi/cryptapi.asp>
"No. They would need the private half of either key pair; and
as noted, we have not shared these keys with anyone, including
the NSA. Even Microsoft could not use the keys DIRECTLY to
weaken your security. The worst thing that could be done with
the keys would be to digitally sign poorly-written CSPs, but
even then, there would be no way to get the CSPs onto your
computer without your approval."
Well, let's see if that's true. Let's see if the user must approve
the execution of software or a specific function from system software
We saw above that the protection of the user's private key is
dependent upon CryptoAPI not being compromised (above) - so we
already know that if that fall-back key has been compromised the
entire CryptoAPI that is responsible for protecting it is also
compromised, but let's see if even THAT PART of the statement
(requiring the user's permission) is true...
-
<URL: http://msdn.microsoft.com/workshop/security/capi/cryptapi.asp>
Microsoft Corp's Java Virtual Machine ... in Internet Explorer,
Microsoft Outlook, and the Eudora e-mail program ...
An (Java) applet can exploit the glitch and override JVM security
doing such things as reading private data or modifying and deleting
files on a victim's machine.
-
<URL: http://www.cnn.com/TECH/computing/9910/18/microsoft.jvm.hole.idg>
The weak point is an ODBC driver in Excel97, the spreadsheet
program for Office97. A malicious hacker can create an Excel
spreadsheet that exploits the weak point in this database driver,
allowing him or her to delete files or "perform other malicious
acts," according to Microsoft.
<URL: http://www.cnn.com/TECH/computing/9908/03/excelbug.idg/>
The Marine Corps official said it was not clear how the virus
entered its system.
<URL: http://www.cnn.com/TECH/computing/9910/22/marines.worm.01/>
The worm that infected computers at the Marine Corps headquarters
at the Pentagon early Friday was "ExploreZip", an especially
malicious virus that typically travels by e-mail, according to
a Marine Corps spokesman.
<URL: http://www.cnn.com/TECH/computing/9910/22/virus/>
Apparently, this is the first time a virus can permeate your
computer from a simple e-mail form -- no opening of attachments
are necessary to launch it. So there's little way to protect
yourself. It's believed to work by taking advantage of a
security hole in Internet Explorer 5.0. NOVEMBER 10TH 1999
<URL: http://www.msnbc.com/news/296945.asp?cp1=1>
October is the cruelest month for Microsoft and Internet Explorer
5, complements of one Georgi Guninski, noted hacker from Bulgaria.
Exposing nor fewer than three security holes over the last 30 days,
Guninski has recently uncovered yet one more privacy flaw in IE5
If you recall the earlier "Download Behavior" bug, which also
necessitated the dismissal of Active scripting, this
all-encompassing approach leaves your browser incapable of interacting
acting with JavaScript and VBScript-centric content. This means
you'll have to add trusted sites to IE5's Trusted Sites Zone from
the security tab within your Internet Options dialog box (when
this can't be done automatically via script). ...
<URL: http://www.msnbc.com/news/326233.asp?cp1=1>
<URL: http://www.msnbc.com/news/325291.asp?cp1=1>
Microsoft has found out about another security hole in Internet
Explorer 5.0. An unscrupulous webmaster could construct a page
that takes advantage of IE5's Import Export Favorites function to
run malicious code on a visitor's computer ... See
Patch: http://www.microsoft.com/security/bulletins/MS99-037faq.asp
<URL: http://support.microsoft.com/servicedesks/productflashes/Internet/intfc421.htm>
[October 5, 1999] Internet Explorer 5 includes a Download
Behavior that allows Web page authors to download files for use in client-side scripts. By design, a website should be able to download only files that reside in its domain, this prevents client-side code from exposing files on your computer or local intranet to the Web site. However, a server-side redirect can be used to bypass this restriction.
The net result is that a malicious Web site operator
could potential read (but not modify or erase) filse on your computer or
other computers on your local Intranet.
This means that a substituted _NSAKEY could be verified as installed without
even using it.
<URL: http://support.microsoft.com/support/kb/articles/Q179/6/52.ASP>
In order to step out of the Java "sandbox," applets need
to be packaged in CAB files for use with Internet Explorer 4.0x (and up). ...
The Microsoft model is a static model that requires the user to trust the
code up front.
<URL:http://www.securityfocus.com/new.html>
IMail POP3 Buffer Overflow ... may be possible to execute
arbitrary code. (NT4.0)... "InterScan Virus Wall Long HELO Buffer
Overflow Vulnerability" (NT4.0) ... IE5.0 for Win98 buffer overflow
IE4.0 for Win98 buffer overflow ... Outlook/Outlook-Express (on)
Win95/98/NT/2000 MS ActiveX CAB File Execution Vulnerability ... NT
Spool's Buffer Overflow (NT4.0 through SP6) ... aVrt Mail
buffer overflow ... Excel SYLK Macro... IE5 IFRAME executes code
with local-file system permissions ... MSN Setup BBS buffer
overflow... hhopen OLE Control buffer overflow ... IrfanView32
buffer overflow ...
About a dozen bugs reported in the last 30
days that could cause code to be executed WITHOUT the permission
of the logged in user.
<URL: http://www.microsoft.com/security/tech/cryptoapi/cspdev.asp>
a list is given of vendors with security-specific wares based on
CryptoAPI, hence potentially compromised if the 2nd key (or 3rd
key?) is replaced. This is a pretty impressive list, which shows
that MOST of the Windows community depends on one or more of these
technologies.
"Authenticode" is the technology that is perhaps the biggest hole
for a compromised (or replaced secondary) CSP key. Here's some
links that deal with all of this. Especially see the graphic
on the link mentioned below.
Other Resources ![[Next]](../../../homepage/ar_right.gif) |
