Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

GSS identifies flaws in Windows 2000 number encryption.

Global Secure Systems (GSS) : 14 November, 2007  (Technical Article)
In light of potential problems with encrypted numbers generated within Windows 2000, Global Secure Systems advises users to use secondary encryption rather than relying purely on programme generated protection.
Global Secure Systems (GSS) has warned companies about a potentially serious flaw in Windows 2000 that can apparently compromise emails, passwords, bank and card details typed in on a PC keyboard.

'The problem stems from a flaw in the random number generator in Windows 2000. The flaw allows encrypted Web data and email transmissions to be decoded,' said David Hobson, MD of GSS.

According to Hobson, those companies that have implemented encrypted VPN connections for their remote data entry can breathe a sigh of relief that their systems are relatively secure against the problem.

'We have always advised our clients to adopt a belt and braces approach to their IT security. You should never presume that a basic software-only encryption system such as that seen in Windows 2000 prevents eavesdropping,' he said.

'Complete encryption of the datastream, as seen on a secure VPN connection, is the only real way of protecting remote data entry across the Internet. It may not be as sexy as two-factor authentication, but it has a proven track record,' he added.

Hobson went on to say that some news reports suggest that the Windows 2000 encryption flaw may also affect Windows XP and Vista users.

'Myself, I have my doubts, but I've learned that anything is possible when it comes to Microsoft security flaws. Companies really need to employ hardware-enabled encryption on all their data streams flowing across the Internet to be totally safe,' he explained.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo