Security loophole found in Microsoft's® random number generator.
 Researchers from the Department of Computer Science at the University of Haifa, have found a security loophole in the random number generator in Microsoft's Windows 2000® operating system.
Previous security breaches have enabled hackers only to follow correspondence from a computer from the time of the breach onwards. This newly discovered loophole, exposed by a team of researchers headed by Dr. Benny Pinkas, enables hackers to access information that was sent from the computer prior to the security breach and even information that is no longer stored on the computer.
The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using "Windows 2000®" is susceptible to tracking. "This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers," remarked Dr. Pinkas.
"There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk," explained Dr. Pinkas.
|
