microsoft
Report a problem

Microsoft confirms that XP has random number generator bug

Steven Parker   on 22 November 2007 - 10:57 · 5 comments & 5945 views

Advertisement (Why?)
Windows XP, Microsoft Corp.'s most popular operating system, sports the same encryption flaws that Israeli researchers recently disclosed in Windows 2000, Microsoft officials confirmed late Tuesday.

The researchers, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, reverse-engineered the algorithm used by Windows 2000's pseudo-random number generator (PRNG), then used that knowledge to pick apart the operating system's encryption. Attackers could exploit a weakness in the PRNG, said Pinkas and his colleagues, to predict encryption keys that would be created in the future as well as reveal the keys that had been generated in the past.

View: Full Article @ InfoWorld

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Steven Parker
User name: Neobond
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

 

Post a comment · Send to friend Comments · There are 5 additional comments
#1 Andre on 22 Nov 2007 - 18:39
Oh nos! -_-
#2 IntelliMoo on 22 Nov 2007 - 22:27
So.... no fix until "SP3" I take it? lol
#3 hvy on 23 Nov 2007 - 06:18
MS wants everyone to give them $$$ for Vista so it will probably deliberately NOT be fixed on XP.
(1 reply) #4 franzon on 23 Nov 2007 - 15:13
Linux Kernel Random Number Generator DoS and Privilege Escalation Vulnerability:
http://www.securityfocus.com/bid/25348/discuss

The Linux kernel is prone to a local vulnerability that may result in a DoS or privilege escalation. This issue stems from a stack-based overflow in kernel memory.
Successfully exploiting this issue allows local attackers to trigger kernel crashes. In certain circumstances, attackers may also gain elevated privileges. The attacker may require partial administrative access via granular assignments of superuser privileges.
Linux kernel versions prior to 2.6.22.3 are affected by this issue

Last edited by franzon on 23 Nov 2007 - 15:18
#4.1 Helba on 24 Nov 2007 - 05:32
I just saw the Neowin article about this.

Is everybody susceptible to this thing?

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1390) © 2000 - 2008 Neowin.net