Microsoft denies Windows 2000 security risk

Microsoft has hit back at claims that Windows 2000 users are exposed to a loophole in the operating system's random number generator, a flaw researchers claim allows hackers to retrieve users' personal information. Dr Benny Pinkas from the Department of Computer Science at the University of Haifa, said CryptGenRandom can be exploited by hackers to access information such as email, password and credit card details.

"This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers," he said. However, Mark Miller, Microsoft's director for security response communications, said after further investigation into the claims by Dr Pinkas, the company found that there is no security vulnerability.

View: Full Article @ PC Advisor

Report a problem with article
Previous Story

Microsoft to hike spending on Embedded

Next Story

SolveigMM Video Splitter 2.0.711.09 Beta

9 Comments

Commenting is disabled on this article.

daPhoenix said,
According to Microsoft, there was no URI vulnerability either. Right.

well, that depends on how you look at it. I for one still follow their first stance, namely that it is the responsability of the receiving application to check the incoming URI parameters for strange characters or possible buffer overflows.

I'd love to see Dr Benny Pinkas get someone’s "personal information" by exploiting a flaw in W2K's "random number generator", I really would, as it sound like bulls**t to me.