Absolutely not a joke.
Ray Dillinger
bear at sonic.net
Tue Jan 30 17:55:56 PST 2001
On Tue, 30 Jan 2001, Declan McCullagh wrote:
>On Tue, Jan 30, 2001 at 11:45:43AM -0800, Ray Dillinger wrote:
>> Windows is also built to be insecure; there are backdoor keys for
>> law-enforcement types to stick "trusted" trojans on the system,
>
>Everything else is true, but I'm not sure about the above.
>You're talking about the NSA key, I assume.
Yes: Windows has one documented public key that it uses to
check software that gets, eg, mailed to it via outlook, or
downloads in a webpage via Explorer, or etc, to decide whether
it is "trusted" software or not. If it is trusted software
(presumably from Microsoft) then it can be run without
popping up a dialog box and getting the user's attention/
permission. Otherwise, "normal" security methods apply.
People with debuggers long since discovered that there is more
than one key ( though there are conflicting reports about
whether there are two or three), but had no idea why there
would be more than one unless Microsoft wanted to enable
some third party to create "trusted" applications without
Microsoft's knowledge or review.
Recently when a windows system was made available in a debug
build (ie, with the symbolic names etc still in the code), it
was discovered that one of the "extra" keys was named NSA_key,
which gives at least a strong hint as to who else is allowed
to create "trusted" downloadable software.
Bear
More information about the cypherpunks-legacy
mailing list