Win XP also prone to random number bug
PrintNot hard to guess
Posted in Software & Security, 23rd November 2007 21:27 GMT
Free whitepaper – What Exchange can't do - and Dell can
Microsoft has conceded that the pseudo-random number generator used by Windows XP suffers the same security shortcomings as Windows 2000.
Israeli researchers researchers recently discovered it was possible to predict the output of random-number generator built into Windows 2000, after first determining the internal state of the generator. Random numbers are a critical sub-component of cryptography functions, such as the generation of keys used for SSL exchanges.
Win XP - but not Windows Vista - are subject to the same problem, Microsoft admits. However the software giant has no plans to release a fix until Windows XP Service Pack 3 in the first half of 2008.
Microsoft said that to pull off the attack an attacker would need to have gained ownership of a machine, after which worries about random number would be the least of a user's worries. "Because administrator rights are required for the attack to be successful, and by design, administrators can access all files and resources on a system, this is not inappropriate disclosure of information," a company spokesperson told Computerworld. "If an attacker has already compromised a victim machine, a theoretical attack could occur on Windows XP." ®
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
The business value of SIP VoIP and trunking
Seven ways to optimize VMware server virtualization
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs