Security Breaches From The Sands of Time
Chris Gilbert
I found some interesting old news, back from 1999 that someone posted a link to in the SecurityNow newsgroups. I’ve recently started listening to this podcast - it’s a brilliant way to keep up with computer security news, and I feel a lot more informed having started to listen. http://www.heise.de/tp/artikel/5/5263/1.html http://www.heise.de/tp/artikel/2/2898/1.html The articles were to do with NSA back doors in several pieces of software, Microsoft Windows and Lotus Notes. Both of these were verified back in 2009 by security researchers by reverse engineering software. They traced inbuilt keys to the NSA, by virtue of the fact that they were called by the stealthy name, ‘NSAKEY’. This came out of some debugging symbols mistakenly left in Service Pack 5 for Windows NT. To some, this might be extremely old news (well, it was 14 years ago). However, it does show that at least then, Microsoft and Lotus (now owned by IBM) were willing and able to install backdoors, for the NSA to snoop on their customers. If they were willing and able then - why not now? So, the chances of there actually being backdoors in Windows and Notes today, given the revelations last week - I’d say are pretty high. Microsoft have had years to develop a reputation for poor security in their products, and have been desperately trying to regain people’s trust since the bad old days. I wonder if the coming revelations from the Snowden files may set them back again in winning their customer’s trust.