- Email: [email protected]
Further doubts emerge over NT security
October 7996
Network Security
However, the new approach does not satisfy some objections to a government-backed eavesdropping system. Critics contend that any such system could compromise the privacy of United States citizens and hinder American ability of the high-technology companies to export most sophisticated data security products. Those involved include Digital Equipment, RSA,Cylink and Trusted Information Services as well as IBM which set in motion the it when new compromise demonstrated its experimental approach to the CIA director. In a public statement,Al Gore said that if the IBM data-deciphering technology proved workable. there would no longer be export restrictions on the strength of the encryption technology or on the type of algorithms employed. The IBM approach is intended to eliminate vulnerability by giving no third party an actual key to the code. Instead, at least two ‘trusted agents’ would be required to help unscramble encrypted information in the header of message. Netscape each Communications has warned that even the new government plan would continue to hinder the American industry’s ability to compete internationally.
Further doubts emerge over NT security Gene Schultz, US security expert and editorial board member for this publication, is to publish a guide following research at Stamford Research Institute into the security of Windows NT. In the guide, Schultz accuses Microsoft of exaggerating the significance of NT’s C2 rating, and of ignoring security community warnings that the operating system’s registry is vulnerable to unauthorized access,
4
Privacy advocates not appeased by key recovery The US government’s proposed policy change to allow the export of 56bit encryption products is stilt a cause for concern for privacy advocates. Key recovery satisfies concerns of the FBI, CIA and National Security Agency that the export of strong encryption could lead to the technology falling into the hands of terrorists and criminals who could use it to threaten national security. Writes Computing, legislation will require that encryption vendors agree to give up the keys to their 56-bit encryption algorithms to the agencies within 24 months, at which time it will become illegal to export any non-key recoverable software, Privacy advocates have hotly debated the legitimacy of such a system, saying that allowing the government access to private information is a vioiation of an individual’s right to privacy and free speech. Key recovery differs from key escrow by allowing some large Internet service providers and companies to hold their own keys instead of registering them with a third party. However, with the correct warrants, law enforcement officials would still have access to the keys. The Communications Electronics Security Group, part of the UK’s GCHQ, was working on a similar proposal for the UK and Europe. The US and European schemes would need some form of mutual recognition, therefore, Europe must move quickly. -
._ --___-.
The registry is at the heart of NT’s system security, containing password and log-on parameters that should only be available to NT users with the highest security clearance. Apparently, the registry can be accessed by Windows 95 clients. Microsoft has defended its product: “. no one has been able to demonstrate unauthorized access to the NT registry”.
PRODUCT NEWS Reflex creates macro virus trapper In a new release of Disknet, Reflex have created a new module that traps macro viruses and an
-_--
_- ._-.-
_ - _I..-_--_
upgrade to the Data Encryptor module that enables users to create a secure, 64-bit key encrypted ‘virtual’ hard disk of up to 1.8GB in size. Versions are available for Windows 3.1 1, Windows NT, IBM OS/2 2.x and OS/2 WARP. Novell NetWare, Microsoft LAN Manager etc. the new Macro Protector is designed to complement the suite’s existing defences against file corruption. It specifically protects the .DOT files created by Microsoft Word for Windows and provides a barrier against known and unknown macro viruses. The Data Encryptor drive is secured through a combination of password control and a 64-bit encryption algorithm. For further information, contcfcf Philip Benge, Reflex Magnetics on tel: 44 I7 I 372 6666; fax.’ +44 I7 7 372 2507.
01996
Elsevier
Science
Ltd
Network Security
However, the new approach does not satisfy some objections to a government-backed eavesdropping system. Critics contend that any such system could compromise the privacy of United States citizens and hinder American ability of the high-technology companies to export most sophisticated data security products. Those involved include Digital Equipment, RSA,Cylink and Trusted Information Services as well as IBM which set in motion the it when new compromise demonstrated its experimental approach to the CIA director. In a public statement,Al Gore said that if the IBM data-deciphering technology proved workable. there would no longer be export restrictions on the strength of the encryption technology or on the type of algorithms employed. The IBM approach is intended to eliminate vulnerability by giving no third party an actual key to the code. Instead, at least two ‘trusted agents’ would be required to help unscramble encrypted information in the header of message. Netscape each Communications has warned that even the new government plan would continue to hinder the American industry’s ability to compete internationally.
Further doubts emerge over NT security Gene Schultz, US security expert and editorial board member for this publication, is to publish a guide following research at Stamford Research Institute into the security of Windows NT. In the guide, Schultz accuses Microsoft of exaggerating the significance of NT’s C2 rating, and of ignoring security community warnings that the operating system’s registry is vulnerable to unauthorized access,
4
Privacy advocates not appeased by key recovery The US government’s proposed policy change to allow the export of 56bit encryption products is stilt a cause for concern for privacy advocates. Key recovery satisfies concerns of the FBI, CIA and National Security Agency that the export of strong encryption could lead to the technology falling into the hands of terrorists and criminals who could use it to threaten national security. Writes Computing, legislation will require that encryption vendors agree to give up the keys to their 56-bit encryption algorithms to the agencies within 24 months, at which time it will become illegal to export any non-key recoverable software, Privacy advocates have hotly debated the legitimacy of such a system, saying that allowing the government access to private information is a vioiation of an individual’s right to privacy and free speech. Key recovery differs from key escrow by allowing some large Internet service providers and companies to hold their own keys instead of registering them with a third party. However, with the correct warrants, law enforcement officials would still have access to the keys. The Communications Electronics Security Group, part of the UK’s GCHQ, was working on a similar proposal for the UK and Europe. The US and European schemes would need some form of mutual recognition, therefore, Europe must move quickly. -
._ --___-.
The registry is at the heart of NT’s system security, containing password and log-on parameters that should only be available to NT users with the highest security clearance. Apparently, the registry can be accessed by Windows 95 clients. Microsoft has defended its product: “. no one has been able to demonstrate unauthorized access to the NT registry”.
PRODUCT NEWS Reflex creates macro virus trapper In a new release of Disknet, Reflex have created a new module that traps macro viruses and an
-_--
_- ._-.-
_ - _I..-_--_
upgrade to the Data Encryptor module that enables users to create a secure, 64-bit key encrypted ‘virtual’ hard disk of up to 1.8GB in size. Versions are available for Windows 3.1 1, Windows NT, IBM OS/2 2.x and OS/2 WARP. Novell NetWare, Microsoft LAN Manager etc. the new Macro Protector is designed to complement the suite’s existing defences against file corruption. It specifically protects the .DOT files created by Microsoft Word for Windows and provides a barrier against known and unknown macro viruses. The Data Encryptor drive is secured through a combination of password control and a 64-bit encryption algorithm. For further information, contcfcf Philip Benge, Reflex Magnetics on tel: 44 I7 I 372 6666; fax.’ +44 I7 7 372 2507.
01996
Elsevier
Science
Ltd