The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using "Windows 2000" is susceptible to tracking. "This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers," remarked Dr. Pinkas.
Various security vulnerabilities in different computer operating systems have been discovered over the years. Previous security breaches have enabled hackers to follow correspondence from a computer from the time of the breach onwards. This newly discovered loophole, exposed by a team of researchers which included, along with Dr. Pinkas, Hebrew University graduate students Zvi Gutterman and Leo Dorrendorf, enables hackers to access information that was sent from the computer prior to the security breach and even information that is no longer stored on the computer.
The researchers found the security loophole in the random number generator of Windows. This is a program which is, among other things, a critical building block for file and email encryption, and for the SSL encryption protocol which is used by all Internet browsers. For example: in correspondence with a bank or any other website that requires typing in a password, or a credit card number, the random number generator creates a random encryption key, which is used to encrypt the communication so that only the relevant website can read the correspondence. The research team found a way to decipher how the random number generator works and thereby compute previous and future encryption keys used by the computer, and eavesdrop on private communication.
"There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk," explained Dr. Pinkas.
According to the researchers, who have already notified the Microsoft security response team about their discovery, although they only checked "Windows 2000" (which is currently the third most popular operating system in use) they assume that newer versions of "Windows", XP and Vista, use similar random number generators and may also be vulnerable.
Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the "Windows" security system to enable computer security experts outside Microsoft to evaluate their effectiveness.
Touchscreens go 3D with buttons that pulsate and vibrate under your fingertips
14.03.2019 | Universität des Saarlandes
EU project CALADAN set to reduce manufacturing cost of Terabit/s capable optical transceivers
11.03.2019 | IHP - Leibniz-Institut für innovative Mikroelektronik
The Potsdam Echelle Polarimetric and Spectroscopic Instrument (PEPSI) at the Large Binocular Telescope (LBT) in Arizona released its first image of the surface magnetic field of another star. In a paper in the European journal Astronomy & Astrophysics, the PEPSI team presents a Zeeman- Doppler-Image of the surface of the magnetically active star II Pegasi.
A special technique allows astronomers to resolve the surfaces of faraway stars. Those are otherwise only seen as point sources, even in the largest telescopes...
Researchers at Chalmers University of Technology and the University of Gothenburg, Sweden, have proposed a way to create a completely new source of radiation. Ultra-intense light pulses consist of the motion of a single wave and can be described as a tsunami of light. The strong wave can be used to study interactions between matter and light in a unique way. Their research is now published in the scientific journal Physical Review Letters.
"This source of radiation lets us look at reality through a new angle - it is like twisting a mirror and discovering something completely different," says...
New research group at the University of Jena combines theory and experiment to demonstrate for the first time certain physical processes in a quantum vacuum
For most people, a vacuum is an empty space. Quantum physics, on the other hand, assumes that even in this lowest-energy state, particles and antiparticles...
Physicists in the EPic Lab at University of Sussex make crucial development in global race to develop a portable atomic clock
Scientists in the Emergent Photonics Lab (EPic Lab) at the University of Sussex have made a breakthrough to a crucial element of an atomic clock - devices...
Every year earthquakes worldwide claim hundreds or even thousands of lives. Forewarning allows people to head for safety and a matter of seconds could spell...
11.03.2019 | Event News
01.03.2019 | Event News
28.02.2019 | Event News
19.03.2019 | Physics and Astronomy
19.03.2019 | Life Sciences
19.03.2019 | Physics and Astronomy