are you using a Windows 2000 platform for your online money transactions? It could be unsafe because there are bugs in the pseudorandom number generator (prng) of the programme. This helps others access your private information including credit card numbers and passwords. prng controls a crucial component of encryption for secure communications through the internet. This includes communications with banks and email servers. prng is supposed to encrypt these communications in such a way that it reaches the correct server and only the recipient computer can decode the information.
Israeli researchers deciphered the working of prng, which allowed them to compute not only the future encryption keys used by the platform but also go in to past encryptions, which helped them access private information. The study notes the fact that the random number generator used by Windows 2000 does not provide 'forward security' demonstrates that the design of the generator has problems.
Benny Pinakas, the lead researcher says such break-ins needs advance planning and can threaten companies and individuals handling sensitive information. The group which is from the Hebrew University of Jerusalem recently presented these results at the acm Conference on Computer and Communications Security in Virginia. The researchers did not scrutinize the later versions of Windows like XP and Vista, but they alert these systems may also be at a risk as they too use the same technology. But others say this is nothing new. Anindya Roy, an IT expert at Cybermedia publications, says, "Even in the past security lapses have been detected," he says. Microsoft has, however, denied reports on the security vulnerability of windows.
We are a voice to you; you have been a support to us. Together we build journalism that is independent, credible and fearless. You can further help us by making a donation. This will mean a lot for our ability to bring you news, perspectives and analysis from the ground so that we can make change together.
Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.