-Caveat Lector- Isn't it interesting how the DOJ (Federal "Justice" Dept... "just-us" in gov't...) seems to have quickly and completely backed off of any interest in the MONOPOLY held by Microsoft ? Could it have anything to do with preferential pricing (or free) software provided to the FEDS? I have seen a MS-Office installation CD marked "Government use only" which required NO "CD-KEY" .. therefore, no serialization... unlike the versions us PROLES purchase, which cannot be installed without a long string of numbers from the little orange sticker on the back of the CD envelope... Or could it have something to do with NSA "Trojan Horse" encryption key in every MS operating system? Both? What other little surprises will come to light, one wonders? Dave Hartley http://www.Asheville-Computer.com http://www.ioa.com/~davehart ************************* from: http://www.cryptonym.com/ "A demonstration program that replaces the NSA key can be found on Cryptonym's website." *[Comment from Dave: Unfortunately, I was unable to locate this demo program]* In the[Microsoft] CryptoAPI system, it was well known that Windows used special numbers called "cryptographic public keys" to verify the integrity of a CryptoAPI component before using that component's services. In other words, programmers already knew that windows performed the calculation "component_validity = crypto_verify(23479237498234...,crypto_component)", but no-one knew exactly what the cryptographic key "23479237498234..." meant semantically. Then came WindowsNT4's Service Pack 5. In this service release of software from Microsoft, the company crucially forgot to remove the symbolic information identifying the security components. It turns out that there are really two keys used by Windows; the first belongs to Microsoft, and it allows them to securely load CryptoAPI services; the second belongs to the NSA. That means that the NSA can also securely load CryptoAPI services... on your machine, and without your authorization. The result is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system. For non-American IT managers relying on WinNT to operate highly secure data centers, this find is worrying. The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US; that they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers. There is good news among the bad, however. It turns out that there is a flaw in the way the "crypto_verify" function is implemented. Because of the way the crypto verification occurs, users can easily eliminate or replace the NSA key from the operating system without modifying any of Microsoft's original components. Since the NSA key is easily replaced, it means that non-US companies are free to install "strong" crypto services into Windows, without Microsoft's or the NSA's approval. Thus the NSA has effectively removed export control of "strong" crypto from Windows. A demonstration program that replaces the NSA key can be found on Cryptonym's website. Dave Hartley http://www.Asheville-Computer.com http://www.ioa.com/~davehart DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
