● [转载] 人算不如天算——评WINDOWS的NSA后门 : - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: Lg (创造人生的传奇), 信区: WinNT
标  题: [转载] 人算不如天算——评WINDOWS的NSA后门  :-D(转寄)
发信站: BBS 荔园晨风站 (Mon Sep  6 10:27:38 1999), 站内信件

【以下文字转载自 Lg 的信箱】
【原文由 liugang.bbs@bbs.net.tsinghua.edu.cn 所发表】
发信人: bibble (什么★重生的喜悦), 信区: Security
标  题: 人算不如天算——评WINDOWS的NSA后门  :-D
发信站: BBS 水木清华站 (Sun Sep  5 23:59:42 1999)

Normally, Windows components are stripped of identifying information. If the
computer is calculating "number_of_hours = 24 * number_of_days", the only
thing a human can understand is that the computer is multiplying "a = 24 * b".
Without the symbols "number_of_hours" and "number_of_days", we may have no
idea what 'a' and 'b' stand for, or even that they calculate units of time.

Then came WindowsNT4's Service Pack 5. In this service release of software
from Microsoft, the company crucially forgot to remove the symbolic
information identifying the security components. It turns out that there are
really two keys used by Windows; the first belongs to Microsoft, and it allows
them to securely load CryptoAPI services; the second belongs to the NSA. That
means that the NSA can also securely load CryptoAPI services... on your
machine, and without your authorization.
//微软这个蠢蛋修改自己补不完的BUG的同时暴露了自己的最大漏洞

The Result:
    Windows CryptoAPI system still functional
    the NSA is kicked out
    the user can load an arbitrary CSP, not just one that Microsoft or the
NSA signed!

真是大快人心呀！

当然咱也别太高兴了，没准还有别的backdoor呢

--

                        那白云的深处         是我的梦想...

※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 162.105.181.203]
--
※ 转载:．BBS 荔园晨风站 bbs.szu.edu.cn．[FROM: 192.168.17.142]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店