Re: [TCLUG:8088] Can anyone verify the contents of this email?

[Christopher McKinley <lamfada@lugh.net>]

Well, they probably saw the announcement on /.:
http://slashdot.org/article.pl?sid=99/09/03/0940241
Basically, in previous versions of NT (up to SP4), when the CryptoAPI
Services were loaded, they first checked the MS key provided, and then
checked another key, but there was not really any way of proving whose the
other key was because all of the symbols had been stripped.  In the
version which SP5 provides, the symbols were not stripped, and the second
key is named "_NSAKEY" (the MS key is named "_KEY").  Both of these keys
can be replaced, but replacing "_KEY" kills Windows (this is part of
the security subsystem).  If you replace "_NSAKEY", then the NSA can not
access your system.  It may also be possible to put a different backdoor
key in there.

The cryptonym site is:
http://www.cryptonym.com/hottopics/msft-nsa.html

Another note on that site is that Win2k has three keys, MS, NSA, and a
third, unknown party.

-Chris

On Fri, 3 Sep 1999, Troy Johnson wrote:

> ------- Forwarded message follows -------
> Date sent:      	Fri, 3 Sep 1999 10:46:22 -0600
> Send reply to:  	security@NTSHOP.NET
> From:           	WinSA Publisher <winsa-pub@NTSECURITY.NET>
> Subject:        	[ SECURITY ALERT ] MS OSes HAVE A BACK DOOR!
> To:             	winsa@LISTSERV.NTSECURITY.NET
> 
> =================== SPONSORED BY AELITA SOFTWARE =================
>               EventAdmin - THE SMART WAY TO LOG EVENTS!
> EventAdmin provides system administrators with a central location
> for collecting, storing, and analyzing information contained in
> event logs; and a convenient method for event monitoring, automatic
> notification, and alerting. Click for a FREE trial NOW!
>          http://www.aelita.net/Redirect/EventAdmin_btq.htm
> ==================================================================
> 
> August 31, 1999 - WINSA - In what's sure to become some of the
> hottest news on the planet, we've just posted a detailed report
> that reveals at staggering revelation: MS OPERATING SYSTEMS APPEAR
> TO HAVE A BACK DOOR!. And according to the discoverer, the keys to
> this door are held by both MS and the National Security Agency
> (NSA.) This is very distrurbing news folks.
> 
> In his report, Andrew Fernandez airs out exactly what he found,
> how he found it, and how to remove the risk from your NT and
> Win2K systems -- we're providing a mirror site to the fix
> utility provided by Fernandez. Be sure to stop by the home and
> read this startling information! http://www.ntsecurity.net
> 
> Thanks for subscribing to WINSA!
> Please tell your friends about this list.
> 
> Sincerely,
> The WINSA Team
> 
> =======================================================================
> TO SUBSCRIBE to this newsletter and alert list DO NOT REPLY, instead
> send e-mail to listserv@listserv.ntsecurity.net with the words
> "subscribe winsa anonymous" in the body of the message without the
> quotes -- TO UNSUBSCRIBE, send e-mail to the same address listed above
> with the words "unsubscribe winsa" in the body of the message.
> =======================================================================
>                   WINSA is powered by LISTSERV(R) software
>                  http://www.lsoft.com/LISTSERV-powered.html
> =======================================================================
> Copyright (c) 1996-99 M.E. - ALL RIGHTS RESERVED
> Forwarding NTSD Alerts is permitted, as long as the entire message
> body, the mail header, and this notice are included.
> ------- End of forwarded message -------
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
>