Major security hole in Microsoft Windows 2000 operating system allows hackers to crack passwords and obtain credit card details Major security hole in Microsoft Windows 2000 operating system allows hackers to crack passwords and obtain credit card details - RSS feed from Security Park
(21/11/2007)

A potentially serious flaw in Windows 2000 can apparently compromise emails, passwords, bank and card details typed in on a PC keyboard. A team of Israeli computer scientists have discovered a major security hole in the Microsoft Windows 2000 operating system that allows hackers to gain access to sensitive information on computers and servers running the software. The random number generators used by Windows 2000 to encrypt files, emails and passwords could be compromised by hackers, and the random encryption keys deciphered.

"The problem stems from a flaw in the random number generator in Windows 2000. The flaw allows encrypted Web data and email transmissions to be decoded," said David Hobson, MD of Global Secure Systems (GSS).

According to Hobson, those companies that have implemented encrypted VPN connections for their remote data entry can breathe a sigh of relief that their systems are relatively secure against the problem. "We have always advised our clients to adopt a belt and braces approach to their IT security. You should never presume that a basic software-only encryption system such as that seen in Windows 2000 prevents eavesdropping," he said.

"Complete encryption of the datastream, as seen on a secure VPN connection, is the only real way of protecting remote data entry across the Internet. It may not be as sexy as two-factor authentication, but it has a proven track record," he added.

Hobson went on to say that some news reports suggest that the Windows 2000 encryption flaw may also affect Windows XP and Vista users. "Myself, I have my doubts, but I've learned that anything is possible when it comes to Microsoft security flaws. Companies really need to employ hardware-enabled encryption on all their data streams flowing across the Internet to be totally safe," he explained.

Related topics:  Application and software security   Computer and PC Security   Data management and data security   Encryption   Hacking and intrusion prevention   Internet and Web security   VPN 


print versionPrint version | email this to a friendEmail to a friend | related articlesRelated articles


Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.


Other Security news and resources


Security News Suppliers Directory Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security interviews Security companies Security events Security links Security market

Product channels

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

IT Security white papers and research library

Access Control  Authentication  Data Management  Data Security  Digital Signatures  Email Security  Identity Management  Internet Security  Intrusion Prevention  Network Security  Remote access security  Security Management  Security Policies  Security Software  Security Threats  Virus Detection Software  Virus Protection  VPN  Vulnerability Assessment  Wireless Security 

Security books, guides, standards and toolkits

RFID and Smart Cards books, guides and reference documents  Biometric books, guides and reference documents  CCTV books, guides and reference documents  Intruder alarms and intrusion detection systems books, guides and reference documents  Monitoring and surveillance books, guides and reference documents  IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits  Fire, Health & Safety books, guides and reference documents

Security Resources
Directory GET LISTED! Jobs forum Classifieds Knowledge base White papers Research library Security books Security videos Special reports Security companies Security events Security links Security market Company news

Security Products
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Security products

Security Markets
Bank and financial services security Corporate and enterprise security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security Small business security Sports and recreational security Transport and logistics security


Ensure that you conduct an effective information security risk assessment that is in line with ISO 27001 by purchasing vsRisk™ Risk Assessment Tool

Need a
Security reference book?
Find it on Amazon
Security books







advertise
sumbit an article
copyright
terms & conditions
privacy policy


CMS and Web design by www.Areza.com

Article search

Directory search


add your company
Google

ISO 18028 (Network Security Management)
Home | About | Contact | Submit article | Advertise | Newsletter | RSS | Search