Slashdot Mirror
Microsoft Admits XP Has Same Bug As Win2K
Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% of US and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.
if you already have admin access via another "exploit" why would you bother attacking via random number generator, seems like its a lot of fuss over nothing, Windows has alwayss been vunerable locally (luckily for admins whose users forget passwords etc) so the most worry is over a remote exploit which this flaw isnt. But iam sure some million dollar company will sell a solution for this, paranoia is a great sales tool in the murky world of snake oil, cough i mean computer security
If you have admin access, the battle's already lost. What's the point of running a complex process to obtain their password when you have full access to everything on their computer? Might as well just drop in a keylogger and get the same info much easier.
Comment of the year
A reason to upgrade to Vista! ;)
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
This article refers to this summary of this paper
I fail to see why you would need administative privelidges however. You would only need to run in the userspace of the process that did run the random number generator before. Having administrative privs would be nice to inject code into that userspace, but is not needed i think.
It can get even worse if from a public key part the random number that was used to generate it can be extracted, what was done in early ssl implementation attacks.
Why is this flamebait? Surely the original post and the pathetic summary was flamebait?
As lots of people have commented, if you have admin rights you own the box.
Has Microsoft officially stated that the bug is not present in Vista? Or will they "recently discover" that too.
Here is the original article on the ACM.
Very brief summary of article
Each process has their own instance of the generator, and the refresh of the internal state is done after 128 kbs of output from the generator (roughly 600-1200 SSL connections with IE). Not only that, it is run in the userspace so it is not a security violation to examine the internal state of the generator. The function used is not one-way which provides a means looking at past transactions of a user (within the 128 kbs of data).
Lack of planning on your part does not constitute an emergency on mine.
"The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable."
I for one welcome our new random number generating overlords But seriously, aside from the "we're exploiting this because we can" this is hardly a security liability. They already have administrator and there's not much left to be compromised.
Everything clever I considered putting here I got from other slashdot sigs.
Microsoft claims this is not a "security vulnerability" because the machine has to already have been cracked to exploit it.
That is not 100% correct.
It is still a "security vulnerability".
It just cannot be exploited to increase your access on that machine.
That we know of. Today. So the code still needs to be patched. Security is not an "either / or" situation. You have to reduce the effectiveness of threats.
While in general I think open-source and closed-source software can coexist, I think this is a pretty good example of why anything related to crypto should be open. All of public key cryptography relies on the secrecy of private keys, not on the secrecy of the algorithm itself. And while they might have faithfully implemented the algorithm, who knows what kinds of arguments/whatever to the crypto functions might cause undesired results -- it's just too hard to test.
In any case, the thing that surprised me most from the article was that Windows 2000 users would be left out in the cold: "Because the company has determined that the PRNG problem is not a security vulnerability, it is unlikely to provide a patch [for Win2K]." Wow. Especially when it's something this easy to fix. This bug also solves any attacker's problem of trying to sort valuable from non-valuable information, since presumably any valuable information (credit cards used online, etc) will use encryption. And while someone suggested that a program should use its own random number generator, there is a problem because, in general, your application (not running as Admin) shouldn't have access to nearly the same amount of entropy sources (like network activity, GUI inputs, etc).
--
Educational microcontroller kits for the digital generation -- great gift!
It's flamebait because the GP didn't have to call people retarded, in order to get his or her point across.
They also could have worded this a lot more diplomatically than they did. So yes, the GP is flamebait.
No tyrant thrives when every subject says no.
Not that I consider this flaw terribly serious unless it has the ability to compromise other encryption algos run on the machine aside from user passwords. I've never considered windows encryption secure, so never bothered with it. A person with admin rights could do what they wanted anyway as far as the system goes.
The real downside of W2K is that MS has given it the shaft for awhile, even when it wasn't in extended support they were still not supporting it very well for the last couple years as far as the add ons and other things that came out during that period. Its a shame too, W2K properly tuned is a very fast & light OS.
Maybe I'll buy up someones old XP or Server 2003 license to run on the desktop to tide me over until they finally yank out enough of Vista to make it tolerable, its replacement comes out, or Linux finally learns to handle triple and quad displays properly.
Freedom is merely privilege extended unless enjoyed by one and all.
Thanks for the flashback to l0pht's old page....! For those who don't remember it before it got rolled into @stake:
"'That vulnerability is entirely theoretical.'-- Microsoft;L0pht, making the theoretical practical since 1992."
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
Ok, so if he'd called them idiots, that would have been ok? It's just plain honest.
Possibly. What would be better still is to show, provably that those he was calling morons/idiots, were indeed morons/idiots. As it is, he just insulted all slashdotters (including me, obviously), many of whom are not either.
No tyrant thrives when every subject says no.
Microsoft Admits XP Has Same Bug As Win2K
More correctly, "Microsoft Admits XP has same bugs as Win2K."
The higher the technology, the sharper that two-edged sword.
>Microsoft said that XP SP3, due in the first half of next year, will fix the bug.
It should be an offence to know and state you know about a bug but sit on the fix for months. This is a really stupid MS position and will push people more towards alternatives like GNU/Linux.
It should be a hot fix right now.
or Linux finally learns to handle triple and quad displays properly.
I'd settle for two.
The higher the technology, the sharper that two-edged sword.
Meanwhile, free/libre open-source unices like Linux and *BSD have been having a sound random generator that doesn't suck too much for, like, ages...
No, sorry, you can keep Vista for yourself.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Can you "show, provably" that "many are not either"?
Only joking!
Alright... so what all will this Service Pack entail besides the number generator fix? Will Mac Boot Camp users run into any problems with this update? I'm just curious if it affects anything seeing as Mac claims only Service Pack 2 can be installed on the Boot Camp partition.
Greg Loesch
http://greg.loeschfam.com
One concrete weakness of this attack is that it permits you to reverse-engineer "secure" sessions _before_ you got admin privilege, as the random number generator can be 'rewound'.
:-) ) is an important trait, and MS's scheme is missing it.
So-called forward security (yes, looking at things in the past is 'forward'
Also FatPhil on SoylentNews, id 863
Who wants to bet that they'll "upgrade" to the elliptic curve algo with the NSA backdoor?
No worries about whether or not it's even legal to fix a machine that I'm using to run my business.
Free Software: Like love, it grows best when given away.
Hell no, but the onus of proof is not on me :) I'm not the one accusing.
No tyrant thrives when every subject says no.
...but I can't complain that XP has the same bug as Windows 2000 in this case-- if the researchers didn't find the problem and publish it before last month, it seems to be asking a little much to expect Microsoft to fix a bug nobody knew they had.
As to patching Windows 2000: They're going to patch XP, and if the bug is in both, chances are it's the same code. I believe they should at least look at it and see if a patch is going to be simple. That said, it'd have to be darned simple to be worth it: if you're running Windows 2000 still, I'm gonna go out on a limb and guess you're probably not all that interested in updating it, or you'd probably be running XP by now... Not releasing a patch won't affect many people at all, and for those people, they still had to get Admin rights cracked to begin with...
And your "random"-number generator, unless based on a proven algorithm, might well have vulnerabilities of its own to worry about. If you keep the source code secret, no serious security person is going to touch it with a barge pole; and if you show the source code, then your extra layer is largely irrelevant since the sequence only depends on a seed supplied by Microsoft's PRNG.
The nub of the problem is that a deterministic state machine can never produce random behaviour. The long term solution would be an entropy generator on the motherboard. (Actually, many machines have one already: a sound card with an unconnected high-impedance input picking up static is a good entropy source.)
Je fume. Tu fumes. Nous fûmes!
I'd settle for one working properly with all the features of my graphics card that I paid for. Granted, that's more ATI's fault than Linux's, but the end result is still a gimped laptop and an unhappy user. With all the progress that's been made in recent years there are still hardware configurations that Linux can't handle. And when "Sorry, this hardware isn't fully supported.", is the best advice the community can come up with, it's no wonder why Linux hasn't seen much wide spread uptake as a desktop OS.
I just don't see how its possible just from looking at the numbers themselves unless you're selecting from a pre-known selection of algorithms and comparing expected results with actual output from the generator given a specific seed. If you don't know the algo then you could be making educated guesses for literally years and still not work out the algorithm.
Knowing someone's password can be handy. Most folks use the same password on multiple machines or entire networks. Moreover they seldom change them.
Some drink at the fountain of knowledge. Others just gargle.
News about a legacy OS.
I have two monitors under Linux, works fine.
Some applications don't handle it as well as they should, but that's an application issue.
Troll much?
You need admin access to exploit the system with this. If you don't like windows then don't use it.
Do you know how much money Microsoft would pay to have its customers blame applications rather than the OS when problems arise?
"Troll Much"
......... doesn't matter. Once exposed it should be patched. Foa any tech professional avoiding "windows" is not really possible. I just expect more from a company claiming to be a leader in modern computing.
No I usually go fly fishing - but I do use barb-less hooks.
Whether an exploit is thru the network stack - browser - user account or admin
Its not the years, its the mileage
I was told by MCE that "there must be at least one administrator".
I logged out and logged in as "Administrator" and tried to downgrade my normal userid.
I was told once again by MCE that "there must be at least one administrator". This while I was logged in as Administrator and the user I was trying to change was the one set up on first boot of an OEM version (NOT "Administrator""
With this in mind, what is wrong with the assertion that "an attacker would have to have gained administrative access to a system before exploiting it"?
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
Exactly. All the Linux fans do is make excuses for it's shortcomings. "Linux can't run games" "It's not supposed to run games. Or the ubiquitous "It does run games, you can play WOW." etc,etc. They try to pass limitations off as selectiveness.
I also use Linux and have tried numerous distros; some work fine on my desktop but not my laptop. Some work on my laptop but give me no 3D acceleration and can't work with my wireless card. I finally ended up having to use Simply Mepis32 on my laptop, as it's the only distro that works completely with my laptop.
is it safe to assume that XPP x64 is not effected? as i understand it, it's built off of server 2k3. i didn't rtfa, but any thoughts?
not only is time travel possible, it's irrelevant.
First lesson about cryptography: don't assume that the algorithm itself cannot be cracked, rely on keys or, in this case, in the non-availability of the state of the PRNG. And of course, don't think because C/C++ is compiled into machine code, that it cannot be reverse engineered. True enough, C# managed code/Java byte code is easier to reverse engineer, but only because it is a *higher level* machine code. The basics are more or less the same.
If I look at the algorithm used by M$, it seems that they made the same very basic mistake you are now making, and they should be *very* ashamed. Even 8 years ago keeping algorithms safe was just not done. That weird scheme of theirs seems to be very much geared towards obscurity, not security. That said, I have not looked deeply into the scheme, maybe it does something incredibly smart, but I would definitely not bet on that, not even if the odds were 10:1.
You get insulted about such a small thing, and you _don't_ think you're an idiot? You're an idiot, of course!
True. Then how come we do not put locks on all our romms inside out house, lock our cabinets, lock our closets, TV, sound system, etc? Once a person breaks through your front door, you are toast. Maybe because it does not make sense and it adds to the complexity of a home, to the point that it cannot be managed anymore and your life becomes hell?
Hah. Insulted, no.
:) That would be stupid!
But the fact that I'm not insulted by it doesn't mean I should just take it
No tyrant thrives when every subject says no.
Is this news coming out now because Darth Gates want more people to buy Vista or Windows 7 when it comes out? Every one know how weak security is locally on a Win Box but it seems like since Vista quickly turned into a brown bomber now they try to bash XP (The best Win OS so far). How bout instead of spending money to announce to the world the inherent weaknesses of Windows, spend the money to develop a better OS like so many Open Source Operating Systems.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
Flamebaits and trolls have nothing to do with truth! The moderation system is designed to accommodate opinions, and doesn't take sides on what's "truth" or not. Even if you strongly believe that something is true, that doesn't mean that everyone else will, but that also doesn't mean you deserve to be modded into oblivion. What truly earns you a Troll or Flamebait mod is how you present your view, and you took an overgeneralised pot-shot at Slashdot as a whole. That's a no-no, for future reference.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
CryptGenRandom is supposed to be the Windows-equivalent of /dev/urandom. Except it's not, because of this design flaw. The implications of this extend far beyond encrypted NTFS volumes.
For example, an attacker can passively monitor a network of Windows machines, wait for one of them to do something interesting (like connect via SSL www.paypal.com), then actively compromise those selected machines later, and gain enough information to decrypt the captured SSL sessions.
Basically, if you encrypt something sensitive, before some spyware gets installed on your Windows machine---or after it's removed---the random data used for the encryption (including stuff like SSH session keys) is likely to be compromised (except perhaps in cases where you've rebooted or restarted the requisite processes in the meantime).
Do not underestimate the severity of this bug.
http://outcampaign.org/
Open source code. Easier to do research on it, easier to fix.
Whereas Windows has closed source, and you're pretty much stuck relying on Microsoft to provide fix (which they might not, hoping to use it as an argument to encourage shift toward Vista).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
All commercially available crypto in BIG TIME systems is always just snakeoil shomehow spiked by NSA.
Or, get it for free from the IACR.
http://outcampaign.org/
It would be far more accurate to say that M$ claims that this is not a bug, because the latest version does not have it ie. it is an upgrade feature. How many other products would you accept this for, a defect in a motor vehicle. No recall because the latest version does not have that defect, you just have to trade in for the upgrade (M$ version of a trade in , it is more expensive than the original OEM).
Chaos - everything, everywhere, everywhen
So it's not an exploit because you already had to get administrator access in order to do it. Funny how they didn't use that logic when it came to implementing mandatory driver signing in Vista 64. A rootkit would already need to have administrator access to get loaded.
Thank you, Microsoft, for proving that you lied about the reason why you made driver signing mandatory.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Yeah, well, take a look about the tags there in the article. One of them is 'idiots'. It probably refers to the guy who posted the article. That's slashdot in a nutshell.
[conspiracy]
I wonder if MS is purposefully leaving bugs in XP simply to encourage Vista sales? Or at least to counter all the negativity Vista has been copping. Why do we have to wait for SP3 for this fix, if not to allow more time for news to circulate that Vista is "more secure" than XP? I imagine MS is trying hard to make Vista seem more appealing than staying with XP.. not hard to imagine any large company using tactics like this with their products.
[/conspiracy]
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
Since the introduction of diskdrives with undetermined times to access a sector (so.. since the introduction of magnetical storage) computers have an excelent source of randomness. The nanoseconds part of the time when a disk creates an interrupt is random.
There is realy no need for this sound card in your server..
Or, you know, it refers to the loyal peons of Microsoft.
:)
Wait, loyal? My mistake
Also, I notice that virtually every post I'm replying to is under the AC umbrella. How about stepping out into the light so everyone can see who you are? I'm evidently not afraid to.
No tyrant thrives when every subject says no.
child resistant catches/high level bolts sure but locks?!
If you haven't tought your children to behave by the time a full lock and key is the only thing that will stop them then either your child has serious mental problems (which does happen sometimes but should be fairly rare) or you were a very bad parent.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
then your extra layer is largely irrelevant since the sequence only depends on a seed supplied by Microsoft's PRNG.
There are plenty of other potential sources of randomness you can tap into, the least significant bits of timestamps for various external events, noise on analog inputs (such as the sound card) and many others.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
So I'm sure they've known about the bug all along, however it wasn't until someone said HEY IF WE SHARE IT NOW MORE PEOPLE WILL MOVE TO VISTA. Cute...
I've never seen someone milk Slashdot for so much free and undeserved publicity in such a short time as these guys. First they get all happy because they find an exploit in an eight year old operating system. Um, how about testing Vista, guys? Wow, you find an outdated exploit.
And now they ass cover their stupidity with some more stupidity. If someone has admin access already... why do they need the "flaw" these retards found? It's already game over: if someone wants to screw your computer over, they can just format the hard drive at that point.
And then they point to those mysterious "common exploits"... that old saw that somehow OSX and Teh Lunix, both of which have had security PR train wrecks this year due to their "obscurity" security model... as some kind of justification for how worthless their research really is.
Now these idiots can talk about how many headlines their piece of slashdot exploit grabbed. And in the grand scheme of things, they found nothing of worth, aside from giving the Shitslotters some more MS-hate speech.
Linux Kernel Random Number Generator Local DoS and Privilege Escalation Vulnerability: http://www.securityfocus.com/bid/25348 Vulnerable: Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Linux kernel 2.6.22 1 Linux kernel 2.6.22 Linux kernel 2.6.22 Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7
Linux kernel 2.6.21 .6
Linux kernel 2.6.21 .2
Linux kernel 2.6.21 .1
Linux kernel 2.6.21
Linux kernel 2.6.21
Again, it's apparent that you haven't had kids yet. Either that, or your kids are morons.
Which is it?
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
You clearly do not understand the difference between vulnerabilities and exploits. Local vulnerabilities are worthless to a non-local attacker, but exploits are. Especially since MANY remote vulnerabilites are still in 0-day status. (I'd suggest the AC go to wikipedia to brush up on the terminology since they seem pretty clueless.
Jeruvy