New Worlds: Israelis beat 'secure' Windows program

Haifa researchers: Security vulnerability enables tracking of e-mails, passwords, credit card numbers and all correspondence produced by any computer using system.

November 24, 2007 20:31
3 minute read.
windows xp logo 88

windows xp logo 88. (photo credit: )


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


A group of Haifa researchers has found a security vulnerability in Microsoft's old-but-still-used Windows 2000, enabling the tracking of e-mails, passwords, credit card numbers and all correspondence produced by any computer using that system. "This is not a theoretical discovery," says Dr. Benny Pinkas of the University of Haifa's computer science department. "Anyone who exploits this security loophole can access this information on other computers." Various security vulnerabilities in different operating systems have been discovered over the years. Previous breaches have enabled hackers to follow correspondence from a computer from the time of the breach onwards. This newly discovered loophole - exposed by a team which included, along with Pinkas, Hebrew University graduate students Zvi Gutterman and Leo Dorrendorf - enables hackers to access information that was sent from the computer prior to the security breach, and even information that is no longer stored on the computer. The results of the research are described in a paper presented at the recent ACM Conference on Computer and Communications Security in Alexandria, Virginia The researchers found the security loophole in the random number generator of Windows. This is a program which is, among other things, a critical building block for file and e-mail encryption, and for the SSL encryption protoco used by all Internet browsers. For example: in correspondence with a bank or any other Web site that requires typing in a password or a credit card number, the random number generator creates a random encryption key which is used to encrypt the communication so that only the relevant Web site can read it. The research team found a way to decipher how the random number generator works and thereby compute previous and future encryption keys used by the computer, thus eavesdropping on private communication. "There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information, who should understand that the privacy of their data is at risk," explained Pinkas. According to the researchers, who have already notified Microsoft about their discovery, although they only checked Windows 2000 (currently the third-most-popular operating system in use) they assume that newer versions of Windows XP and Vista use similar random number generators and may also be vulnerable in this way. Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of its random number generators as well as of other elements of the Windows security system to enable computer security experts outside Microsoft to evaluate their effectiveness. PRIMATE EMBRYOS CLONED If embryos can be cloned from adult monkeys, are humans far behind? A private US research facility - the Oregon National Primate Research Center - has reported in Nature its ability to create cloned embryos from adult monkeys. Led by researcher Shoukhrat Mitalipov, it was the first time that scientists have been able to create viable cloned embryos from an adult primate. The scientists extracted stem cells from some of the cloned embryos and were then able to stimulate the embryonic cells to develop into mature heart cells and brain neurons. Don Wolf, who ran the center before he retired recently, said the procedure was based on a microscopic technique that doesn't use ultraviolet light and dyes, which seem to damage primate eggs. "We could now produce cloned blastocysts (embryos) in the monkey at a reasonable frequency," Wolf told a newspaper. The Oregon team, working with a group in China, produced about 100 cloned embryos that were transferred into 50 female macaques, but none resulted in a full-term pregnancy, The cloning of human embryos for reproductive purposes is illegal in most of the world, including Israel.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

[illustrative photo]
September 24, 2011
Diabetes may significantly increase risk of dementia