A team of Israeli computer scientists and graduate students at Haifa University recently discovered a major security hole in the Microsoft Windows 2000 operating system that allows hackers to gain access to sensitive information on computers and servers running the software.
Israel National News reported that the researchers discovered that the random number generators used by Windows 2000 to encrypt files, emails and passwords could be compromised and the random encryption keys deciphered. With proper planning, they warned, this would allow hackers to track users, crack passwords and obtain credit card details, among other breaches of privacy.
Furthermore, because logs are kept of random encryption keys generated by Windows 2000, hackers would also gain access to information no longer stored on the compromised computer.
Despite the fact that Microsoft has released two additional versions of its operating system over the past seven years, Windows 2000 continues to be used on millions of computers worldwide, and is particularly popular on Internet servers and corporate networks. The code base of Windows 2000 also forms the building blocks of Windows XP, making it likely that the random number generators in that operating system are likewise faulty.
The Israeli team presented its findings at a recent conference on computer and communications security in Alexandria, Virginia. They urged Microsoft to take urgent action to remedy the problem.