Need help in the world of technology? Here is the section for you, or talk about your favourite tech related topic, or what is new in the world of tech here.
Microsoft has conceded that the pseudo-random number generator used by Windows XP suffer the same security shortcomings at Windows 2000.
Israeli researchers researchers recently discovered it was possible to predict the output of random-number generator built into Windows 2000, after first determining the internal state of the generator. Random numbers are a critical sub-component of cryptography functions, such as the generation of keys used for SSL exchanges.
Win XP - but not Windows Vista - are subject to the same problem, Microsoft admits. However the software giant has no plans to release a fix until Windows XP Service Pack 3 in the first half of 2008.
Microsoft said that to pull off the attack an attacker would need to have gained ownership of a machine, after which worries about random number would be the least of a user's worries. "Because administrator rights are required for the attack to be successful, and by design, administrators can access all files and resources on a system, this is not inappropriate disclosure of information," a company spokesperson told Computerworld. "If an attacker has already compromised a victim machine, a theoretical attack could occur on Windows XP." ®
