The Guide - NSA guidlines

Security Issues with MS Windows

	Introduction
	The Problem
	Why is this Misleading?
	So How is security breached?
	Can Things get shoddier?
	Other Resources
	Analysis and comparsion with NSA guidlines
	World Class Authority
	Conclusions
	Further links for Reference

Analysis and comparison with NSA guidelines

<URL: http://fmg-www.cs.ucla.edu/
classes/239_2.spring98/papers/capi19.html>
CryptoAPI was not designed for novice C programmers. Programmers< using this CAPI will need substantial C expertise and cryptographic programming expertise. Efforts to abstract the CryptoAPI interface into C++ or Visual Basic objects have been demonstrated; however, they do not reduce the level of cryptographic programming expertise required for a good implementation. CSP developers will also need expert programmers familiar with the process and security models of Microsoft's operating systems.

Report on US Electronic (IRS) Tax Filing System ("ir-File")
"Where do your Encryption Keys want to go today?"

<URL: http://www.cs.auckland.ac.nz/~pgut001/pubs/ird.html>
Another way to repudiate a fraudulent return is to claim that the security mechanisms used are insecure, and that because they can be broken, someone could have done this and filed the fraudulent return (explaining why anyone would bother to do this isn't necessary, all you're interested in is casting doubt on the evidence). Thanks to the reliance of ir-File on ActiveX and Microsoft's CryptoAPI, this is fairly easy to do. Microsoft's CryptoAPI, (which) has a number of known security flaws. The worst one of these is a function called CryptExportKey(), which hands out your private key (that is, your signature-generating token) to anyone who asks for it. Although Microsoft finally fixed this in Internet Explorer (MSIE) 5, the flaw is present in both versions of MSIE which are recommended in the ir-File documentation (3.02 and 4.0).

"Where do your Encryption Keys want to go today?"

<URL: http://www.comnet.co.za/ken/March1998/aboutms.htm>
...a major security hole in Microsofts CryptoAPI means that many keys which aren't stored on a disk file can be recovered without even needing to break the encryption....
As a result of these flaws, no Microsoft internet product is capable of protecting a users keys from hostile attack. original paper at

<URL: http://www.insecure.org/sploits/microsoft.private-key.protections.html>

WindowsCE aspects

<URL: http://www.microsoft.com/WindowsCE/EMBEDDED/RESOURCES/CRYPTO.ASP>
With its support for many different communications interfaces, the Microsoft® Windows CE operating system enables a wide variety of mobile information appliances. These programming interfaces can also provide secure communications to ensure the integrity and privacy of sensitive data. From data-link authentication using PAP, CHAP, and Microsoft CHAP, through the Microsoft CryptoAPI, SSPI, Winsock, and the WinInet API functions, the wide variety of support for communications security means that existing and new applications can take advantage of standard methods for authenticating users and encrypting data.

Note that there have been new vulnerabilities found in Windows CE password handling:
http://www.tbtf.com/blog/1999-11-14.html#3
http://www.cegadgets.com/artsusageP.htm
http://www.counterpane.com/crypto-gram-9911.html

World Class Authority

Analysis and comparison with NSA guidelines

Report on US Electronic (IRS) Tax Filing System ("ir-File") "Where do your Encryption Keys want to go today?"

"Where do your Encryption Keys want to go today?"

WindowsCE aspects

Report on US Electronic (IRS) Tax Filing System ("ir-File")
"Where do your Encryption Keys want to go today?"