‘Windows 2000’ users’ emails, credit card numbers susceptible to hacking

Washington, November 13: Computer scientists at the University of Haifa have found that emails, passwords, and credit card numbers typed on a computer using Microsoft’s “Windows 2000” operating system are susceptible to hacking.

"This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers, " said Dr. Benny Pinkas from the Department of Computer Science at the university.

The researchers have discovered the security loophole in the random number generator of Windows, a program that acts as a critical building block for file and email encryption.

When an internet user types a password or a credit card number while surfing a website, the random number generator changes the information into a secret code so that it can be read by the relevant website only.

The researcher say that they have deciphered how the random number generator works, and this has enabled them to compute previous and future encryption keys used by the computer.

According to them, this information can be used to spy on private communication.

"There is no doubt that hacking into a computer using our method requires advanced planning. On the other hand, simpler security breaches also require planning, and I believe that there is room for concern at large companies, or for people who manage sensitive information using their computers, who should understand that the privacy of their data is at risk, " said Dr. Pinkas.

The researchers believe that Windows XP and Vista also use similar random number generators, and may be vulnerable.

They have intimated the Microsoft security response team about their discovery.

They have also suggested that the company publish the code of their random number generators as well as of other elements of the "Windows" security system to enable computer security experts outside Microsoft to evaluate their effectiveness. (ANI)