You are here: IT-Observer » Articles » Editorial RSS | White Papers |   

Microsoft dumps Vulnerable Encryption Algorithms





Microsoft is planning to ban certain cryptographic algorithms from its new code, citing sophisticated attacks that make them less secure. The algorithms are used to create digital signatures and verify the integrity of the information passed within the products.

The software company issued a new policy for all developers that blocks functions using MD4 (Message Digest Algorithm), MD5 and the DES (Data Encryption Standard) encryption algorithms. In order to enforce the new policy, all code will be scanned by automated code scanning tools that will flag insecure functions and ask the developers to change the code.

Microsoft will implement the Secure Hash Algorithms 256 (SHA256) and the Advanced Encryption Standard encryption algorithms instead.

Although the replacement is planned for the new code only, Microsoft said that eventually it will replace vulnerable code in older versions too.

The usage of vulnerable cryptographic algorithms could expose sensitive information; however it is unlikely to see attacks on these algorithms yet.



Prevent data theft & viruses through network connected USB sticks, PDAs & media players. Control user access to endpoint connections with GFI EndPointSecurity - Free trial!

Visit GFI Security Software page for more information.

 

FREE IP PBX: 3CX VOIP Phone System for Windows. No timeouts or limitations

 

Latest News

eEye released integer overflow auditing tool
16.02.07  Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.

AES Password Manager 2.3 released
16.02.07  AES software has announced the availability of AES Password Manager 2,3, the latest version of their password management application that allows users automatically access password-protected web sites and email accounts.

IBM safeguards against Microsoft vulnerabilities
16.02.07  IBM’s security division, Internet Security Systems, offers protection from several critical vulnerabilities announced by Microsoft.

Firefox cookie-stealing vulnerability
15.02.07  A new zero-day vulnerability in Mozilla Firefox allows malicious web sites to forge authentication cookies for certain web sites.

Valentine’s Day: a powerful lure for spreading malware
09.02.07  As Valentine´s Day approaches, users should keep a wary eye on any romantic messages received by email, as many of them could contain malicious code.

Skype reads out your BIOS data
09.02.07  The Windows version of the Voice-over-IP software Skype reads and stores the BIOS and motherboard serial number of a user’s computer.

Utimaco SafeGuard Enterprise supports BitLocker
09.02.07  Utimaco has announced that its SafeGuard Enterprise now supports Windows Vista BitLocker drive encryption.

Copyright © IT-Observer Online Publication 2000 - 2007 Top | RSS Feeds | About Us   
Site Meter