News Burst: Windows CE flaw gives up NT passwords

A security blunder in Windows CE 2.x makes it relatively simple to capture a user's NT password after they have connected using the ActiveSync function, according to a security expert.

Windows CE programmer Jeff Zamora has revealed that when a CE device saves and supposedly "encrypts" a user's NT password, it simply applies a very basic mathematical function based on numerical values of the word susageP in order to encode the message. "susageP" is Pegasus backwards: The code name for Windows CE.

Renowned security expert Bruce Schneier highlights this flaw in his latest newsletter and comments: "It's so pathetic it's staggering."

British security consultant Matt Bevan of TigerTeam security is similarly appalled. "It's criminal," he says. "Any cryptography that's based on a single key is totally useless once that key has been compromised. It's like the DVD encryption. That is pretty useless from a security perspective now because you can fairly easily get hold of the keys. It's basically like basing the enigma code on the word 'Adolf' backwards."

Full story to follow.

What do you think? Tell the Mailroom . And read what others have said.