Windows NT Security Under Fire

Robert Harley (Robert.Harley@inria.fr)
Mon, 1 Jun 1998 14:33:42 +0200 (MET DST)


http://www.wired.com/news/news/technology/story/12629.html

>Listen to security expert and consultant Bruce
>Schneier and he'll tell you that Windows NT's
>security mechanism for running virtual private
>networks is so weak as to be unusable.
>[...]
>Schneier, who runs a security consulting firm in
>Minneapolis, says his in-depth "cryptanalysis" of
>Microsoft's implementation of the Point-to-Point
>Tunneling Protocol (PPTP) reveals fundamentally
>flawed security techniques that dramatically
>compromise the security of company information.
>[...]
>"It's kindergarten cryptography. These are dumb
>mistakes,"
>[...]
>Schneier emphasized that no flaws were found in
>the PPTP protocol itself, but in the Windows NT
>version of it. Alternate versions are used on other
>systems such as Linux-based servers.
>
>Microsoft's implementation is "only
>buzzword-compliant," Schneier said.