Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer. ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run crypographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view.
Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".( Read more...Collapse )http://www.heise.de/tp/r4/artikel/5/5263/1.html
The question is, who is silly enough to deal with national-security level sensitive information using a Windows OS? Even without a NSA backdoor key in it, all of Microsoft's OSes (with the possible exception of Vista, for which it's too early to say) are far too insecure to handle even moderately sensitive information.