COMMAND

    "You are now in France" attack

SYSTEMS AFFECTED

    Win NT 4.0

PROBLEM

    Peter Gutmann  posted following.   The MS  CryptoAPI mailing  list
    recently  carried  an  example  of  how  an actual "You are now in
    France" attack might work.   It turns out that  if you switch  the
    system-wide  locale  of  an  NT  system  to French, the encryption
    functionality of  CryptoAPI disables  itself (signing  and hashing
    still works).   Conversely, switching  the locale  from French  to
    something  French-related  (Belgian,  Swiss,  or  Canadian French)
    re-enables the crypto.   Since NT allows per-thread  locales, it'd
    be interesting to  see if you  can selectively enable/disable  the
    crypto  for  a  particular  application  without needing to change
    your system-wide locale setting  (set the system locale  to French
    Canadian, then set the thread locale  to French so you get the  UI
    acting  as  "French"  French  but  the  crypto  acting as Canadian
    French).

    France does not allow the use of strong crypto.  Thus, a  proposed
    attack on systems that take this into account is to fool them into
    believing  they're  operating  in  France,  whereupon they quietly
    disable their crypto.  What NT is doing is a fairly reasonable way
    to comply  with a  silly restriction,  but it  does provide a good
    example  of  how  a  "You  are  now  in  France"  attack  might be
    performed.

SOLUTION

    Nothing yet.