Activating Vista Enterprise Using a Spoofed Server

Ruvim writes "It has been mentioned in previous Slashdot discussions as possibility, and now it became a reality: Information Week reports that a spoofed server has been released that can be used to activate Microsoft's Vista Enterprise versions. It is being made available on several pirate Web sites and spoofs a Key Management Service server, used to activate a large number of copies of Windows Vista in enterprise environments." From the article: "Vista is the first version of Windows that Microsoft requires volume license customers to activate. Besides KMS, the Redmond, Wash. developer also offers Multiple Activation Key, which resembles the retail version's activation process. PCs activated using KMS must reactivate at least once every six months. The MelindaGates hack uses a VMware image of a KMS server to activate -- and keep activated -- a pirated edition of Windows Vista Business. 'Looks like Windows Vista Volume Activation 2.0 is a big bust,' wrote a user identified as 'clank' on the PirateBay Web site Friday. "

Short on details

[weave]

Sounds like someone just stole a vmware image from their work that is set up as a kms (many sites are just plugging their KMS in as a vmware guest to get going).

I'm sure that Microsoft must have thought of that as a possibility. Since a unique product key is required to activate a KMS, why can't Microsoft just deactivate that compromised KMS key?

Piracy and competition

[robvangelder]

The prize being to 0wn the Microsoft security mechanisms, but more-so to do it before rival warez groups.

The warez groups aren't so much competing against Microsoft, but amongst themselves - for the sheer status of it.

Just Wait...

[Iriestx]

Honestly, I'm going to laugh my ass off 6 months down the road when MS pushes out a mandatory WGA update, disguised as another 'critical update,' that nukes pirated installs. All these scam cracked/KMS/pirated Vista copies are going to lock-up, shut down and only be able to do one thing, display the phone number to call MS to purchase a legitimate key. Pirates have gotten by the initial flaws in the authentication system. Microsoft is going to change it, and quietly force everybody to reactivate from a legitimate source. Just wait... it's coming. If you really need a free, modern OS, rather than run something that clings to functionality through hacks, cheats, cracks and work-arounds, why not just bite the bullet and download a good desktop Linux distro? It's free. It's arguably more capable than Vista. How/where/when you play your media isn't decided by the AAs and to top it all off, you don't have to hack/crack/scam to get it to run.

Re:History always repeats itself looks like

[iSeal]

The most surprising bit is that implementing cracks of this nature is nothing new. That's how cracks work for flexlm based products (Maya, ArcGIS.) You would thus think that MS would have learned from their failures and made a more resilient system. And by resilient I mean one that could last more than a week before being ultimately cracked.

Re:Just Wait...

[ZDRuX]

...why not just bite the bullet and download a good desktop Linux distro? It's free. It's arguably more capable than Vista.

Because Linux does not run Everquest and 99% of the other games I like to play on a regular basis. So as far as a "Conveninent home OS that everybody can use" - Windows is still king regardless of what everybody says.
If I had the luxury of having 2 or 3 system in my house, then I would be running Windows for the family, and Linux on the other 2 for myself, but untill the time comes when Linux can have the type of compatibility with the every-day apps that Microsoft provides, I don't think my family would appreciate me switching over to Linux. And that I think, is the main reason why Linux is still not on the majority of people's computers.

Re:Self Contained Networks

[Anonymous Coward]

You can set up your own KMS, assuming you're large enough to make it worthwhile. Failing that, MAK's can be made available that will activate from 1 to N machines much like the old Volume License Key.

Or you can switch to Linux and/or OSX. :)

Godspeed, Microsoft

[Citizen of Earth]

Let's hope that Microsoft fixes this problem very quickly. It is important that all Microsoft users pay every last penny for their habit.

And we are surprised why?

[mrpaco18]

It was inevitable that Vista Enterprise would be cracked in some way. Every version of Windows has been. In fact, I can't think of a single large-scale (scale as in cost) software that has not been cracked. No matter what any software vendor does, the dedicated pirates will always be one step ahead. Measures like product activation are only to stop widespread casual piracy, not piracy in its entirety.

Re:Just Wait...

[Kingrames]

be sure to let me know when you find World of Warcraft on a console.

Um...

[tsanth]

I daresay you're sidestepping GP's points:

1) Linux does not run a critical set of games which he wants to play.
2) Linux apps lack the kind of application compatibility that he and his family are looking for.

Let's accept that a console is superior to a PC for gaming, and let's accept that Linux is preferable to Windows for general computing tasks. GP's two points are still unresolved: he wants to play that particular set of games (presumably not available on either a console or on Linux) and he wants compatibility for a specific set of applications (presumably Windows-only applications without equivalent Linux alternatives/ports).

Re:Just Wait...

[Anonymous Coward]

Honestly, I'm going to laugh my ass off 6 months down the road when MS pushes out a mandatory WGA update, disguised as another 'critical update,' that nukes pirated installs.


Me too. But I'm going to DIE laughing when it turns out they nuked thousands of legit copies along with the pirate copies.

I don't object to paying for software, but there is no way in hell I'm going to put up with the vista activation bullshit.

Fooled me once (XP) shame on you. Fooled me twice (and tied me up and kicked me a few times (Vista)) shame on me.

Re:Short on details

[Anonymous Coward]

That's assuming the information somehow escapes because pirates are mass distributing keys and other information. On the other hand, legitimate purchasers of Vista may want to do their own "home-grown validation" in order to get a product that:
A) doesn't phone home to MS on a regular basis
B) dosen't need to re-validate on a regular basis and break if it doesn't
C) doesn't throw a hissy fit if they do too many hardware upgrades, and,
D) continues to work the way the product SHOULD work when they are actually legitimate customers, despite whatever bugs may exist in the validation software.

In other words, people with legitimate licenses may want to circumvent for the purposes of yielding a more reliable system without this superfluous "feature", in which case they don't have to use or expose the existence of technically illegitimate keys. They can just block anything involved with validation to/from Microsoft at the router, in which case MS can deactivate the key all they like, but the spoofed system won't see it if it is only talking to the fake key server.

Interesting twist on the Vista Edition

[Jugalator]

An interesting twist from this is that the most feature-rich Vista Ultimate Edition may not be the most warezed one after all. Because these aren't supporting KMS activation, unlike Enterprise and Business who were both intended for this use. However, for a pirate, that may not matter much, as the benefits of Vista Home Basic/Ultimate (= home/entertainment-oriented software) is probably quite easily outweighed by already available software, often free.

Re:it boggles the mind - Windows Genuine DISASTER

[istartedi]

Why anyone would run their business (or hobby) on a system that is subject to DeActivation

Hold on... Before we answer that we need to upload some more pictures to flickr.com. Then we need to update our blogs on MySpace and reply to some contact invites on LinkedIn.

And yes, an unfavorable change in the ToS on these sites is not as bad as deactivation. A complete loss of service appears unlikely at this stage; but you never know what might change. The bottom line? Unless you control your data, and store it in a format that can be easily converted to use with other Operating Systems or services, you are vulnerable.

ROTFLMAO

[MoxFulder]

Best Soviet comment ever...

Why?

[Belial6]

"You can flip over a screwdriver to pound in nails, but why not just use the hammer?"

because the screwdriver manufacturer hasn't installed a "Feature" that makes the tool cease to function, forcing you to call the hammer manufacturer to ask permission to regain use of that hammer you bought. All the while knowing that at some point, the hammer manufacturer is going to decide they want to sell their new hammers, so they will stop giving permission to the old hammer owners to keep using their purchased hammers.

The real question would be, "Why would you buy a screwdriver, when you can rent a hammer?"

So what _does_ Vista actually secure?

[msobkow]

The DRM module doesn't block unsigned drivers, allowing injection of attack code.

The license module has been spoofed, which means it's not protecting Microsoft's revenue.

Does Vista protect anything other than media restrictions imposed by producers?

Re:Why?

[djbckr]

so they will stop giving permission to the old hammer owners to keep using their purchased hammers.

Now, I'm realizing that I'll probably get flamed for this, but here goes anyway...

You did *not* purchase a hammer, you bought a license to *use* a hammer at the manufactures discretion.

Unfortunately, that's how software sales works now. I hate it.

MOD parent FUNNY

[crossmr]

99% of the games? You're kidding right?

Re:Just Wait...

[Kuciwalker]

If playing WoW is one of your major activites on the computer then what exactly is wrong with ability to run WoW being a factor in OS choice?

Re:Link to the torrent.

[Firehed]

Something tells me this would have been one of those occasions where posting as an AC would have been a wise choice. Personally, I don't find a bit of Slashdot karma worth having the Long Baton of Microsoft forcefully inserted into an exit-only part of my body.

But, your call. I thought it was easy enough to find just by going to the top of the Top 100 list for Windows software at TPB ;)

Re:Why?

[mojodamm]

See, I suppose this is why I differ from the /. "The screwdriver is God!" groupthink. I've NEVER had a problem with my hammer being taken away. I've never been forced to upgrade. Sure, I've purchased larger hammers due to my desire to run certain applications, but it was not becase I was suddenly denied my right to use my hammer.

I'd be surprised to hear that such a thing is anything more than FUD because people don't like the hammer-maker, or that it affects a significant portion of the people that actually use the tool as intended.

Of course, if you don't go to the manufacturer, and instead buy your hammer off some shady dealer off the internet, you can't rightfully complain that your hammer is sub-standard. They call them 'cracked' for a reason...

Re:Even better: thepiratebay!

[Sir Homer]

Wow, should Slashdot should castrate anyone who is against the notion of copyright law? Either make file sharing legal (the democratic method) or put the 50+ million people who do it in jail (the fascist method). I think we are headed toward the fascist method.

Re:Why?

[Belial6]

And that is exactly it. If I am just buying a license, then those who are "selling" it are committing fraud. If I see and ad that says a product is for "Sale", go into a store and see a sign under the product that says "Sale", go to the register, pay for the product and get a "Sales" receipt... For the manufacturer of the product to still own that product, SOMEONE must have committed fraud.

Re:Microsoft.Windows.Vista.Local.Activation.Server

[Anonymous Coward]

its VMWare, just take snapshots and rollback?

Re:Just Wait...

[AnyThingButWindows]

when Linux can have the type of compatibility with the every-day apps that Microsoft provides

None of my apps run on windows. Therefor windows is useless to me. Until the time comes when windows can run software like Soundtrack Pro, Final Cut, Shake, AppleWorks, VisualHub, MacTheRipper, Toast 7 Titaanium, Fire.app, Audio Hijack Pro, iPhoto, iWeb, and all my other every day applications, such as the tools I use remotely via SSH, then forget it. Windows isn't compatible at all. I don't think anyone here in this office has any use for Windows since it is almost worthless for what we do with Video and Audio.

When MS has the type of compatibility with every-day apps that OS X, and *BSD/Linux systems provide, maybe it will respectable OS. Until then, it is just overpriced junk that won't run anything.

Conveninent home OS that everybody can use

UNIX is still king regardless of what everybody says.

Re:And we are surprised why?

[smash]

Which is good enough. If Joe 6pack has to jump through hoops to pirate, he might just buy the product

On the contrary, if "joe sixpack" has to jump through hoops to run his legitimately purchased product, perhaps he won't bother.

I'm fully prepared to pay for an O/S (have purchased several variants of Linux, previous microsoft O/S, etc) however i'm not willing deal with an O/S that constantly phones home to verify that I am allowed to run it.

Paying for a product is supposed to be less painful than simply running the pirate version, not the reverse...

Re:Apples and pears

[smash]

Last I checked, you didn't pay several hundred dollars for the services offered by Myspace of Flickr. Rightly or wrongly, people perceive software as a once-off purchase. You pay for the development costs + profit, and thats it.

Once I "buy" something, I should be entitled to use it as I see fit, without being at the whim of whoever I purchased it from. The "licensing" and possible de-activation (by no longer providing activation) of software is a crock. It's akin to buying a new car from Ford, and then after 3 years being told that you're no longer allowed to put fuel in it or drive it, even though it does everything you want it to do.

Re:So what _does_ Vista actually secure?

[Bert64]

Well, Yes...
If it becomes too hard to pirate windows, then of those millions of people who run pirated copies, many will stick with older versions, and some will move to linux or pirated macosx... Either way, it reduces the marketshare of vista.
Just think, where would microsoft be without piracy? Most of asia would probably be running linux by now.

Re:For those pointing fingers and laughing...

[julesh]

Would you feel the same way if MS found a loophole in the GPL that allowed them to start lifting code wholesale?

MS has a certain motivation for developing software, and they protect it through technical and legal means.

You'll find that most people here are perfectly in favour of MS enforcing their rights via legal means (as long as they don't use strongarm tactics to do so... discovering somebody has unlicensed copies of windows because of a tip-off is one thing, requiring a contract that enables them to randomly audit a company's offices is another entirely).

We do object, on principle, to enforcement of legal rights by technological means. This is largely because the technological means are (a) inconvenient to legitimate users and (b) don't always work quite the way the should.

Windows Activation is inconvenient because it:

* Requires you to give information to MS that you might not want to give them, and which they have no legal right to.
* Requires you to effectively get permission from MS if you want to upgrade your computer's hardware multiple times (or reinstall your copy of Windows on a different machine, if your existing machine fails, etc...)
* Has made MS extend the Windows kernel so that it will not run versions of certain programs that haven't been signed by Microsoft. This means that I can no longer rip Windows apart, replace WINLOGON.EXE with a custom program that does what *I* want it to do, and not log in via an MS-approved process. Not that I've ever done that, but I kind-of liked the fact that I could if I wanted to (it's not as well documented as replacing 'init' on a Linux system, but there is information about how you would go about doing it out there -- but that's irrelevant now, only MS can do it).

If you don't agree with what they do, then fine, don't use their software, but how is pirating a copy of Vista any different from helping yourself to GPL code without giving anything back?

It isn't. But who said anything about pirating Windows? I have a legitimate copy of XP on my machine. Label stuck to the case, and all. Do I run WGA? Fuck no, I don't want to get involved with that; I don't want to get involved with something that will complain if it isn't able to validate my copy of Windows through some completely undocumented process that may or may not be correct for any given installation. Perhaps multiple people are using my activation code -- I have no way of knowing if anyone's flipped my laptop over and made a note of the number while I wasn't present. But then, despite having that activation code, I didn't use it last time I reinstalled Windows. Why? Well, the copy of Windows that was supplied with it only installs from a system restore disc that wipes all data on your hard disk. I didn't want to do that, so I installed from a regular retail edition of XP. Which I then had to hack to make activation work, because I'd already activated a machine with its key.

Another piece of software I use validates itself against an encrypted key that has a copy of my network interface's MAC associated with it. Fine, except for some reason the damned process occasionally causes the thing's driver to crash while its performing the validation. So of course I've hacked it, despite having a perfectly legal key.

It isn't only pirates who are concerned about Windows Activation, WGA and other copy-prevention mechanisms.

Re:Why?

[mrchaotica]

Did the store actually specifically state you'd have the right to use the software on the disc?

What are you, stupid? Do stores "specifically state" that you have the right to wear clothes you buy? Do stores "specifically state" that you have the right to eat the food you buy? Do stores "specifically state" that you have the right to read the books you buy?

When I buy a box with a disc in it, that mans I can do anything I want to with it -- look at it, eat it, throw it like a frisbee, and read the bits off it! And any kangaroo court that thinks otherwise can kiss my ass!

Besides, I dare you to cite one single instance (that wasn't subsequently overturned) of a court enforcing an EULA that wasn't printed on the outside of the box or otherwise presented to the buyer before sale. Because I believe you're a fucking liar.