Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Windows Operating Systems Software Security IT

Activating Vista Enterprise Using a Spoofed Server 291

Posted by Zonk from the so-close dept.
Ruvim writes "It has been mentioned in previous Slashdot discussions as possibility, and now it became a reality: Information Week reports that a spoofed server has been released that can be used to activate Microsoft's Vista Enterprise versions. It is being made available on several pirate Web sites and spoofs a Key Management Service server, used to activate a large number of copies of Windows Vista in enterprise environments." From the article: "Vista is the first version of Windows that Microsoft requires volume license customers to activate. Besides KMS, the Redmond, Wash. developer also offers Multiple Activation Key, which resembles the retail version's activation process. PCs activated using KMS must reactivate at least once every six months. The MelindaGates hack uses a VMware image of a KMS server to activate -- and keep activated -- a pirated edition of Windows Vista Business. 'Looks like Windows Vista Volume Activation 2.0 is a big bust,' wrote a user identified as 'clank' on the PirateBay Web site Friday. "
This discussion has been archived. No new comments can be posted.

Activating Vista Enterprise Using a Spoofed Server More

Activating Vista Enterprise Using a Spoofed Server

Comments Filter:

  • Microsoft has taken an interesting approach ... (Score:5, Interesting)

    by jfclavette ( 961511 ) on Friday December 08, 2006 @07:47PM (#17169004)
    Vista Business and friends are the most likely to be cracked due to volume licensing. However, features are removed in a way that it is advantageous to businesses but turn away most home users. It'll be interesting to see how that works out.

  • Self Contained Networks (Score:4, Interesting)

    by nra1871 ( 836627 ) on Friday December 08, 2006 @07:49PM (#17169036)
    Interesting...our network is completely self contained and does not touch the internet at all. I wonder how this will work for networks like mine (no plans to upgrade anytime in the near future, and since we use the workstations to run Citrix-based apps, it doesn't matter what OS we use.)

  • Even better: thepiratebay! (Score:2, Interesting)

    by mr_luc ( 413048 ) * on Friday December 08, 2006 @08:02PM (#17169180)
    Even better is that the torrent tracker referred to is The Pirate Bay -- who mocked microsoft's legal threats, resulting in Microsoft appearing to pull strings that lead to an unprecedented, although ultimately unsuccessful, raid on their servers.

    So, when the first hacks for Vista start popping up, it's nice to know that I can rely on The Pirate Bay to host those .torrents for me!

  • Re:And we are surprised why? (Score:5, Interesting)

    by badboy_tw2002 ( 524611 ) on Friday December 08, 2006 @08:22PM (#17169376)
    Which is good enough. If Joe 6pack has to jump through hoops to pirate, he might just buy the product. Even better, Joe 12pack (twice as smart) might even be more wary of searching sites because of a legitimate fear of fake pirate sites that have viruses.

    In games this is even more prevalent - the goal of fighting piracy isn't to prevent the inevetable - somewhere somebody has enough spare time to crack your stuff, but to _delay_ it. If Johnny 6cola can't get his game right away, then he might have to suck it up and buy it. The most sucessful ones have locked out pirates for 30 days or so. If you've been waiting for months for a game, waiting another month might not be an option. (Some of those might be from pirates distributing a game which still has parts of it not working and crashes half way through - even better for publishers). Obviously this is unique to games, as other software publishers want to keep people out for good.

  • Re:Um... (Score:2, Interesting)

    by CortalUX ( 986836 ) on Friday December 08, 2006 @08:25PM (#17169394)
    How about WINE [winehq.com]? I know they break compatability with games now and then, but the majority of the time games work pretty soon after they come out, or update.

    Wine is an Open Source implementation of the Windows API on top of X and Unix. Think of Wine as a compatibility layer for running Windows programs. Wine does not require Microsoft Windows, as it is a completely free alternative implementation of the Windows API consisting of 100% non-Microsoft code, however Wine can optionally use native Windows DLLs if they are available. Wine provides both a development toolkit for porting Windows source code to Unix as well as a program loader, allowing many unmodified Windows programs to run on x86-based Unixes, including Linux, FreeBSD, Mac OS X, and Solaris.

  • Re:Short on details (Score:3, Interesting)

    by The MAZZTer ( 911996 ) <(megazzt) (at) (gmail.com)> on Friday December 08, 2006 @08:36PM (#17169468) Homepage

    I'm sure that Microsoft must have thought of that as a possibility. Since a unique product key is required to activate a KMS, why can't Microsoft just deactivate that compromised KMS key?

    If YOU were a pirate, would YOU download an update which adds this "functionality"?

  • Re:History always repeats itself looks like (Score:4, Interesting)

    by CastrTroy ( 595695 ) on Friday December 08, 2006 @08:44PM (#17169530)
    The problem is that there's just too much "fame" in cracking windows authentication. We used Telelogic Tau SDL in university, and it was only available on the university computers, and even there there was a limited number of licenses. We contacted the company to see if we could get some cheap/free licenses. They said no, and that licenses cost around $2000. Which was almost as much as a semesters tuition. Anyway, we also looked to pirating it, and couldn't find it anywhere. The problem was that it wasn't a popular enough program that anybody would bother cracking it. However, with windows, everyone wants it cracked, and everybody wants to be the one to crack it. So it's going to get cracked. I mean, look at the game consoles. People solder chips into the to crack them, but I don't think you'd find a way to install Linux on the v-Tech notebook. People are going to crack what they want to crack.

  • Re:Microsoft has taken an interesting approach ... (Score:5, Interesting)

    by MoxFulder ( 159829 ) on Friday December 08, 2006 @08:46PM (#17169546) Homepage
    What does Microsoft do for government customers like the CIA/NSA/DIA? Some of those networks are completely and totally isolated from the public Internet.

    I imagine Microsoft must provide them with a KMS that doesn't itself require activation, which can be run on a secure, closed network. I imagine it's not widely publicized...

  • Re:Just Wait... (Score:5, Interesting)

    by BeanBunny ( 936648 ) on Friday December 08, 2006 @08:52PM (#17169586)
    Well, I was with you until you started gushing over Linux. Don't get me wrong, I like Linux too, but I yearn for the day that people don't end a comment about Microsoft with, "Why don't you just run Linux? It's so great!" That may be true, but this is Slashdot - we know that already!

  • Re:And we are surprised why? (Score:3, Interesting)

    by badboy_tw2002 ( 524611 ) on Friday December 08, 2006 @09:34PM (#17169868)
    But if you're not going to buy it anyways, what price is good enough? $20? $10? 5? It costs money to make these things no matter what. Again, you don't sound like a casual user. A casual user is someone who wants to play a game, and if its not on Bittorrent he might have to bite the bullet. Like frat guys at a Linux convention, they're here for the beer, not the source or speech. Put it another way: Two publishers put out two games at the same time. One has anti-copy protection, the other doesn't. Both cost $50. Our intrepid young gamer Johnny 6Cola has acquired $50 for his birthday and really really wants both games. The copy-free one is on bittorrent, the other is in the store. Which publisher would you rather be? Now in a month, both are on bittorrent, but games have a pretty short shelflife compared to Word or something similar. Another reason why its a different animal as far as copy-protection goes than other software. And for the time being MS still has a secure system against casual cracks. You can survive without Vista, but maybe someone wants it for XY or Z feature (or the next version of their favorite software might only support Vista, etc). If it takes several hours and a spare box to set this up, they might just bite the bullet and buy it. If the barrier to entry is 5 minutes and is 0 risk (no viruses, etc) all you've got is the moral issue to protect you, and despite the BSA's best efforts people still don't see taking money from Microsoft as wrong :)

  • Re:Even better: thepiratebay! (Score:5, Interesting)

    by Jah-Wren Ryel ( 80510 ) on Friday December 08, 2006 @09:38PM (#17169896)
    Even better is that the torrent tracker referred to is The Pirate Bay -- who mocked microsoft's legal threats, resulting in Microsoft appearing to pull strings that lead to an unprecedented, although ultimately unsuccessful, raid on their servers.

    It is commonly believed that the MPAA, not Microsoft, was responsible for the US State Department leaning on the right local ministers to get the Pirate Bay raided. For one thing, the MPAA prematurely ejaculated a press-release congratulating themselves for getting the Pirate Bay shut down, while Microsoft was mum on the event.

  • Re:Interesting twist on the Vista Edition (Score:3, Interesting)

    by Jah-Wren Ryel ( 80510 ) on Friday December 08, 2006 @09:43PM (#17169934)
    An interesting twist from this is that the most feature-rich Vista Ultimate Edition may not be the most warezed one after all. Because these aren't supporting KMS activation, unlike Enterprise and Business who were both intended for this use.

    Somebody will probably figure out how to drop the right DLLs from the Enterprise edition into any other edition to make it do KMS.

  • Malware in pirated software? Right. (Score:4, Interesting)

    by Esteanil ( 710082 ) on Friday December 08, 2006 @10:21PM (#17170210) Homepage Journal
    Actually, these days you're more likely to catch malware off of legitimate purchases (CDs, games containing StarForce, etc) than off a decent pirate site. (Torrent sites in particular tend to kill off torrents containing malware).

    Isn't it ironic?

  • Re:Short on details (Score:5, Interesting)

    by Amouth ( 879122 ) on Friday December 08, 2006 @10:44PM (#17170342)
    There where ways.. it wasn't that hard.. in fact it was really easy to have the connecting client clear it's temp key so that every computer connecting everytime would appear to terminal server as a new cient and would issue a 30 day key.. and everytime they connected it gave them a new one.. and after 90 days the terminal server would drop the non active temp key.

    or the better way was to manual configure the registry and get terminal server to run under internet connector license..

    while it took some work it wasn't that bad once you figure it out.

  • Re:it boggles the mind - Windows Genuine DISASTER (Score:2, Interesting)

    by wyohman ( 737898 ) on Friday December 08, 2006 @11:19PM (#17170536)
    I think one of the biggest issues is the lack of media rejection. Back in the 80s when copy protection became rampant, the computer media (Byte, Computer Shopper, PC Mag, PC Week) led a concerted effort to educate users and rejected copy protection. Now it seems the old computer journalists have given up or become irrelevant (*cough* Dvorak *cough*).

    Cheers.

  • Re:Even better: thepiratebay! (Score:1, Interesting)

    by Anonymous Coward on Saturday December 09, 2006 @01:18AM (#17171164)
    Could you tell me how many slashdotters it takes to get a +4 insightful?

    I'm pretty sure it's less than 100% and I think I can count that high on one hand.

    BTW, anyone know the percentage of slashdot readers that can moderate at a given time?

  • Re:Even better: thepiratebay! (Score:5, Interesting)

    by strider44 ( 650833 ) on Saturday December 09, 2006 @01:54AM (#17171326)
    Being against annoying and imposing DRM and copy protection doesn't mean you support piracy. Two people do not equate to the whole of Slashdot, the free software community, or, in fact, all of the world.

    ... idiot.

  • vista - a time bomb (Score:2, Interesting)

    by NTesla ( 99917 ) on Saturday December 09, 2006 @01:56AM (#17171336)
    what you probably don't know is that Microsoft has a reserved set of hostnames/ips in the kernel that do no go through normal name-resolution process. so even if you modify your hosts files, spoof dns servers and key servers, at some point it will try to contact them directly without going through "documented" name resolution process.
    While their intentions may sound reasonable - bypass spyware and viruses that may have hijacked the OS to allow clean-up and windows updates sw through, it may also allow them to disable your system or collect enough information on you to prosecute.
    Stick with XP or better yet, switch to linux.
     

  • Re:This was cracked so fast that... (Score:3, Interesting)

    by mrchaotica ( 681592 ) * on Saturday December 09, 2006 @02:54AM (#17171556)
    There seems to be absolutely NO security...

    On the contrary, there is negative security! Since you can't see the source code, there's no way to be certain that Microsoft itself (or a rogue programmer working there) hasn't put in any kind of backdoors or spyware or such. In a sane world, everyone including government agencies would realize that closed-source software like Windows can only be a liability.

  • Re:vista - a time bomb - How MS DRM Works (Score:1, Interesting)

    by Anonymous Coward on Saturday December 09, 2006 @03:43AM (#17171806)
    The key server is only half the issue...

    During every 'Windows Update' (or perhaps quietly in the back ground) Vista will download a list of revoked key servers. As MS gets copies of the VM'd key servers, identifies them, their sigs go into the revocation list.

    Your... erm, son of hacked key-server Vista copy downloads the revocation list, finds it's a bastard and promptly switches itself off.

    Now... if you can hack the revocation part of Vista itself, you'll have the other 50% of a full Vista hack.

  • Re:vista - a time bomb - How MS DRM Works (Score:5, Interesting)

    by Travoltus ( 110240 ) on Saturday December 09, 2006 @04:57AM (#17172148) Journal
    Or they will run out of keys to revoke.

    An enterprising hacker might
    a) seek out and duplicate the keys of other customers' installations
    and/or
    b) put in zillions of keys to be invalidated all at once, until all possible combos have been covered.

    a) is nearly infinitely easier and more immediately devastating. Lots of high profile customers become enraged.

    b) will make Vista completely unusable.

  • Re:Even better: thepiratebay! (Score:3, Interesting)

    by Jah-Wren Ryel ( 80510 ) on Saturday December 09, 2006 @05:02AM (#17172176)
    If you have actually bought Vista and want to activate it why not do it the right way instead of setting all this stuff up?

    Maybe you bought it because you had to use it for your job, same reason most people bought previous generations of Windows.

    Maybe you don't want to participate in the whole data collection inherent in MS's activation schemes. Maybe you want as little to do with MS as you absolutely have to.

    I've purchased a laptop and a desktop that both came with XP preinstalled. The first thing I did was wipe their disks and install from a cracked bootleg ISO for exactly the above reasons. I paid for my copies and now I don't have to worry that MS is going to make an error and deactivate my installation or suffer a data breach on their registration database and share my personal info with a bunch of identity thieves.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close