Activating Vista Enterprise Using a Spoofed Server 291
Ruvim writes "It has been mentioned in previous Slashdot discussions as possibility, and now it became a reality: Information Week reports that a spoofed server has been released that can be used to activate Microsoft's Vista Enterprise versions. It is being made available on several pirate Web sites and spoofs a Key Management Service server, used to activate a large number of copies of Windows Vista in enterprise environments." From the article: "Vista is the first version of Windows that Microsoft requires volume license customers to activate. Besides KMS, the Redmond, Wash. developer also offers Multiple Activation Key, which resembles the retail version's activation process. PCs activated using KMS must reactivate at least once every six months. The MelindaGates hack uses a VMware image of a KMS server to activate -- and keep activated -- a pirated edition of Windows Vista Business. 'Looks like Windows Vista Volume Activation 2.0 is a big bust,' wrote a user identified as 'clank' on the PirateBay Web site Friday. "
Microsoft has taken an interesting approach ... (Score:5, Interesting)
Self Contained Networks (Score:4, Interesting)
Even better: thepiratebay! (Score:2, Interesting)
So, when the first hacks for Vista start popping up, it's nice to know that I can rely on The Pirate Bay to host those
Re:And we are surprised why? (Score:5, Interesting)
In games this is even more prevalent - the goal of fighting piracy isn't to prevent the inevetable - somewhere somebody has enough spare time to crack your stuff, but to _delay_ it. If Johnny 6cola can't get his game right away, then he might have to suck it up and buy it. The most sucessful ones have locked out pirates for 30 days or so. If you've been waiting for months for a game, waiting another month might not be an option. (Some of those might be from pirates distributing a game which still has parts of it not working and crashes half way through - even better for publishers). Obviously this is unique to games, as other software publishers want to keep people out for good.
Re:Um... (Score:2, Interesting)
Re:Short on details (Score:3, Interesting)
I'm sure that Microsoft must have thought of that as a possibility. Since a unique product key is required to activate a KMS, why can't Microsoft just deactivate that compromised KMS key?
If YOU were a pirate, would YOU download an update which adds this "functionality"?
Re:History always repeats itself looks like (Score:4, Interesting)
Re:Microsoft has taken an interesting approach ... (Score:5, Interesting)
I imagine Microsoft must provide them with a KMS that doesn't itself require activation, which can be run on a secure, closed network. I imagine it's not widely publicized...
Re:Just Wait... (Score:5, Interesting)
Re:And we are surprised why? (Score:3, Interesting)
Re:Even better: thepiratebay! (Score:5, Interesting)
It is commonly believed that the MPAA, not Microsoft, was responsible for the US State Department leaning on the right local ministers to get the Pirate Bay raided. For one thing, the MPAA prematurely ejaculated a press-release congratulating themselves for getting the Pirate Bay shut down, while Microsoft was mum on the event.
Re:Interesting twist on the Vista Edition (Score:3, Interesting)
Somebody will probably figure out how to drop the right DLLs from the Enterprise edition into any other edition to make it do KMS.
Malware in pirated software? Right. (Score:4, Interesting)
Isn't it ironic?
Re:Short on details (Score:5, Interesting)
or the better way was to manual configure the registry and get terminal server to run under internet connector license..
while it took some work it wasn't that bad once you figure it out.
Re:it boggles the mind - Windows Genuine DISASTER (Score:2, Interesting)
Cheers.
Re:Even better: thepiratebay! (Score:1, Interesting)
I'm pretty sure it's less than 100% and I think I can count that high on one hand.
BTW, anyone know the percentage of slashdot readers that can moderate at a given time?
Re:Even better: thepiratebay! (Score:5, Interesting)
vista - a time bomb (Score:2, Interesting)
While their intentions may sound reasonable - bypass spyware and viruses that may have hijacked the OS to allow clean-up and windows updates sw through, it may also allow them to disable your system or collect enough information on you to prosecute.
Stick with XP or better yet, switch to linux.
Re:This was cracked so fast that... (Score:3, Interesting)
On the contrary, there is negative security! Since you can't see the source code, there's no way to be certain that Microsoft itself (or a rogue programmer working there) hasn't put in any kind of backdoors or spyware or such. In a sane world, everyone including government agencies would realize that closed-source software like Windows can only be a liability.
Re:vista - a time bomb - How MS DRM Works (Score:1, Interesting)
During every 'Windows Update' (or perhaps quietly in the back ground) Vista will download a list of revoked key servers. As MS gets copies of the VM'd key servers, identifies them, their sigs go into the revocation list.
Your... erm, son of hacked key-server Vista copy downloads the revocation list, finds it's a bastard and promptly switches itself off.
Now... if you can hack the revocation part of Vista itself, you'll have the other 50% of a full Vista hack.
Re:vista - a time bomb - How MS DRM Works (Score:5, Interesting)
An enterprising hacker might
a) seek out and duplicate the keys of other customers' installations
and/or
b) put in zillions of keys to be invalidated all at once, until all possible combos have been covered.
a) is nearly infinitely easier and more immediately devastating. Lots of high profile customers become enraged.
b) will make Vista completely unusable.
Re:Even better: thepiratebay! (Score:3, Interesting)
Maybe you bought it because you had to use it for your job, same reason most people bought previous generations of Windows.
Maybe you don't want to participate in the whole data collection inherent in MS's activation schemes. Maybe you want as little to do with MS as you absolutely have to.
I've purchased a laptop and a desktop that both came with XP preinstalled. The first thing I did was wipe their disks and install from a cracked bootleg ISO for exactly the above reasons. I paid for my copies and now I don't have to worry that MS is going to make an error and deactivate my installation or suffer a data breach on their registration database and share my personal info with a bunch of identity thieves.