Forgot your password?
typodupeerror
Security Operating Systems Software Windows IT

Vista Zero-Day Exploit For Sale 233

Posted by kdawson
from the crack-bazaar dept.
Snakepit Bit writes "Underground hackers are hawking a zero-day exploit for Windows Vista at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit, which has not been independently verified, was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the anti-virus vendor. Prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range. Bots and Trojan downloaders that typically hijack Windows machines for use in botnets were being sold for about $5,000." From the article: "According to [Trend Micro CTO Raimund] Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business. 'I think the malware industry is making more money than the anti-malware industry,' Genes said."
This discussion has been archived. No new comments can be posted.

Vista Zero-Day Exploit For Sale

Comments Filter:
  • by Anonymous Coward
    Windows XP.
    • Windows XP Professional Common Criteria Configuration Guide:
      http://download.microsoft.com/download/5/3/b/53b53 a3e-39d5-4d30-86f2-146aa2c7be45/wxp_common_criteri a_configuration_guide.zip [microsoft.com]

      If you have the patience to follow that guide, then your WinXP will be locked down and secure.
  • Ah... (Score:5, Funny)

    by JoshJ (1009085) on Saturday December 16, 2006 @04:06PM (#17271324) Journal
    'I think the malware industry is making more money than the anti-malware industry,' Genes said.
    Thank you, Captain Obvious.
    *salute*
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Next, he'll inform us that the dark side is stronger...
    • Re: (Score:3, Insightful)

      by Swimport (1034164)
      I dont think its that obvious. There are a lot of people out there that pay for security software. Not to mention the large corporations that spend millions on it. Not even mentioning the tech support jobs created to combat spam and hackers.
      • Re: (Score:3, Insightful)

        by pilkul (667659)
        Indeed, I'd say the claim is obviously false.
      • Re: (Score:3, Insightful)

        by packeteer (566398)
        Think of this simple equation. If more was spent on anti-malware then the damage malware did, nobody woudl spend the money and they would just eat the cost. I realize thats an overly simple scenario but the idea still stands. Malware is used to rip off credit cards and checks which are VERY lucrative. The anti-malware is mostly run by corporations which have a profit margin but its not nearly the same as stealing.
        • Re:Ah... (Score:5, Insightful)

          by Swimport (1034164) on Saturday December 16, 2006 @08:34PM (#17273194) Homepage
          Even assuming the cost of damages from malware exceeds the money spent on anti-malware doesnt mean the damages are ending up in someones pocket. If a company is crippled for days it may cost them millions but the person responsible for the damages doesnt necessarily get anything. Just as with spam. If you send out 100 million spam emails and make $10,000 the loss in productivity likely exceeds $10,000.
    • by ultranova (717540)

      'I think the malware industry is making more money than the anti-malware industry,' Genes said.
      Thank you, Captain Obvious.

      What isn't quite so obvious is which side should be considered more malicious here: the malware industry, which looks for security holes to profit the Russian mafia and other zombie network controllers but may also end up compromising Vista's DRM - by, say, find an arbitrary code execution hole from Media Player - or the security industry which will inevitably end up defending the

  • Auctions (Score:5, Interesting)

    by bucketoftruth (583696) on Saturday December 16, 2006 @04:08PM (#17271336)
    Where are these online auctions for this information? Or does that information come with the same spam I get hawking "3 million email addresses for $1000!" I'd love to know what software they use to host such a site. I expect it's probably more secure than the pentagon's systems.
    • Re:Auctions (Score:5, Funny)

      by ZPWeeks (990417) on Saturday December 16, 2006 @04:49PM (#17271640)
      No, it IS the Pentagon's system!
    • Re: (Score:2, Funny)

      by triso (67491)

      Where are these online auctions for this information? Or does that information come with the same spam I get hawking "3 million email addresses for $1000!" I'd love to know what software they use to host such a site. I expect it's probably more secure than the pentagon's systems.
      It goes without saying that it probably isn't from Redmond.

  • closed systems (Score:4, Interesting)

    by drDugan (219551) * on Saturday December 16, 2006 @04:09PM (#17271344) Homepage
    this seems a natural result of closed-source software companies

    I think it is a good thing: it goes to show that having closed systems puts information access at a premium instead of service and real, tangible results for your customers. Open source systems don't have this problem (they have others, 'bot' not this one).

    • Re:closed systems (Score:5, Insightful)

      by badriram (699489) on Saturday December 16, 2006 @04:25PM (#17271462)
      please, this has nothing to do with closed systems and open systems. This has more to do with people wanting compromised machines to do their bidding, be it spam, ddos attacks, get personal info etc. These people obviously make a lot of money, so obviously they are willing to pony up thousands of dollars for a flaw that might give them access to hack millions of computers. If Linux/bsd/osx were at 90% market share, I am sure these &#@%$! will still be selling/buying vulnerabilities at these prices. (unless ofcourse it is harder to hack them, then prices would higher)
      • Re: (Score:2, Insightful)

        by camcorder (759720)
        Would it be better for spammer to compromise limited time open desktop computer with small bandwidth or some high-end server which is available full time w/ generous bandwidth? If latter is more feasible for spammers or ddos attacker, linux servers has more usage than windows servers. so your assumption is totally wrong.
        • Re:closed systems (Score:4, Insightful)

          by indigoid (3724) on Saturday December 16, 2006 @05:06PM (#17271744) Homepage
          No, you're wrong, actually. They are much better off pwning eleventy billion little computers, because they are way harder (or impossible?) to effectively blacklist, filter and otherwise protect from.

          A big server with lots of bandwidth will stand out like a honeymooner's dick (thanks Billy Birmingham) and be rapidly blacklisted. See: RBL, ORBS, etc
        • Re:closed systems (Score:4, Insightful)

          by badriram (699489) on Saturday December 16, 2006 @05:10PM (#17271772)
          Ill bite.

          1. Linux servers do not have a higher marketshare than windows servers, check your facts.
          2. Servers be linux or windows, typically have people that are more computer literate, hence are alrady better protected, monitored, and locked away.
          3. millions of unmonitored desktops, with careless users, with broadband connections will always be a better target.
          • by jpardey (569633)
            I highly doubt that first one. Have you seen that ad on slashdot where microsoft mentions linux explicitly? You never mention your competition unless you are losing. It might be easier to locate and clean up large servers spamming, but they could still be useful for hosting phishing sites or holding porn or distributing spyware. It's also funny that you should say that server operators are more computer literate, because I don't see many FTP home server users giving away account passwords, which was done by
      • If Linux/bsd/osx were at 90% market share, I am sure these &#@%$! will still be selling/buying vulnerabilities at these prices.

        So why is anyone buying Vista exploits? To answer that question you have to admit either that M$ does not fix problems for months and years or that the "popularity" argument is bogus. People traffic Windoze exploits because they work today and keep working tomorrow. Non free is a broken development model.

      • by grcumb (781340)

        If Linux/bsd/osx were at 90% market share, I am sure these &#@%$! will still be selling/buying vulnerabilities at these prices.

        But that will never happen, where BSD and Linux are concerned. In fact, it's designed not to happen. The fact of the matter is that people in the FOSS world recognise that monoculture is a dangerous thing, and actually built the entire system to contain as few monolithic elements as possible.

        See, the Toolkit Approach doesn't just make the systems integration task easier, it'

        • 2. Heterogeneity.

          As an actual example to your arguments, one may cite the discussion that was featured a few days ago about Red Hat wanting to clean and improve their RPM system.

          There was quite a few users complaining about alleged dependency hell that they linked to the RPM format it self, when in fact those problems are due to the fact that several different distribution use the RPM format and one size won't fit all. A single RPM package will only work with a small subset of distribution flavors, featuri

      • Linux servers can also get infected with bots - 'redone' for example. I have cleaned a few. Access is usually obtained via a combination of SSH, Apache and idiotic short passwords. BTW, Google alone probably run more Linux servers than there are MS servers in the whole world.
    • You mean, with open source systems people can have the zero day exploits for free? Yay...

      But jokes aside, you can bet that once housewives and average Joes start running Linux, it will be worthwhile to develop such exploits, and you will start seeing them.
  • So it's getting harder? Or is that just wishful thinking?
    • Re: (Score:2, Funny)

      by Anonymous Coward
      So it's getting harder? Or is that just wishful thinking?

      Not just harder, but longer and thicker, according to the zombie e-mail I receive.
    • This looks very much like a publicity stunt, not "sane malware economics". Suppose that you actually know of a bug in Vista and of the corresponding exploit. Do you think that "just now" is the right time to go to market?

      Think again. Vista has not yet been put on the market. Right now, it is available to bulk purchases by enterprises, but there is no indication that these enterprises are engaging in massive upgrades. It is also available for download by MSDN subscribers. All in all, there are probably a m

      • by SEMW (967629)
        A publicity stunt by whom exactly? It would have to be someone who gains from FUD about Vista & Microsoft, which rather limits the field. It's hardly Apple's style, and I can't exactly imagine it's a group of philanthropic open source advocates who are trying to get everyone to switch to Linux.

        • by Macthorpe (960048)
          The answer was in the article.

          According to [Trend Micro CTO Raimund] Genes

          Anti-virus software makers, concerned at the visage that MS has put up of a more secure Vista, trying to ensure sales of anti-virus products on new boxes.

          Simple as that.
  • l33t hax0r (Score:5, Funny)

    by pchan- (118053) on Saturday December 16, 2006 @04:10PM (#17271354) Journal
    the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business. 'I think the malware industry is making more money than the anti-malware industry,' Genes said."

    Sounds like I need to switch jobs. Finally, a job where discovering Windows bugs will pay off instead of just generating more work for me.
  • by Schraegstrichpunkt (931443) on Saturday December 16, 2006 @04:13PM (#17271368) Homepage
    Could the Slashdot editors please define the term "zero-day exploit"? I was under the---apparently mistaken---impression that it meant an exploit that was released on or before the day that a given piece of software was released.
    • by Omnifarious (11933) * <eric-slash@omnif ... s.org minus city> on Saturday December 16, 2006 @04:17PM (#17271396) Homepage Journal

      No, it's an exploit released before there's a patch that fixes the hole the exploit exploits.

      zero-day warez are cracked (i.e. DRM removed) versions of programs available on the same day or before the commercial versions are released.

      • So then how is it different from an exploit for an "unpatched" vulnerability?

        Methinks it's a recently-made-up scare word.

        • by Anonymous Coward on Saturday December 16, 2006 @06:05PM (#17272114)
          The media idiots and security vendors bastardized this term. 0-day originally meant an vulnerability unknown to the vendor hence there is no patch or work-around for it.

          Then security vendors tried to use it to mean any vulnerability without a patch, known or unknown because then they could rightly claim that their software mitigated a 0-day vulnerability, which really meant thier software could mitigate a known vulnerability. That's where the media idiots jumped in because 0-day sound cool and scary.

          There is no point in trying to correct them. That ship has sailed. Just like "hacker" now means criminal when the original definition was a badge of honor.

          Now that the vulnerability is known, it is just an unpatched vulnerability.
      • by Vo0k (760020)
        Zero-day warez - yep, you're right.
        Zero-day exploits - exploit to unpatched vulnerablity.

        DDR RAM isn't a dance training device either.
    • "Underground hackers are hawking a zero-day exploit for Windows Vista at $50,000 a pop" = "Undeground hackers are hawking an exploit for Windows Vista at $50,000 a pop on the day the exploit is released." The value of the exploit diminishes with age, no?
    • Re: (Score:1, Informative)

      by bigtomrodney (993427) *
      No a Zero-Day exploit is one which is capable of exploiting on or before the vulnerability is discovered/made public. So the author was possibly the only one with knowledge of the vulnerability. Wiki Article [wikipedia.org] Of course the usual amount of misunderstanding of the terminology has diluted the meaning somewhat.
  • by k1e0x (1040314) on Saturday December 16, 2006 @04:17PM (#17271394) Homepage
    Or are they open source..? ;)
  • Economy (Score:3, Funny)

    by rowama (907743) on Saturday December 16, 2006 @04:27PM (#17271482)
    This is just another example of how M$ is good for the economy. All you anti-capitalist, libertarian nerds can sit down and shup up, now.

    Kidding, of course.
    • Re:Economy (Score:5, Insightful)

      by EnsilZah (575600) <EnsilZah@noSpaM.Gmail.com> on Saturday December 16, 2006 @04:42PM (#17271590)
      I was under the impression that libertarians were the embodiment of capitalism.
      • Re: (Score:2, Insightful)

        by glas_gow (961896)

        I was under the impression that libertarians were the embodiment of capitalism.

        That's neo-liberalism you're confusing with old fashioned liberalism. With neo-liberalism the emphasis is on freedom of the market, based on an article of faith that the market is some magical entity that'll solve all admisitrative problems. With old fashioned liberalism the freedom of one person is balanced against the freedom of another, the consequence of which is a system of legislation to protect those freedoms.

        • With neo-liberalism the emphasis is on freedom of the market, based on an article of faith that the market is some magical entity that'll solve all admisitrative problems.

          You're mistaking social liberalism with economic liberalism. Liberals, liberalism are/is about both. I'd go as far as arguing that you can't in reality have one without the other, which is why our freedoms are being squashed the world over. Neither the Democrats, nor the Republicans, the Tories or New Labour are Liberal.

          Liberalism in America has come to mean socially liberal and economically restrictive. It's an incorrect definition of the word liberalism, and as such you've had to invent a new word to mea

        • You need to read his words more closely. He said libertarians, not liberals. Libertarians are all about personal and economic freedoms because they believe the free market regulates itself, as in nature.
      • by westlake (615356)
        I was under the impression that libertarians were the embodiment of capitalism.

        a capitalist system demands respect for tangible and intangible property.

        almost everything is ultimately reduced to pieces of papers. mere tokens. an entry in a ledger. a bill of lading.

        abstraction demands literacy. competence in math.

        a capitalist system demands a mechanism for the enforcement of contracts.

        a capitalist system needs reliable weights and measures.

        standard time. stable currencies. defenses against highwaymen,

      • No, you're thinking of Pamela Anderson.
  • Well, Duh! (Score:3, Informative)

    by jc42 (318812) on Saturday December 16, 2006 @04:34PM (#17271532) Homepage Journal
    'I think the malware industry is making more money than the anti-malware industry,' Genes said.

    Malware is a profit-making industry. Anti-malware is aimed at eliminating profits, not making them. It doesn't take an economic genius to understand the implications.

    How many times have /. readers been reminded that companies exist to generate profit for their owners?

    • How many times have /. readers been reminded that companies exist to generate profit for their owners?

      Thank you Sherlock for telling us that companies exist to make profit. Next thing you know you'll be telling us that people work for companies to get a salary.

      Here's a big cluestick to knock that tinfoil off your head: there is a world of difference between the goal of generating profit legally and ethically, and the goal of generating profit by any means whatsover.

      Duh.
  • Oh come on now... (Score:5, Insightful)

    by jorghis (1000092) on Saturday December 16, 2006 @05:13PM (#17271788)
    You know the people selling this stuff arent exactly the most ethical folks in the world. Do you think that just maybe they are asking for 30k without any really good exploits to give you for that money?

    It isnt smart to assume that there are zero day exploits for Vista available just because some reporter says he heard there is someone who wants to anonymously sell you an exploit he promises is really good. Even if these exploits are real (big if) noone said anything about how big of a security hole we are talking about here.

    How about if I tell you that I heard someone offered to sell an Linux exploit of an unknown nature for 50 grand? Should we all run around talking about how Linux is insecure now?

    This seems like a journalist trying to come up with something good to write about and slashdot forwarding it on as anti-ms fud.
  • Yeah, right (Score:5, Interesting)

    by LaughingCoder (914424) on Saturday December 16, 2006 @05:26PM (#17271862)
    ... according to computer security researchers at Trend Micro ...
    ... like Trend Micro doesn't have anything to gain by people thinking there are Vista exploits. Seriously, Norton, McAfee and Trend Micro are all worried that their golden goose may be cooked if Vista is significantly more secure than XP. And I loved the use of the cloak-and-dagger word "infiltrated" to strike further fear into people. This seems to me little more than a sad attempt to remain relevant by an anti-virus vendor.
    • Nah, they aren't really scared of being uselss. It's just a marketing battle. Microsoft started it by creating an OS that makes the user "feel" more secure and then making all sorts of forward looking statements about how it's "the most secure OS ever". (my analysis of Vista so far has yielded little in the way of concrete security improvments, but lots of little gadget things that appear to be intended only to make the average user "feel secure".) Given the impressive bloat, mid-stream changes, and ove
      • ... my analysis of Vista so far has yielded little in the way of concrete security improvments ...

        You must not have looked very hard. Actually there have been substantive changes as regards security, not the least of which is that the user is *not*, by default, running with administrator privileges. This is the #1 reason *nix types criticize Windows as insecure and it has been fixed. Now, I'm sure with all the bloat and "rushed" schedules, problems will creep in, but the very fact that the average home use

        • Well, they didn't do the security right. The same old holes in RPC and badly-made default permissions still exist. Windows will never be secure. Microsoft would have to spend huge amounts of money on it and it wouldn't sell very well.
          • Windows will never be secure. Microsoft would have to spend huge amounts of money on it and it wouldn't sell very well.

            On this we can agree, though I would probably say "Microsoft will never be as secure as a server-based OS". As you know there are degrees of security, so making a blanket statement without qualifying what you mean by secure is fairly meaningless. Anyhow, a desktop that is as locked down as a hardened server would be extremely annoying to use, even for technically saavy users. For the typic

        • Yes, the default user thing is pretty important. But that is sticking your finger in the leaking dam. I don't count the firewall improvements for much, a "personal software firewall" of any flavor should not be relied upon IMHO. Having a firewall on the same hardware you are trying to protect doesn't make much sense except as a last line of defence. You can't be touching the fire and not get burned as they say. IE7 is not a vista improvement as you mentioned. "Network Access Protection" is a big hack
        • by drsmithy (35869)

          You must not have looked very hard. Actually there have been substantive changes as regards security, not the least of which is that the user is *not*, by default, running with administrator privileges. This is the #1 reason *nix types criticize Windows as insecure and it has been fixed. Now, I'm sure with all the bloat and "rushed" schedules, problems will creep in, but the very fact that the average home user is no longer an admin should have a huge effect on overall security.

          It won't.

          Well, it probably

  • by thrill12 (711899) on Saturday December 16, 2006 @05:44PM (#17271988) Journal
    0-day-bay, your place for new gadgetries in the world of ScRiPtKidDieS GoNE CoMmErCIal !
    Today, we have on offer a few jolly nice samples of the finest goods, what do you think of:
    * Evil worm 2 - Dr.Evil himself would promote this one, if he were a real person, but alas: this Evil worm 2 does not come with frickin' lasers on its head. Made in China, this worm can eat away the fumbly firewalls of most present day Windows machines !
    All that, at a price of just $30.000 !

    * Glasnost x-ploit - Oh my, in the Western world we make the x-ploit, but in Russia - where this lovely piece of software was born - they x-ploit you ! Just like in the old days of Gorbatchov, this Glasnost worm certainly opens ... backdoors ! ha ha !
    For just the measle amount of $15.000, you could have your very own Glasnost'ed Windows botnet in no time !

    Last but not least, we wouldn't want to forget our bestseller, our hitman, our top product in the fine world of Windows Redecorating Software : Yoghurt Trojan !
    Not the milk-product, but you could say it's milky white cream covers most Windows PC's pretty well ! It has no aftertaste like some worms, and definitely likes to morph into different appearances ! It can definitely lighten the spirits of whoever is at the controls and includes a lovely "MAD"-button in case some law enforcement officer decides to peak into your operation : no more evidence, because no more Trojaned PC's survive the Mutually Assured Deletion of this king of kings !
    All that, for just $50.000, it's a bargain !

  • by twitter (104583) on Saturday December 16, 2006 @06:20PM (#17272198) Homepage Journal

    Oh, ho ho. All the apologists are quick to argue that, "The only reason the bad guys target Windoze is because it's popular." What bullshit that is.

    Vista has what market share now? Less than Mac or Linux I'm sure and everyone knows that it's going to stay that way for years. Yet there's already a market for exploits. What this should tell you is that the value of an exploit it's ability to work, regardless of market share. The bad guys know that M$ security sucks and that the holes they buy today will be good for months if not years to come. No one bothers with GNU/Linux exploits because the GNU/Linux market is fragmented and quick healing. Linux exploits don't take down every distribution but just about every distribution is quick to fix problems. GNU/Linux exploits, relative to Windoze, don't work or last long.

    • If the same people that use Windows for Powerpoint and Word and have a gazillion worms in their system used Linux, their systems would be as infected as they are now.

      They would probably using a 2.2 kernel, a very old build of KDE, and so on.

      The fact is: Smart users don't get infected, naive users do. Some smart users use Linux, some smart users use Windows. Most naive users use Windows.

      Target the naive users and ignore the smart. No matter what OS the smart people use.
      • If the same people that use Windows for Powerpoint and Word and have a gazillion worms in their system used Linux, their systems would be as infected as they are now. They would probably using a 2.2 kernel, a very old build of KDE, and so on. The fact is: Smart users don't get infected, naive users do.

        No, everyone who uses Windoze gets infected. It's not something you can do anything about because only M$ can "improve" the system. See here [slashdot.org] for well documented facts about the ongoing M$ security dissa

  • So I can safely do all my work easier in Mac OSX 10.5 ;-?
  • I wonder how much damage they could inflict on companies (consumers of Vista as well as MSFT) by making claims about having a zero day exploit? I bet using the right channels someone could get MSFT to spend quite a bit of resources auditing code.

    Similar to how millions now have to take off our shoes in the airport b/c ONE guy tried to light his shoes on an airplane.
  • Is this legal? It's like someone overhearing a conversation (or perhaps intentionally overhearing it) between two plotting murderers and auctioning it to news corps/potential victims for where it's going to take place. I find it obscene: by all means get some money for your efforts, but computers control serious things - consider a case where Microsoft (or similar) buys the information before the the press, in order to cover up an embarrasing situation. Someone uses it because Systemantic or whoever didn't
  • I had no doubt that there would be flaws found in Vista. No non-trivial software is bug free.

    But Vista has a lot of features [wikipedia.org] that makes the inevitable bugs much, much harder to take advantage of.

    The single most common attack vector in Windows is IE. Virtually all the malware installed on machines today was likely installed by a drive-by-download caused by one of the many, many holes in IE.

    But users running Vista have Protected Mode [msdn.com], which effectively isolates IE and prevents it from doing damage. It's possi
    • by schon (31600)

      Vista has a lot of features that makes the inevitable bugs much, much harder to take advantage of.

      Yes, and I'll bet that each one of those features has it's own bugs which can be exploited - which makes the entire computer easier to exploit, not harder.

      It's possible that protected mode has a flaw, but judging by how it works I find that unlikely.

      I see you've already considered the possibility that the features will have their own bugs. However, unlike you, I will decide to err on the side of historical evidence.

      Historically, MS doesn't know how to write secure software, and takes several attempts to get it right. Why would these new features be any different?

      Vista users aren't running as admin

      You're claiming that the OS enfor

      • Point by point...

        Yes, and I'll bet that each one of those features has it's own bugs which can be exploited - which makes the entire computer easier to exploit, not harder.

        The features I was referring to are things like ASLR. Even a flawed implementation of ASLR will make the computer harder to exploit, not easier. To assume that any new feature will automatically result in a more vulnerable computer is a flawed assumption. It completely depends on the feature in question.

        I see you've already considered the

        • by schon (31600)

          To assume that any new feature will automatically result in a more vulnerable computer is a flawed assumption.

          Bullshit. You said it yourself:

          No non-trivial software is bug free.

          The more features (code) you add, the larger the bug count. It's a well-known axiom in security circles that every bug is a potential security vulnerability. Therefore, every feature you add makes your software more vulnerable. By definition.

          Perhaps if you understood general computer security a little better, it might be helpful for you to understand my arguments. You seem to have done some reading on MS security, but there's a whole world outside of MS. There's a

  • All of the big companies and the government talk about how much they like capitalism, but then complain about things like this. But when you think about it, it's capitalism working exactly as it's supposed to: The market is assigning a dollar value to exploits.

    Microsoft has been very lax in the area of security, enabling a market to evolve around exploiting it's weaknesses. Microsoft got it's self into this position by maintaining a monopoly. Absent a monopoly, M$ would have had to compete on quality an
  • by mqduck (232646)
    $50,000?? That's alot of money to spend in the hope that you'll be given the code promised. I think there may be another possibility. Maybe the seller of this is hoping for just one customer: Microsoft. They don't want these things to be used, and what's $50,000 them anyway?

It's a poor workman who blames his tools.

Working...