Vista Activation Cracked by Brute Force 470
Bengt writes "The Inquirer has a story about a brute force Vista key activation crack. It's nothing fancy; it's described as a 'glorified guesser.' The danger of this approach is that sooner or later the key cracker will begin activating legitimate keys purchased by other consumers. From the article: 'The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'"
Easy Fix (Score:2, Insightful)
Re:Easy Fix (Score:5, Insightful)
Tom
Perfect (Score:1, Insightful)
I don't have problems with any number of copy protection schemes. Granted they can eventually be defeated almost without fail, but it does rais the bar for the effort. PS disc error thing I think was a fairly clever method for example. I don't even really mind CD keys too much, although its irritating as hell to lose whatever they happened to write the code on (Is it too much to ask to print it on the damned disc?). But I absolutely refuse to touch any piece of software that requires some online activation type crap.
Re:Easy Fix (Score:0, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
Predatory Pricing (Score:1, Insightful)
1) Too many variants
2) Too expensive an upgrade from XP
3) Limitation on which versions run virtualized.
Sadly, for MS, they have not emphasized it can creditably replace a several hundred dollar Nuance Dragon Naturally Speaking install (I know, I've tried both)
Ok, so it's Microsoft... (Score:1, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
If this truely starts to be a problem with legitimate users being bothered by having their keys taken, MS will have to loosen up activation. That would be a benefit to all legitimate users.
Re:Not too big of a deal (Score:5, Insightful)
"as someone who has worked on systems such as these (oh the inhumanity!) we have looked at this particular attack vector. Yes, it is possible. But, when you consider the size of the activation code domain (quadrillions or more of combinations), with the number of legitimate keys (hundreds of millions), and the fact that each request takes some amount of time (a few seconds), it's not too big of a risk. A risk? yes. But there are lots of risks. This is just another one to be put on the list, watched, and mitigated against (as others have said, with blocked IPs and so forth)."
Obviously someone else who didn't read either the article OR all the other user comments - no net connection required to generate the keys - the attempts to change the key are done locally; after a successful local key change, submit the new key for activation.
Blocked IPs won't do jack shit for such a scheme.
Also, you're not trying to find a specific key that works, just one of many, so even with a huge wrong-key space, you'll get a favourable collision with a valid key sooner, rather than later. Its like the same-birthday problem.
Re:MS would owe at least the key (Score:5, Insightful)
Re:MS would owe at least the key (Score:3, Insightful)
He hopes that by affecting existing/legit users that the issue will be brought to task sooner rather than later.
Welcome to the non free world. (Score:5, Insightful)
I don't see how this is possible, or credible speculation even for a company a evil as MS...
Sorry, that's their EULA. You have two choices when you purchase anything M$, return the package unopened for a full refund or use it. They do not and can not promise it will work and they are not responsible for the actions of others. They regard anything they do beyond the EULA a favor for which you should be grateful, just like they regard anything their software ever does for you. They think you should be so grateful that you do as they say. This is the nature of non free software. Your master may take care of you or they may not and those are the conditions you must agree to if you want to use non free software.
They don't trust you. They made the registration key in the first place to restrict the number of computers you can use before you pay them more. When you call and claim your key does not work, they can't tell the difference between you and someone who's shared their key. Once again, this is the nature of non free software.
Except we know already what happens (Score:5, Insightful)
Yes, there have been some fucktards too historically, but MS was sane about it so far. I'm not saying they're saintly or anything, feel free to still be anti-MS if it makes you feel any better. Just that their sane. Even if you want to see them as some kind of super-willain, well, as super-villains go, MS was the _sane_ kind so far. The kind who's read the evil overlord's list, not the random lunatic kind. It knows when _not_ to do something that would damage itself very quickly.
Look, there are plenty of real reasons to whine about MS, no need to invent bullshit FUD scenarios. That kind of going into bullshit fantasy land, just to have something bad to say about MS, just damages the credibility of the real complaints.
Re:MS would owe at least the key (Score:5, Insightful)
Unlike duplicating an mp3, here the original copy is no longer usable. It isn't just making another copy for yourself and leaving the original functional.
But the victim is MS or their customers, so it must be ok.
Re:MS would owe at least the key (Score:5, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
Using Microsoft's services, such as Windows Update, could be considered theft. But that is theft from Microsoft, not from consumers.
Re:MS would owe at least the key (Score:5, Insightful)
Regardless, its copyright infringement, not 'theft' and not 'piracy'. Its really quite simple, theft is when you physically take something that doesn't belong to you. Copyright infringement is, amongst other things, when you make a copy of something you aren't authorized too.
In fact in this case the real issue isn't even copyright infringement. Suppose I use this keygen on legally purchased software. What laws are being broken?
I didn't 'steal' your key, I happened to come up with the same number MS assigned to someone else independantly. Hell, I might have come up with the number before MS, which, if anything, would make it -my- intellectual property; and MS would be infringing my copyright by issueing you "my" key string.
Which is of course absurd.
Re:Except we know already what happens (Score:3, Insightful)
2. I'm not saying its some supervillian plan, I am saying this is the kind of horse shit that comes out of large money hungry beurocratic organizations. It's not really MS specific.
3. I think their product is a tolerable product for some things (right tool for the job stuff). I despise their business practices because the only reason their product IS a tolerable product for some things is because they successfully violated so many laws to make it the defacto standard. They are not innovative, the people who typically think they are have only ever been exposed to MS products and don't realize that the vast majority of the shit they do are poor 'embrace and extend' bastardizations of good ideas that came from other places.
Ultimately, they are a very large beurocratic money hungry organization with a piss poor track record of behaving ethically. They aren't the only organization like this, but they certainly are one of the biggest. In the meantime I am going to laugh at their horrible mistakes, their losing lawsuits, and the other nonsense monkey boy puts out. Their products are getting worse and they are less of a software giant and more of a comedy club these days anyways. "developers developers developers developers" "fuckign kill google!". I hope chair tossing becomes an olympic sport soon too.
Re:MS would owe at least the key (Score:1, Insightful)
Re:Easy Fix (Score:5, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
Sorry, couldn't resist.
In the end though, this sort of corporate behavior is hugely annoying. Microsoft rose to the top partly because it looked the other way on unlicensed use of it's products, and now that it's the standard, it's trying to lock down. Well, the problem is, now there is a huge group of people who have a vested interest in using that software for free, and there is no way that they're going to beat them using a purely technical solution...Crackers are proving that on a daily basis.
Smarter of them to leave things as they were.
Re:Predatory Pricing (Score:3, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
Ways for MS to handle the problem, seriously (Score:3, Insightful)
If the problem is large:
Have people caught up in the duplicate-key mess photograph their Windows Vista packaging with the key showing in the photograph and send it in.
For the related problem of duplicate OEM keys, photograph the machine and mail in the make, model, and serial # of the machine and/or the name of the store you bought the license from. This won't help as much with tracking "manila envelope" licenses as those can be traded willy-nilly before the envelope is opened, but it will help with licenses that are assigned to particular manufacturers.
Give "ownership" to the person with the most convincing photo or purchase history. For the other claimants, if you are nearly 100% sure they are illegitimate sue them or make them provide personal information to get a "new, legal key, on the house" otherwise write off the loss. Pirates aren't as likely as people who think they are legitimate buyers to give out their name and address. If they balk, make a decision: do you want to risk being wrong and wind up in court and lose and get a PR black eye, or do you want to stand by your guns? If you aren't nearly 100% sure, just write it off.
In any case, if you don't immediately activate the product, at least activate it for 30 days while you decide what to do.
Even better - scrap the whole activation thing.
In the future, software will be delivered electronically and every copy will be uniquely watermarked. Yes, you can watermark compiled computer code by inserting NOPs, replacing operations with equivalent operations, etc. Of course this isn't as simple as it sounds as addresses get moved around, but it's doable.
Re:MS would owe at least the key (Score:3, Insightful)
I agree it's a nitpick and not a justification for copying Vista, but it is a llegitimate response to the "Copyright is Theft" slogan.
Re:MS would owe at least the key (Score:3, Insightful)
No, you didn't. By punching a number into a dialog box you don't take their key. Microsoft, in fact, takes away their right to use their purchased software.
The system is stupid and broken. The fact that I can go read a number off your PC, then come home and use it to invalidate your Windows installation is an example of Windows being broken as designed.
Unless I come into your house and remove the sticker from your computer, no theft is occurring.
Re:MS would owe at least the key (Score:2, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
The irony is that you think violations of IP is theft.
The person who brute force discovers and uses someone else's code is not the one causing their Copy of Windows to be invalidated. Microsoft is doing that.
This is a very important distinction.
WHO WAS IT?!?! (Score:1, Insightful)
Re:MS would owe at least the key (Score:5, Insightful)
I am *so* glad Linux has evolved to the point it is today. I still have an XP partition and probably will for a while, but why MS expects people to keep putting up with this "phone home" behavior is beyond me. XP still handles ACPI better than Linux, but I'm happy to trade off a little convenience for control of my own machine.
Re:Welcome to the non free world. (Score:3, Insightful)
Don't you even feel a little silly about mis-characterizing the attitude of MS employees that way? Even non-evil software companies strive for some limit on their liability and responsibility, because it's just really hard to get complex software to always work. If you were subject to constant lawsuits, you'd be sunk.
It's true the EULAs are written in the vendors' best interests, and that shrink-wrap licenses should be unenforcible, and that retail software should be subject to fitness-for-purpose laws. But to characterize the MS people as swaggering a$$holes wearing jack-boots and refusing to look up from their lavish meal while you beg before them on your knees is just, well, silly.
Re:MS would owe at least the key (Score:2, Insightful)
Re:MS would owe at least the key (Score:3, Insightful)
Not so much ironic as subscribing to a different value system.
Ironic would be someone who pirates windows freaking out because somebody violated the GPL. Which happens all the time here.
The person who brute force discovers and uses someone else's code is not the one causing their Copy of Windows to be invalidated. Microsoft is doing that.
This is a very important distinction..
Exactly, like when I used your card number to order all that stuff. It wasn't me who took the money from your account, it was the bank. I just typed in some numbers. Why are you so upset? Credit Card numbers are information and information wants to be free. How could anyone be upset about that?
Re:MS would owe at least the key (Score:3, Insightful)
The only time that Windows XP checks to see if the key is valid is if you go through WGA. Nothing forces you to go through WGA, you can still apply the patches manually.
I still don't understand why people get upset with a company periodically checking to see if your install is valid. They have been doing it for years with Business Software. Now because of increasing amounts of piracy companies like Microsoft who make most of their money from the OS itself have to do it for their software.
And don't tell me that piracy isn't out of hand. On here people brag like they achieved some victory against Microsoft when they pirate Windows. Go to any Asian country, or heck even China Town and you will see racks of pirated software. Piracy is all around us.
Microsoft's attempt to curb it aren't quite as annoying as most people think. You simply forget for every whore story there are 100 or more people that had no issue, the people that speak up are the ones that had issues with the software. Even then I doubt the claims made by many, I found in the fews cases where I had a with activation a 5-10 minutes phone call to Microsoft's activation line fixed things right up.
I am sure that I am going to take a hit for this, but Vista isn't the pile of evil that people make it out to be. I personally find it a pretty good OS, though it will be 6 months to a year before I switch. Driver companies and software companies need to release updates so things work smoothly.
Re:Predatory Pricing (Score:2, Insightful)
and your saying *nix has what? 2 varients?
*nix home & *nix professional?
lets be realistic, varients is not the problem; its features and compatability which is.
phoning home (Score:4, Insightful)
Valve managed it, and the rather wonderful prevx malware finder program and SETI@home all require constant contact with home, for example.
The difference is that these systems deliver customer satisfaction because the phone home service is there as part of the service you require or with to participate in. If you decide not to, you can quit and go elsewhere. Most people using windows don't see that they have a choice (yet).
Microsofts problem is that their system is one of guilt assumption. They have it solely to check up on customers, it delivers no added value aspect to the consumer. That they say it does is part of the problem. It is for microsoft alone, it gives nothing back.
No-one cares about microsofts needs, that's human nature, we are all selfish unless giving something away brings a valued return. For them to expect that people would *want* to take part with no benefit to themselves is a pretty hefty misconception.
I find these issues with Vista interesting. I really do have no intention of ever buying it. I tried it with open mind, thinking I might get it if it brought something new I might like, but there was nothing that interested me. I didn't hate it, but saw nothing of use. It's nowhere near as useful as Linux for my needs, and if I feel a need for a commercial OS, well there's OsX.
OsX does interest me quite a bit. I've seen many presentations at conferences that were done with macs, and they look *so* good.
Re:MS would owe at least the key (Score:5, Insightful)
Re:MS would owe at least the key (Score:2, Insightful)
Re:MS would owe at least the key (Score:3, Insightful)
Re:MS would owe at least the key (Score:2, Insightful)
Increasing amounts of piracy?
I don't buy it.
Here's an academic exercise: Calculate Microsoft's marketshare over the past 15 years, and the relative size of the market each year. Compare that with Microsoft's operating system gross revenue. I haven't actually done this myself, but I'm very confident in the result of such an analysis.
What you're going to find is that the gross revenue has been grossly outpacing actual deployed copies.
Piracy isn't increasing at all — in fact I'd say the opposite, and point out that 10 years ago everyone and their brother ran a pirate version of Windows &| DOS, and among small businesses the license compliance was atrocious. Now I don't know a single person who didn't pay the Microsoft tax when they bought a PC, and almost no-one actually buys retail or does upgrades. Among small businesses, paranoia about the jackboot-squadrons has made casual piracy a huge no no — however the demand for Microsoft to pump up the revenue in a period when customers have largely lost interest is making them monetize a previously unexploited market.
Re:MS would owe at least the key (Score:3, Insightful)
It's different becaues with programs like Autocad, you generally don't have all your users of the software using it at the same time. Thus, the license server allows the company to save some money buy only buying the number of licenses they think they will need at any one time and having people "check out" the license from the server when they start the application, instead of buying a license for every computer that needs the software. On the other hand, most corporate PCs are going to be running Windows all the time, so the number of licenses is going to equal the number of PC's anyway. Thus, the server doesn't save the company any money by letting them get by with less licenses.
Re:MS would owe at least the key (Score:2, Insightful)
The entire idea is right out of 1984. If you object to that idea and want to mod this down, then good luck with your 10 minute hate.