backtop

Print E-mail del.icio.us 33 comment(s) - last by jonmcc33.. on Dec 17 at 12:07 PM
Despite its best efforts, Microsoft's activation server gets cracked

Despite all the talk surrounding its security and beefed up anti-piracy measures we all knew that it wouldn't take long for hackers to take a stab at Vista's activation scheme. Cracked copies of Windows Vista started flooding the internet soon after the operating system was released to manufacturing and ahead of its official release.

Microsoft's new Volume Activation 2.0 system requires that each copy of Vista for volume licensees be activated through Microsoft servers. This wasn't the case with Windows XP numerous pirated "corporate" editions of the operating system flooded the internet.

Microsoft's solution for making Volume Activation 2.0 easier for administrators has been attacked, however. Hackers have spoofed Microsoft's Key Management Service (KMS) server which allows corporations with 25 or more networked computers to activate Vista installations. The software hack is making the rounds around the web and in a nod to Microsoft Chairman Bill Gates is named after his wife, Melinda.

According to reports, the software hack uses a VMware image of the KMS server to activate copies of Windows Vista Business and Enterprise. APC Magazine reports:

The download is a VMware image, and the idea behind it is that you download and install VMware Player (a legal free download), boot the image and use some VBS script (supplied with the activation server download) to have the client Vista machine get its activation from the local server. And that’s it -- no communication back to Microsoft.

But for those that think that all of their problems are solved with this software hack, you may want to hold your horses. A valid KMS product key is still required and the activation is only valid for 180 days.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
What hack?
By stash on 12/10/06, Rating: 0
RE: What hack?
By Etsp on 12/10/2006 2:46:33 PM , Rating: 3
you dont need 25 machines. In order to legally buy the activation server software you need to have bought 25 copies of vista. This hack is a vmware image of the activation server.


RE: What hack?
By stash on 12/10/2006 3:27:03 PM , Rating: 3
Uh no. There's no 'activation software' to buy. It's built into Vista. That VB script comes with Vista.

Here's how a KMS works. You enter your VL key into a Vista machine, Longhorn server or (soon) a 2003 server. This installs the KMS service, which also registers DNS records so your clients can find it.

You then must activate the KMS against Microsoft servers over the web or phone. This is a one-time activation.

Your clients will then connect to the KMS, but will only be activated once 25 machines report in to the KMS.

Read more about it here: http://www.microsoft.com/technet/windowsvista/plan...


RE: What hack?
By GaryJohnson on 12/11/2006 12:35:01 AM , Rating: 2
Something interesting in that volume activation guide:

quote:
Volume Activation 2.0 also may provide enhanced security through frequent background validations for Genuine modules. This is currently limited to critical software, but may be expanded greatly over time.


There's an easier way.
By loser311 on 12/10/2006 6:49:23 PM , Rating: 3
I heard of a way like that but it had to do with putting your bios clock ahead until December of 2099, so when you go through with the fake activation it gives you 180 days...buuuuut its 180 days after December of 2099. : )




RE: There's an easier way.
By XtremeM3 on 12/11/2006 4:36:12 AM , Rating: 2
Could be...but I've seen simple security programs that wouldn't go for that. Kinda easy with a "kill if (todaysdate) > [(registrationdate)+180] OR if (todaysdate) < registrationdate)".

Obviously this is the plain text version, but you see what I mean. Not really hard to write, especially since date change so-called "hacks" have been used foreva.

Jeff


RE: There's an easier way.
By carage on 12/12/2006 8:14:02 PM , Rating: 2
I think Microsoft checks for system date now.
I just installed WinXP on a new PC yesterday and one of the items checked during validation was the date.


Update
By crystal clear on 12/11/2006 2:24:34 AM , Rating: 4
"Microsoft's new Volume Activation 2.0 system "
Read an update-

"Security researchers Sunbelt Software have confirmed that the Trojan is contained in a program called "windows vista all versions activation 21.11.06.exe", which has been circulating on message boards, according to a report The program claims to be a "crack" designed to unlock pirated copies of Vista, which was made available to Microsoft's volume licensing customers last week.
It in fact installs malware known as Trojan-PSW.Win32.LdPinch.aze, which attempts to steal passwords and send them back to an attacker, according to security researchers Kaspersky, which first noted the Trojan in early October.

Source-
http://www.techworld.com/security/news/index.cfm?n...




RE: Update
By jonmcc33 on 12/17/2006 12:07:41 PM , Rating: 2
From Kaspersky, which means that any good AV program can take care of that virus. No threat in my book.


Activation last forever...
By clayclws on 12/10/2006 4:37:37 PM , Rating: 3
From where I come from, piracy runs rampant. Vista has been out for weeks. Along with Office2007. It says that the softwares will expire within 30 days...but the clock never started. My bro tested it out, and has been using it for weeks...still, the timer is fixed at 30 days.




RE: Activation last forever...
By carage on 12/12/2006 8:19:07 PM , Rating: 2
A friend of mine works in a computer store in one of those countries and he reports the same thing. He has been using Vista for awhile now and the clock never did anything.
However he heard news (from a local M$ salesperson)that the clock won't start ticking until January 30th, when the retail version is supposed to be available. Maybe M$ temporarily turned it off for OEM testing purposes.


Should be......
By crystal clear on 12/11/2006 2:30:57 AM , Rating: 3
Should be-

windows vista all versions activation 21.11.06.exe

and NOT

Microsoft's new Volume Activation 2.0 system




RE: Should be......
By Samus on 12/11/2006 3:44:11 AM , Rating: 2
i dont see microsoft sweating over this.


ONLY?
By shabodah on 12/10/06, Rating: 0
RE: ONLY?
By Ratwar on 12/11/2006 12:57:02 AM , Rating: 2
Well, some of us buy PCs expecting them to last more than six months you know... Actually, most of us do...


RE: ONLY?
By ElJefe69 on 12/11/06, Rating: -1
RE: ONLY?
By Spivonious on 12/11/2006 9:33:29 AM , Rating: 3
Wow, I didn't think anyone was still running Windows 95, but you proved me wrong.


30 days free?
By sbanjac on 12/10/2006 5:33:16 PM , Rating: 2
So is it legal to download vista and use it for 30 days? are all features unlocked? Well i think that they should be, because this way we can see if it is worth the extra money... Will we be able to order these "trials" from MS?




RE: 30 days free?
By PrinceGaz on 12/10/2006 9:42:25 PM , Rating: 2
It is probably only legal to download a copy of Vista if you have already purchased a license. You don't buy the disc that software comes on, but rather the license (the right to use it).

However you can still use your copy of Vista without buying it (and activate it as that has now been cracked) but there is the slight downside that you will of course burn in hell for all eternity for your piracy sins :p


Update again
By crystal clear on 12/11/2006 9:17:26 AM , Rating: 2
This is the official response of MS-


Quote-
UPDATED 11:00 pm December 8, 2006: Cori Hartje, Director of Microsoft's Genuine Software Initiative, issued the following statement to BetaNews regarding the activation crack:

"We are actively monitoring these types of piracy and counterfeit situations, and will take action on any Key Management Service (KMS) or Multiple Activation Key (MAK) keys that have been reported as stolen or abused. Microsoft will continue to make investments under the Genuine Software Initiative (GSI) and is committed to engineering world-class anti-counterfeiting technologies in order to make piracy harder and protect customers and channel partners from the various risks associated with counterfeit software."

http://www.betanews.com/article/Hackers_Find_New_V...





whats up now
By kdog03 on 12/10/06, Rating: -1
RE: whats up now
By RyanM on 12/10/2006 5:23:14 PM , Rating: 5
Your rating isn't, that's for sure.


RE: whats up now
By SixDixonCider on 12/10/06, Rating: 0
By loser311 on 12/10/2006 10:42:01 PM , Rating: 3
Funny as I would bet your on a windows pc right now haha. This article isn't really about how secure a windows OS is. I have no complaints in that area anyway, xp sp2 with all patches, windows defender, and ad-aware installed, I have no problems with anything getting on my computer unless I give it permission to be installed. Learn how to take care of your computer and security will not be an issue.


By mindless1 on 12/11/2006 4:30:12 AM , Rating: 2
Every single vulnerability that came along that you had to continually patch, you were vulnerable to until you had patched it. No "learning" you pretend to have, was a real safety and even today, there are exploits for your system.

Ignorance is bliss?


By XtremeM3 on 12/11/2006 4:43:42 AM , Rating: 5
I'd bet 9 times outa 10 that nothing was written for any given vulnerability until MS announced a patch for it. Hell even Blaster used a KNOWN vulnerability over a month after patching and affected what? like 1/3 of windows machines. So I would have to agree that if you "learn" to keep your machine patched, and "learn" how to configure a firewall, and "learn" not to install those free apps that promise you free porn or sex partners, you can keep your computer running problem free.

I know people who don't even know what a patch is, much less how to patch a windows PC or configure auto updates - so they would have to..."learn" how. And they aren't stupid people. Not computer savy does not equal stupid.

my $0.02

Jeff


By XtremeM3 on 12/11/2006 4:46:21 AM , Rating: 2
just wanted to clarify - Blaster used a known vulnerability over a month after the patch was released. Not saying that it still affected PCs after being patched. All those PCs were affected because they weren't patched.

Jeff


By oTAL (blog) on 12/11/2006 1:51:53 PM , Rating: 2
Well, there is one thing called a 0-day exploit. But you are correct in your assertion that the most serious exploits so far were for issued patches. Anyone who bashes MS's current security probably does use windows and has never done a real application in his life. While it is true that in the past they were sloppy in that department, they're code is very good right now as they focused on that particular problem.


By Ringold on 12/10/2006 11:06:39 PM , Rating: 2
Yep. And if every tween with a keyboard in the known universe were gunning for holes in Linux, or Apple products, they'd do infinitely better, yeah? :)

Try not opening "Freepr0ndialer.exe" or 'drivers' from whatever site first comes up on Google or randomly clicking 'Yes' to anything that pops up in IE like a fool and you'll find XP and Vista both rather secure. And rather more flexible, to boot.


By keitaro on 12/10/2006 11:50:43 PM , Rating: 3
Nothing is 100% secure. Anyone who says their product is 100% secure is only fooling themselves. People target Microsoft's products because it is more widely deployed. It does not matter if you're running Apple's OS X Server, a BSD variant, or Linux. If the machine can be seen on the 'net, expect it to be attacked.

And FYI, I am one of those people who have a clue and is willing to use Vista. Do not assume that everyone who know about Vista will stay away from it. Once a certain corporate entity sends out my Vista Business license, I will have the OS installed on my primary machine to try out. I am an individual who knows what it can do, what it needs, what it can provide, and what it has to offer.

Lastly, security for the Common Joe and OS starts at the user level, not at the OS level. The computer is as secured as the user makes it and according to the user's habit. It is not the fault of the OS if the user clicks on a weird email and executes a trojan worm. Features are there for a reason. People just exploit it for the benefit of causing havoc and trouble.


By loser311 on 12/11/2006 12:23:41 AM , Rating: 2
Exactly, just as ringold said....clicking yes to 90% of anything that pops up to install on the browser and your pretty much screwed after that first piece of spyware gets on your pc, and its just a matter of time before your gonna have to reinstall the OS to get everything back to normal. Even many protection programs can't remove some of the viruses out there nowadays. I also agree with keitaro that nothing is 100% secure and nothing will ever be 100% secure just because there will always be a someway for trojans and worm to get in, especially when the user is clicking to execute it haha. Vista is beginning to help this problem with its UAP (User Access Protection), which will stop and let you knew when anything is about to be deleted or installed or moved from anywhere on the pc. In my case I turn the feature off because I know what im doing in whatever situation where anythings being tampered with/installed/moved etc. I see this feature as being great for people who aren't good at keeping spyware off a computer now, although i'm sure we'll have the majority of people seeing the warning message and letting it proceed anyway, since your giving it permission to tamper with your system.


By crazydrummer4562 on 12/13/2006 7:43:21 PM , Rating: 2
Haha, you sound like such a hypocrite it amuses me.


"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher











botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki