Slashdot Mirror
Windows Key Leak Threatens Mass Piracy
lou_soyur writes "A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet. Rampant piracy sure to follow fears Microsoft, so it's a safe assumption that their lawyers "would scour the Internet looking for the leaked code". The joy of closed source security at work."
There are probably ten or fifteen leaked keys by now. Finding Windows keys isn't difficult, and never has been. Why is this news?
I think the reason why this is such a big deal is because, if you read the article, it is a key that can be used to install Windows Server 2003 WITHOUT activating it on the internet. It is a multi-license key usually given to system builders and the like. I think Microsoft is correct in stating that this will lead to more piracy since the key can be used on an "unlimited" amount of machines.
Only a scurvy dog would run the likes of this barnacle cover OS, yar.
According to serials.ws (mind the porn popups):
Windows 2003 GER Server Full
Added: 2003-04-04
C4C24-QDY9P-GQJ4F-2DB6G-PFQ9W
Badonkadonk.
K4RBR-F3K42-M9RXG-48TPR-H6BPB
cheers !
http://slashdot.org/~lou_soyur
Or it might be...
K4RBR-F3K42-M9RXG-48TPR-H6BPB
(The number from the TMCiSO release.)
Badonkadonk!
JB88F-WT2Q3-DPXTT-Y8GHG-7YYQY
SSH has been cracked quite a few times (especially SSH1, hence SSH2). Unless you really know what you are doing it's easy to make mistakes while doing cryptography, even the experts mess up once in a while, they're only human after all =)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
... "mass piracy" is the object of utility, not the object of a transitive "threatens."
This is why Latin is superior for mechanistic parsing, because it would be the "ablative of utility" (or maybe the dative). These would be different cases than the accusative, which is usually the case for objects of transitive verbs in the active voice in the dead language.
Nevertheless, English flows well in speech and written text more or less, and has become the lingua franca for the Internet Age. Interesting stuff.
Yeah, this post is offtopic, but so is the parent. And I didn't find it funny, either.
Sure, just let me have the same amount of access to it as I have to Windows 2003 while installing it. Give me your key and access to your machine/network stream while you ssh out and I'll hand you the decrypted plaintext of your session.
Of course this has little to do with the security of this particular authentication mechanism which simply looks up a secret key in a database of issued to see if it is valid and has enough licenses available. Volume licensing is always the problem in this case.
Repeat after me: There is no such thing as security in an insecure environment.
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
its not a server edition, its windows 2003 server!
its a family which has 4 branches,
identified the leak as a 3-in-1 code, meaning that it would work with three different versions of Windows Server 2003.
since the key was leaked anyone can burn a copy of any edition excluding web edition and run it!
Until you download the keygen with integrated key changer.
What? You didn't know there was a working Windows XP keygen/key changer floating around out there? Consider yourself informed.
main(c,r){for(r=32;r;) printf(++c>31?c=!r--,"\n":c<r?" ":~c&r?" `":" #");}
Actually, you determine the algorithm used by reading the ASM code, and then rewrite a new algorithm that works in reverse. For example: program does: username + key ==> hash value keygen does: hash value - username ==> key This is not trivial
it is only after a long journey that you know the strength of the horse.
In the land before time, or rather, the world of software before Windows XP, Microsoft OS's didn't require activation, but they did require CD Keys. Mostly this was a fiasco as ANY legitimate cd key could be used ANY number of times for that version of the software. Many will remember the NT4 days and the ever-popular 111-1111111. Microsoft got smarter for Windows 2000, but not by much. The not-so-easily-forged 25 character cd key introduced with Windows 98 was used, which at the very least prevented people from making up cd keys. However, it was soon discovered that with a simple change of no more than TWO characters to an easily-editable text file, the cd key requirement could be eliminated! Toss those keys away! This one made it super convenient to install Windows, and the piracy raged on. This hole is still wide open, even with the latest service pack.
Microsoft did start wising up, however. Summer of 1999 saw the first ever "activation" efforts implemented in Microsoft Office 2000 in certain markets, notably US education, Australia, and New Zealand. This was a successful pilot program and with the release of Office 2000 SR-1 in summer of 2000, all retail versions of Office 2000 incorporated this technology (known back then as "registration.") This, too, however, was quite simple to defeat using a corporate install feature normally reserved for large-scale deployments.
The release of Windows XP saw another big step forward for Microsoft's anti-productivity tools (excuse me, "anti-piracy efforts"). Same 25-character cd keys, but you have to "check in" with Microsoft to verify you haven't handed the key out to 25 of your closest friends. Windows XP activation is actually quite a bit more lenient than most people realize... you can change a significant amount of hardware and not be forced to reactivate, and the biggest secret is that if you don't check in with MS Activation servers for a period of 4 months, they'll wipe your history clean and you can activate anew with ANY hardware configuration. Enough room for even the heaviest geek to make all the changes he wants.
Once again, however, product activation was easily defeated. It wasn't long (well before the retail release for that matter) before someone got ahold of a corporate copy (no activation required) and let it loose on the net. The biggest change with Windows XP was that the difference between retail and corporate versions was a whopping 10 files, including one that was almost 13 MB. Not so easy to make your retail copy activation-free, but it can be done. The ramifications were clear: there was to be no more swapping of retail and corporate keys. It was too easy for Joe User to find a few characters on the net and defeat all the anti-piracy efforts MS had spent months developing.
And here's where we connect with the article. First of all, cd keys to install Windows Server 2003 have been out since before it was originally posted on MSDN (which, by Microsoft's own admitting, was less than 4 hours after RTM). The problem was, all those cd keys were from retail distributions which required activation. Yes, a "reset" patch was quickly coded which virtually made the activation requirement non-existent, but these things have been known to have been "corrected" in service packs. The public was clamoring for a "corp" release, which would eliminate the activation altogether. Insiders had access to the corporate release but it was worthless without a key... a key somebody was probably going to lose their job for if they divulged it. Almost a week went by, and then early yesterday morning, a key was located and the corporate release has been forthcoming. This wasn't the first key and it's not the only key, but it is special in that it is the first "volume license," or "corporate" key to be released.
The article fails to mention that the key MUST be matched with a corporate release. Once again, the unique files from retail and corporate editions are about 13 MB, but those files can be found on the web in
Actually the only money Microsoft makes is on both Office and Windows. I can't remember the exact figures, but it's about 85% profit on Office and 80% on Windows.
All of that excess is used to fund money losing projects including WebTV, WinCE, Xbox, MSN, and everything else.
If someone says he and his monkey have nothing to hide, they almost certainly do.
I believe it's happened in the past where Microsoft's patches will check for this key and deactivete the product if it's found. So if you go to Windows Update and download the latest service pack, it will disable your copy of Windows, citing a "Warez" key as the reason, and to please contact Microsoft to obtain a valid key. And with all the built in vulnerabilities, your basically forced to keep on top of the updates.
MSDN subscribers have got (when W2k was young) a W2k pro CD with this "patch" pre-applied.
It's not changing something to 000 or so, it's adding a line with the registration key filled in in advance. If the line isn't there (the default), the UI prompts you for it.
Oh there is one...you have to leave it running for quite awhile (I don't know exactly what it is doing) and it will create good XP (and office) CD keys.
Take a look at the register article.
http://theregister.co.uk/content/4/24065.html
NERSC has some information about pi and you can search through the first 4 billion digits. The server serial number doesn't code into their input form (numeric or letters only, not a combination), and it's restricted to a 10 character input anyway. The encoding could be converted to hex, but the odds of finding it in the first 4 billion digits are very slim indeed.
It makes brute forcing valid serial numbers almost look attractive.
Ian.
A physicist is an atom's way of thinking about atoms
Apparently You've not used .net server. It runs better than XP home, due to the fact that most services are turned off by default, such as theme support and sound support, and it runs quite nicely even on a Ppro 200. It's a far better desktop OS than XP home.
fslg503-985-8686503-985-8686503-985-8686503-985-8
What I find funny is, that it's like this story (urban myth perhaps) about the woman who had a thriving business of disposing of peoples dead pets in a big city for about $50. Other disposal options were too expensive for many people, so she made a stack of cash.
She would simply buy a cheap and nasty ($5) suitcase for a couple of bucks. Put the dead animal in it, and leave the suitcase at a crouded train station. Of course, the suitcase wasn't sitting there long before someone steals it.....
You can draw many parrellels of this MS situation here. I guess after 911, this scenario might not be advisable.
Anyways, the kind of people who rip off proprietary software, are not the types who would actually shell out the mega bucks for it anyways - even if it were no warez or serialz available for them.
I used (and i guess still could if i was so inclined) to install NT4 and Office 97 after i lost the keys just by typing random numbers into the keybox. I also still remember my win 95 serial. Now we have these 25 char alphanumeric keys and it's hell if you lose a box. And windows is still pirated. Fail imo.