Slashdot Mirror
Windows Key Leak Threatens Mass Piracy
lou_soyur writes "A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet. Rampant piracy sure to follow fears Microsoft, so it's a safe assumption that their lawyers "would scour the Internet looking for the leaked code". The joy of closed source security at work."
I don't think leaks have anything to do with whether it is open or closed.
There are probably ten or fifteen leaked keys by now. Finding Windows keys isn't difficult, and never has been. Why is this news?
Of course the key was going to be leaked- it was only a matter of time. It's the same way with all key based systems. Microsoft will still make just as much money as ever. (Keys were leaked all the time before product activation anyway) the poster spins this as though this is going to cause mass hysteria and pandemonium. What is meant by "closed source security"? An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
Anybody who needs to run this server edition of windows is going to pay for it and probably buy a support contract to boot. Joe Downloader who decides he wants to run Windows 2003 on his piddly two generation old machine just to show how cool he is would never ever pay for 2003 in the first place, he'd just stick with the XP Home edition that his machine came bundled with.
Mountains out of Molehills, or should that be mothballs in the case of a microsoft losing market dominance?
When information is power, privacy is freedom.
This is what became know as the Devil's Own key when XP came out. Same idea. You use the key, then you can't install service packs.
It's your own fault for installing it. Just because you can't afford books for school doesn't mean you're entitled to learn. Same thing goes for new operating systems! Fucking pirates!
At first, when I saw this, I chuckled. Then, I thought about all the times I've seen stories on /. about some company using GPL'ed code in their closed-source product. That pisses me off. Microsoft has decided that, if you want to use their software, you need to abide by their license agreement, which includes the stipulation that you pay for their software. If you don't want to pay for their code, then don't use their software. Myself, I'm a Linux and Mac user. I obviously don't pay for Linux, and I gladly pay for OS X when I buy a Mac from Apple. Power of choice, people, but you can't have it both ways. Either respect other people's licenses, or don't be surprised when they don't respect yours.
We don't have a state-run media we have a media-run state.
pirate name generator
I used to work for a microsoft help desk that was supplied with the corporate software disks known at the time as "select", we used to get four or more copies of everything in every langauge Microsoft could be bothered with, and not a single thing required us to enter the licence keys in. They were "pre-installed".
The weird thing? was that we were allowed to make "evaluation" copies of these disks and "support" copies of these disks to give to our clients and engineers. And these evaluation and support disks used to get "lost" as fast as we could issue them. And after long discussions with the local microsoft office, they said they were fine with the evaluation and support disks. Ie microsoft sanctioned piracy, in the interests of having more client sites and more technicians with the skills to support them. Ie most of us technicians couldn't afford to pay for microsoft software to install at home so we could learn it. In fact I think that Microsoft and my company had an agreement that said that we were allowed to install microsoft software at home so long as we worked for that company (a microsoft solution provider). I later used this technique to get around the useless recovery disks that some PCs come bundled with, so that you can only re-build your system by formatting the hard disk again...Blech.
Funny how installing IBM mainframe software at home was never expected or required. We couldn't take that work home with us.
Why do you have to have the initial install key ?? .. (Hey .. it's a 30 day window period) and when you want to "Activate", you then have to pay.
Microsoft can simply give Windows (XP/2003) away for free
Each pirated version of Windows running is one less copy of Linux or other variant OSes running. In order of their preferences, 1) Legit MS 2) Pirated MS 3) Alternative OS So they almost approve piracy.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
By Microsoft as a way of getting Win2003 Server onto lots of systems that would otherwise run Linux. "Oh, dear, we've lost our key!" One has to wonder why a product like this even needs a master key. Surely system-builders and so-on can use product activation like anyone else: even if they can use the same key multiple times, nothing says they cannot activate it on-line.
Oh those damn pirates, now we will have to crack down even harder on all those people still using bootleg copies of Office 97!!!
Sig for sale or rent. One previous user. Inquire within.
> Seems we have the answer for Microsoft, don't we?
So your suggestion would be for MS to keep their source closed (they're going to anyway) and then give out the software, but sell the support?
And this would encourage good, easy-to-use, easy-to-configure, bug-free software with a consistent interface, I bet, right?
-fred
Sign #11 of Slashdot overdose: You see the phrase 'moderate Republican' and you wonder if that would be a +1 or a -1.
Hell, we can get software from my school for so dirt cheap, ($30 for Windows XP Pro) they might as well give it away for free.
On a related note, I've had youngsters telling me enthusiastically that there are people hanging around the school gates offering drugs for little or no money. I feel obliged to point out that once they become hooked, they'll be hit later for the full amount.
Phillip.
Property for sale in Nice, France
Security is only as strong as the weakest part, and I seriously doubt that's with the encryption algorithm here. Remember this system is not designed to protect your computer from outside threats (like SSH, etc), it is to protect the operating system from the user. The threat model and problem being solved are entirely different.
Why attack the encryption algorithm directly? Instead reverse engineer and bypass the parts of the OS that invoke the license checks. Or fool the probes which try to determine your hardware signatures. "Borrow" a key. Or for that matter just be sure to run IIS, as it lets perfect strangers run any applications they want on your computer, it should just as easily let you use your own computer too without any security checks :-)
I do have two important observations though:
I have had to pay for that f*cking operating system for about every PC that I have ever bought, even though I don't use it. It's only right that other people who actually want to use it shouldn't have to pay for it.
Somehow I fail to understand how this would threaten PIRACY. I've always thought leaked windows keys threatened microsoft sales.
oh well...
Yeah I guess piracy isn't a concern when you're giving away your stuff (code, soft) and making profit from somewhere else (maintenance, counseling, certification).
But keep in mind that sometimes it just doesn't work any better (or implies "higher ethics"). When I know a company is releasing underdocumented or buggy code on purpose just to keep gauging from me ("deluxe docs", counselling...) there's a thin line you sometimes don't know where it exactly is.
... what's even worse is when they steal from you both ways (seen any macromedia packaged doc?)...
A couple of things
1) Open Security != Open Source
2) Open Source != No Key (PGP ring any bells ?)
So just to clarify
1) If I create an SDA using PGP this is Open Source Software with a key
2) There are closed source security elements that have put their code out for review, including by the Goverment
3) Red Hat give you a key to access their premium rate support.
4) You made a glib comment that hit the MS Bad, OSS good Slashdot button and got modded up
5) This just means there are lots of people on Slashdot who don't understand this either.
Sheesh, you can have key restricted open source software, that is the idea of privacy and security for starters, the whole aim of VPNs etc etc. The issue here is in part _how_ the key (think private key) is issued. What MS want to do is make it simple for volume installers. Now what they could do is supply a bunch of USB keys to these volume suppliers that must be inserted during install. So give them 20, or 30, or whatever ghosting 30 at a time is a reasonable upgrade plan (no-one in a large company goes overnight for a total upgrade).
The issue is 1) Process 2) The nature of the security.
NOT whether its open or closed source.
An Eye for an Eye will make the whole world blind - Gandhi
But I can guess at two reasons why it comes just now:
Perhaps this "leak" is to take attention away from new releases of excellent servers: OpenBSD 3.3, RedHat 9 (even w/4 business hour response time), and Mandrake 9.1.
Or perhaps it is to drum up sympathy in congress for new legislation which could be used to mandate DRM in the U.S. This would hamstring the U.S. IT sector and many public institutions by taking money out of already tight budgets and sending it to Redmond in the form of forced purchases of new hardware and software.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Conclusion: Dave Miscavige is mightier than Bill Gates
I'm just stating what I read.
I personally change my motherboard/CPU/video card about once a year. But I'm also swapping things out at least twice a month, e.g., I'll switch sound cards. And I'm buying new hardware about once a month. Just a few days ago I bought a new HD. The month before that I doubled my RAM to 1 gig. The month before that I bought a USB 2.0/FireWire combo PCI card. Etc, etc, etc.
And I think you're missing the point. It doesn't matter if you change your hardware every day or every minute or never. It's YOUR computer. I'm not willing to ask permission to make change. And I'm also not willing to buy a product that expects me to ask permission, even if I never actually have to ask.
It's my computer damnit, and no one will tell me what I can do with it!!! (Other than my wife of course!)
If someone says he and his monkey have nothing to hide, they almost certainly do.
Microsoft keeps arguing that the purpose of Product Activation is to stop piracy. That's ludicrous:
First, weeks before XP was released there was the infamous leaked corporate copy of XP readily available for download in convenient ISO format.
Second, Microsoft stated that anyone using the leaked version of XP would not be able to update to SP1. However, a week before SP1 was released tweaktown.com had figured out and posted a way around it.
Third, now the exact same thing is happening to Windows Server 2003.
Exactly how did Product Activation stop piracy? It didn't. What does it stop? It stops what I call sharing. That's when a friend uses his copy of Windows to upgrade a friend's computer. That is what Product Activation has stopped and nothing more. (I'm not saying that sharing is OK, but it's hardly piracy!)
Maybe Product Activation is also Microsoft's attempt to get the average person used to paying for upgrades. Maybe it is a step in the direction of Palladium, i.e., getting the average person used to the idea that Microsoft controls their PC, and not the other way around. It could be a lot of things, but it is clearly NOT intended to stop real piracy.
If someone says he and his monkey have nothing to hide, they almost certainly do.
Windows piracy is definitely bad news for OSS. However, not to such a great extent in this case of Windows Server 2003, which won't particularly appeal to the average joe who's already got a pirated copy of Windows XP.
According to the article, Microsoft's responce to stolen activation codes is to make it impossible to apply service packs to software activated with those codes. That won't keep people from using the stolen software, but it will keep them from applying bug fixes and patching security holes in the stolen software.
Let me say that again. It will stop people from applying security patches to the stolen software. That means that the next big MS worm will have a large installed base of unpatched, and unpatchable, MS servers to exploit.
This situation hurts every person who uses the Internet.
Stonewolf
If you repeat a lie enough times, it is eventually perceived as the truth.
Biodiesel : domestic, renewable, clean, and in the fuel tank of my bone stock 2002 New Beetle TDI
I'm not sure about the places were everbody else works, but where I work we have so many oprotunities to no license things correctly, but we do because we are an organization (actually a university). I'm pretty sure that most companies also buy all of their software in good faith, or they at least don't knowingly steal from a software manufacturer. I think the only people that are probably stealing this software are the nerds that put this software on a computer at home because they are willing to pay the $500 to $2000 is costs to legally license Windows Server... It's not like the key codes aren't going to get out there after April 24th... The codes will get out from their OEM customers and the other groups that have product keys that don't need to be activated...
This whole thing is just free press for Microsoft to help announce their release date. I didn't even know when the release date was and our organization is a Tech Net + subscriber and have the RC2 installed... Maybe my head is just in the sand...