Slashdot Mirror
Windows Key Leak Threatens Mass Piracy
lou_soyur writes "A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet. Rampant piracy sure to follow fears Microsoft, so it's a safe assumption that their lawyers "would scour the Internet looking for the leaked code". The joy of closed source security at work."
I don't think leaks have anything to do with whether it is open or closed.
There are probably ten or fifteen leaked keys by now. Finding Windows keys isn't difficult, and never has been. Why is this news?
Of course the key was going to be leaked- it was only a matter of time. It's the same way with all key based systems. Microsoft will still make just as much money as ever. (Keys were leaked all the time before product activation anyway) the poster spins this as though this is going to cause mass hysteria and pandemonium. What is meant by "closed source security"? An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
Anybody who needs to run this server edition of windows is going to pay for it and probably buy a support contract to boot. Joe Downloader who decides he wants to run Windows 2003 on his piddly two generation old machine just to show how cool he is would never ever pay for 2003 in the first place, he'd just stick with the XP Home edition that his machine came bundled with.
Mountains out of Molehills, or should that be mothballs in the case of a microsoft losing market dominance?
When information is power, privacy is freedom.
At first, when I saw this, I chuckled. Then, I thought about all the times I've seen stories on /. about some company using GPL'ed code in their closed-source product. That pisses me off. Microsoft has decided that, if you want to use their software, you need to abide by their license agreement, which includes the stipulation that you pay for their software. If you don't want to pay for their code, then don't use their software. Myself, I'm a Linux and Mac user. I obviously don't pay for Linux, and I gladly pay for OS X when I buy a Mac from Apple. Power of choice, people, but you can't have it both ways. Either respect other people's licenses, or don't be surprised when they don't respect yours.
We don't have a state-run media we have a media-run state.
pirate name generator
I used to work for a microsoft help desk that was supplied with the corporate software disks known at the time as "select", we used to get four or more copies of everything in every langauge Microsoft could be bothered with, and not a single thing required us to enter the licence keys in. They were "pre-installed".
The weird thing? was that we were allowed to make "evaluation" copies of these disks and "support" copies of these disks to give to our clients and engineers. And these evaluation and support disks used to get "lost" as fast as we could issue them. And after long discussions with the local microsoft office, they said they were fine with the evaluation and support disks. Ie microsoft sanctioned piracy, in the interests of having more client sites and more technicians with the skills to support them. Ie most of us technicians couldn't afford to pay for microsoft software to install at home so we could learn it. In fact I think that Microsoft and my company had an agreement that said that we were allowed to install microsoft software at home so long as we worked for that company (a microsoft solution provider). I later used this technique to get around the useless recovery disks that some PCs come bundled with, so that you can only re-build your system by formatting the hard disk again...Blech.
Funny how installing IBM mainframe software at home was never expected or required. We couldn't take that work home with us.
Each pirated version of Windows running is one less copy of Linux or other variant OSes running. In order of their preferences, 1) Legit MS 2) Pirated MS 3) Alternative OS So they almost approve piracy.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
Hell, we can get software from my school for so dirt cheap, ($30 for Windows XP Pro) they might as well give it away for free.
On a related note, I've had youngsters telling me enthusiastically that there are people hanging around the school gates offering drugs for little or no money. I feel obliged to point out that once they become hooked, they'll be hit later for the full amount.
Phillip.
Property for sale in Nice, France
Security is only as strong as the weakest part, and I seriously doubt that's with the encryption algorithm here. Remember this system is not designed to protect your computer from outside threats (like SSH, etc), it is to protect the operating system from the user. The threat model and problem being solved are entirely different.
Why attack the encryption algorithm directly? Instead reverse engineer and bypass the parts of the OS that invoke the license checks. Or fool the probes which try to determine your hardware signatures. "Borrow" a key. Or for that matter just be sure to run IIS, as it lets perfect strangers run any applications they want on your computer, it should just as easily let you use your own computer too without any security checks :-)
I do have two important observations though:
I have had to pay for that f*cking operating system for about every PC that I have ever bought, even though I don't use it. It's only right that other people who actually want to use it shouldn't have to pay for it.
Yeah I guess piracy isn't a concern when you're giving away your stuff (code, soft) and making profit from somewhere else (maintenance, counseling, certification).
But keep in mind that sometimes it just doesn't work any better (or implies "higher ethics"). When I know a company is releasing underdocumented or buggy code on purpose just to keep gauging from me ("deluxe docs", counselling...) there's a thin line you sometimes don't know where it exactly is.
... what's even worse is when they steal from you both ways (seen any macromedia packaged doc?)...
A couple of things
1) Open Security != Open Source
2) Open Source != No Key (PGP ring any bells ?)
So just to clarify
1) If I create an SDA using PGP this is Open Source Software with a key
2) There are closed source security elements that have put their code out for review, including by the Goverment
3) Red Hat give you a key to access their premium rate support.
4) You made a glib comment that hit the MS Bad, OSS good Slashdot button and got modded up
5) This just means there are lots of people on Slashdot who don't understand this either.
Sheesh, you can have key restricted open source software, that is the idea of privacy and security for starters, the whole aim of VPNs etc etc. The issue here is in part _how_ the key (think private key) is issued. What MS want to do is make it simple for volume installers. Now what they could do is supply a bunch of USB keys to these volume suppliers that must be inserted during install. So give them 20, or 30, or whatever ghosting 30 at a time is a reasonable upgrade plan (no-one in a large company goes overnight for a total upgrade).
The issue is 1) Process 2) The nature of the security.
NOT whether its open or closed source.
An Eye for an Eye will make the whole world blind - Gandhi
But I can guess at two reasons why it comes just now:
Perhaps this "leak" is to take attention away from new releases of excellent servers: OpenBSD 3.3, RedHat 9 (even w/4 business hour response time), and Mandrake 9.1.
Or perhaps it is to drum up sympathy in congress for new legislation which could be used to mandate DRM in the U.S. This would hamstring the U.S. IT sector and many public institutions by taking money out of already tight budgets and sending it to Redmond in the form of forced purchases of new hardware and software.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Conclusion: Dave Miscavige is mightier than Bill Gates
Microsoft keeps arguing that the purpose of Product Activation is to stop piracy. That's ludicrous:
First, weeks before XP was released there was the infamous leaked corporate copy of XP readily available for download in convenient ISO format.
Second, Microsoft stated that anyone using the leaked version of XP would not be able to update to SP1. However, a week before SP1 was released tweaktown.com had figured out and posted a way around it.
Third, now the exact same thing is happening to Windows Server 2003.
Exactly how did Product Activation stop piracy? It didn't. What does it stop? It stops what I call sharing. That's when a friend uses his copy of Windows to upgrade a friend's computer. That is what Product Activation has stopped and nothing more. (I'm not saying that sharing is OK, but it's hardly piracy!)
Maybe Product Activation is also Microsoft's attempt to get the average person used to paying for upgrades. Maybe it is a step in the direction of Palladium, i.e., getting the average person used to the idea that Microsoft controls their PC, and not the other way around. It could be a lot of things, but it is clearly NOT intended to stop real piracy.
If someone says he and his monkey have nothing to hide, they almost certainly do.