Slashdot Mirror
Windows Key Leak Threatens Mass Piracy
lou_soyur writes "A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet. Rampant piracy sure to follow fears Microsoft, so it's a safe assumption that their lawyers "would scour the Internet looking for the leaked code". The joy of closed source security at work."
bleh. encryption. I mean, what if to use a key, a distribution put something like a modified GPG. and you had to put a key which would translate into a real key that the OS would confirm and install.
(From the article)
Those copies of the software installed using the leaked code "won't be able to install future updates or service packs of access Windows Update," the spokeswoman said.
"They're caught between a rock and a hard place," Cherry said.
It's funny.. she's basically saying "Yes, they can install the retail version BUT they are screwed when all of our security holes and bugs are found." She seems to imply that if you don't update Win2k3 (note this is stated before it is even released!) you are going to have a junky product. Funny stuff.. only Microsoft.
Um, I guess no one here's heard of what MS did with XP SP1.. if you upgraded from XP, and were using a pirated corporate key, you were OK.. but if you tried to do a slipstreamed CD install (that is, with SP1 included on CD, a full install from that CD), you were SOL when you tried the old key. A Friend Of A Friend of mine had some trouble with that himself.. but luckily some smart person had apparently held back some of the corporate keys from wider release, fearing that this might happen, and released the new key as the SP1 key.
Thus, a single keycode getting out isn't THAT much of a piracy threat - it can easily be patched. Now, a KEYGEN, on the other hand...
They could have used a timed key (valid only for a couple of weeks). All the machines in that company that leaked the key would have had to be installed (no user prompting, but still requiring internet connection) within the timeout period. If somebody stole the timed key, and re-adjusted their computer time just to get by the install, it would fail, as the computer would still need to connect to a MS-owned server with its own notion of time.
For something this easy (other companies like Symantec provide timed keys) not to be implemented can only be a sign of deliberate action.
"I'll give out (oops! I meant leak out) this free OS. Once people get used to it, then I'll charge a huge amount for all these other softwares and services. And I'll give major parties (i.e. sueable) a chance to get back on the right track by purchasing a valid license."
uhm... hi. My name is _________ and I'VE NEVER PURCHASED A COPY OF WINDOWS IN MY LIFE!
/. story. Most anyone in this community would know where to go to get a windows key if they needed one.
let's see here...
Windows 98, got key from a friend
Windows 98 SE, got key from a friend
Windows ME, got key from a friend, uninstalled the next day
Windows 2000, found a key on an altalavista search
Windows 2000 Server, "borrowed" a key from work
Windows XP Pro, hello mr. corporate no-registration key
Don't get me started on other microsoft products. Office XP has its own registration work-arounds as well.
I'm just surprised this made it to a
I would think this would be expected for any and all releases of software microsoft puts out. Hell, we can get software from my school for so dirt cheap, ($30 for Windows XP Pro) they might as well give it away for free.
"You had this look that of an angel, it was such a bad disguise" --Dishwalla
Yeah, I'm with you on that one, and it's one of the rare occasions where I'm with Microsoft too. If you're going to use Windows, pay. If you're going to use Windows servers, pay more. And if you use Windows (particularly for business) and think you don't need to pay, you should get your arse kicked.
The more people who are forced to pay, through the nose, for this shit.... the more we will see both a proliferation of open source AND a return to an active and competitive closed source software industry.
Dave
I write a blog now, you should be afraid.
>> The leaked key codes cast an unexpected shadow over the launch of Windows Server 2003 later this month. Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise. But the stolen codes show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves.
... fire-up BSA, colect the missing licences, charge as much as they want for new installation and so on.
Microsoft tactics again, nothing else. They currently need to enter the server market and push Linux out of there. So they will try with all means to increase the instaled base of the WinServer 2003 - it doesn't matter with or without licence. Later they will come with BSA and collect the fees, no doubt. The current statement has a double purpose - first to show to the world how much Microsoft is losing on piracy and second to inform the people that they can install Server 2003 without paying. The first one is typical Microsoft FUD - "We are weak, pirates rob us constantly", this will help them also in the monopoly trial. The second one says generally "Hey there is a key on the wild, just get it and install WinServer if you need it"
Are the MS executives stupid enough to beleive that a sysadmin that has received a key for installing a bunch of WinServer-s 2003 will not leak it on the Internet? No, they are smarter than anyone else when it comes to money, just the target is different - to get a maximum number of installations, become monopoly on the server market, and then
The same story is repeating again and again, they can not give WinServer 2003 for free (like InternetExplorer) because the DoJ will nail them immediately, thay can only play the "illegal but free" game and hope that the sysadmins will byte - and may will, especially in the poorer contries. So I beleave the fixed keys are built into the code exactly with the purpose to allow the "widespread piracy". Why does WinXP does not have such fixed keys? MS officials may say "Because it is a client OS, it is not installed in volumes". Bzzzzt - wrong, the clients are usually installed in volumes, the servers are usually 1 to 10 compared to the clients. The answer is because MS has already monopoly on the client side, they do not need new installations, they need money for the existing ones. The server market is different, MS needs "piracy" in order to become the de-facto standard on the server.
What if FSF GPG private key leaked? Would that be nice?
:-) = I am happy
:^) = I am happy with my big nose
C:\> = I am happy with my OS
Posts here seem to suggest that everybody who knows what a keyboard is, can find a Key using nowt but a search engine. So who benefits from the publicity?
Software pirates? They already knew.
People who don't like Microsoft? Good for a laugh for about half a second, I guess...
Microsoft? More people with experience using their servers? Right now if you're a poor student you're likely to know a thing or two about Linux server configuration, especially since you can do it with a box you bought for $20. Or BSD...
Microsoft again? Hey, a media storm for the ingnorant to support this Pallid Big Brother nonsense? Or is that too cynnical..?
No more security patches for Fully paid up NT licences. Hmmm...
You pays your money, and you takes your choice...
apt-get lacks the option "stuffed" It's a feature.
I don't hate them, the sheer speed at which really useful application can be developped in Excel VBA is a breakthrough. (XL97 is just fine, upgrade? Why?) But then Excel has all those unstable algorithms in their stats functions that everybody has known about for years and years...
I've been given X, Gnome & KDE. Now Give me VBA in OOo, Gnumeric or Kspread, & I'll give you Linux, Undisputed king of the office desktop.
Would the lawyers be able to do much if you said "it's the ascii equivalent of the numbers between the xth and yth digits of pi"?
Well, I think you forget one huge fact:
Pirated copies are very important for the distribution of Microsoft products.
There are of course ways to improve security - why still use such general keys? Look at e.g. Mathematica, they have far better protection mechanisms.
I postulate that piracy is tolerated and helpful for Microsoft, they will never try to generally stop it. They have of course their ways to reduce piracy, especially by intimidation and bad conscience.
The more the Microsoft monopoly grows, the more they can pressure and reduce software pirates without losing market share.
You will see: Palladium/TCPA will also not stop piracy.
I would not wonder if Microsoft released this key by themselves..
Although I don't have a proof for this, any sequence of numbers can be found in the digits of pi. (obviously some sequences will take much longer to find than others). Thus with a LOT of searching you could find a sequence of numbers that when encoded into characters using ASCII rules (65 as A, 108 as z, ect) correspond exactly to a valid Win2003 Server serial.
If it is true that every possible sequence of numbers exists within PI, then why not just take the sequence which corresponds to the cracked Win2003 installer binary?