Slashdot Mirror
Windows Key Leak Threatens Mass Piracy
lou_soyur writes "A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet. Rampant piracy sure to follow fears Microsoft, so it's a safe assumption that their lawyers "would scour the Internet looking for the leaked code". The joy of closed source security at work."
I don't think leaks have anything to do with whether it is open or closed.
Of course the key was going to be leaked- it was only a matter of time. It's the same way with all key based systems. Microsoft will still make just as much money as ever. (Keys were leaked all the time before product activation anyway) the poster spins this as though this is going to cause mass hysteria and pandemonium. What is meant by "closed source security"? An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
The apparent owner of the 'leaked' key has disappeared today. Microsoft states there is absolutely no connection between the 2 events...
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
Anybody who needs to run this server edition of windows is going to pay for it and probably buy a support contract to boot. Joe Downloader who decides he wants to run Windows 2003 on his piddly two generation old machine just to show how cool he is would never ever pay for 2003 in the first place, he'd just stick with the XP Home edition that his machine came bundled with.
Mountains out of Molehills, or should that be mothballs in the case of a microsoft losing market dominance?
When information is power, privacy is freedom.
There are probably ten or fifteen leaked keys by now. Finding Windows keys isn't difficult, and never has been. Why is this news?
I think the reason why this is such a big deal is because, if you read the article, it is a key that can be used to install Windows Server 2003 WITHOUT activating it on the internet. It is a multi-license key usually given to system builders and the like. I think Microsoft is correct in stating that this will lead to more piracy since the key can be used on an "unlimited" amount of machines.
The poster forgot to link to the leaked key. A fix would be appreciated.
Only a scurvy dog would run the likes of this barnacle cover OS, yar.
(From the article)
Those copies of the software installed using the leaked code "won't be able to install future updates or service packs of access Windows Update," the spokeswoman said.
"They're caught between a rock and a hard place," Cherry said.
It's funny.. she's basically saying "Yes, they can install the retail version BUT they are screwed when all of our security holes and bugs are found." She seems to imply that if you don't update Win2k3 (note this is stated before it is even released!) you are going to have a junky product. Funny stuff.. only Microsoft.
"Windows Key Leak threatens mass piracy"
If I'm reading it correctly (2am w/o coffee) it seems that the subject of the sentence --Windows Key Leak-- is acting --threatens(threaten)-- on the predicate --mass piracy--.
If MS is worried about piracy, shouldn't they leak *more* codes?
$cat
I still don't want it!
Erm, no, because as the article ALSO states, the same case was tru for Windows XP, Corp. Vol. license keys were out before the retail package was!
This is absolutely no different for the last....well....five Windows launches.
There has ALWAYS been a key readily available even after WPA. And WPA has never been a problem. Sure SP1 blocked TWO popular keys but do you have any idea how many people have friends in IT depts. with access to keys?
Me, my brother in law, my roomate, his brother, my brother, my brother in laws brother, his friend, my cousin, three of my other friends.
ALL of us have access to different volume license keys.
It's about as safely gaurded a number as you can get, short of plastering them on billboards and busses.
"The saddest words of mice and men, are not those which were, but should have been."
Each pirated version of Windows running is one less copy of Linux or other variant OSes running. In order of their preferences, 1) Legit MS 2) Pirated MS 3) Alternative OS So they almost approve piracy.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
posting working serials here on slashdot? or are they all fake?
well try this, does it make sense?
Join the crowd
Build a tower
8 meters to the right
8 meters to the left
Forty meters in height
-
Wait for good weather
Tear down the tower
2 people will help
Questions will follow
3 days just have passed
-
Does anybody wonder
Probably
X is a hard letter
T is much better
Together they fit
-
You should know already
8 again a typo?
Good lord it's fun
Help them spread there software
Greed is a sin
-
7 sins there are
You should have got it now
You remember that 'fuck you' tombstone?
Questions?
You got it.
Security is only as strong as the weakest part, and I seriously doubt that's with the encryption algorithm here. Remember this system is not designed to protect your computer from outside threats (like SSH, etc), it is to protect the operating system from the user. The threat model and problem being solved are entirely different.
Why attack the encryption algorithm directly? Instead reverse engineer and bypass the parts of the OS that invoke the license checks. Or fool the probes which try to determine your hardware signatures. "Borrow" a key. Or for that matter just be sure to run IIS, as it lets perfect strangers run any applications they want on your computer, it should just as easily let you use your own computer too without any security checks :-)
I do have two important observations though:
But I think you just made that up
Unless you know something we don't
Like you work for Microsoft
Less chance of actually having a third valid serial
So it seems, anyway
Hey, or maybe you just nicked it from work
I still don't believe you
Thanks and goodbye!
>> The leaked key codes cast an unexpected shadow over the launch of Windows Server 2003 later this month. Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise. But the stolen codes show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves.
... fire-up BSA, colect the missing licences, charge as much as they want for new installation and so on.
Microsoft tactics again, nothing else. They currently need to enter the server market and push Linux out of there. So they will try with all means to increase the instaled base of the WinServer 2003 - it doesn't matter with or without licence. Later they will come with BSA and collect the fees, no doubt. The current statement has a double purpose - first to show to the world how much Microsoft is losing on piracy and second to inform the people that they can install Server 2003 without paying. The first one is typical Microsoft FUD - "We are weak, pirates rob us constantly", this will help them also in the monopoly trial. The second one says generally "Hey there is a key on the wild, just get it and install WinServer if you need it"
Are the MS executives stupid enough to beleive that a sysadmin that has received a key for installing a bunch of WinServer-s 2003 will not leak it on the Internet? No, they are smarter than anyone else when it comes to money, just the target is different - to get a maximum number of installations, become monopoly on the server market, and then
The same story is repeating again and again, they can not give WinServer 2003 for free (like InternetExplorer) because the DoJ will nail them immediately, thay can only play the "illegal but free" game and hope that the sysadmins will byte - and may will, especially in the poorer contries. So I beleave the fixed keys are built into the code exactly with the purpose to allow the "widespread piracy". Why does WinXP does not have such fixed keys? MS officials may say "Because it is a client OS, it is not installed in volumes". Bzzzzt - wrong, the clients are usually installed in volumes, the servers are usually 1 to 10 compared to the clients. The answer is because MS has already monopoly on the client side, they do not need new installations, they need money for the existing ones. The server market is different, MS needs "piracy" in order to become the de-facto standard on the server.
A couple of things
1) Open Security != Open Source
2) Open Source != No Key (PGP ring any bells ?)
So just to clarify
1) If I create an SDA using PGP this is Open Source Software with a key
2) There are closed source security elements that have put their code out for review, including by the Goverment
3) Red Hat give you a key to access their premium rate support.
4) You made a glib comment that hit the MS Bad, OSS good Slashdot button and got modded up
5) This just means there are lots of people on Slashdot who don't understand this either.
Sheesh, you can have key restricted open source software, that is the idea of privacy and security for starters, the whole aim of VPNs etc etc. The issue here is in part _how_ the key (think private key) is issued. What MS want to do is make it simple for volume installers. Now what they could do is supply a bunch of USB keys to these volume suppliers that must be inserted during install. So give them 20, or 30, or whatever ghosting 30 at a time is a reasonable upgrade plan (no-one in a large company goes overnight for a total upgrade).
The issue is 1) Process 2) The nature of the security.
NOT whether its open or closed source.
An Eye for an Eye will make the whole world blind - Gandhi
Hi, I need a serial for the latest Linux kernel, version 2.4.20, the old serial doesn't work anymore. I'd prefer a keygen over a crack.. TIA!!
:)
*now waits for the obligatory 'Me too!!' posts*
Posts here seem to suggest that everybody who knows what a keyboard is, can find a Key using nowt but a search engine. So who benefits from the publicity?
Software pirates? They already knew.
People who don't like Microsoft? Good for a laugh for about half a second, I guess...
Microsoft? More people with experience using their servers? Right now if you're a poor student you're likely to know a thing or two about Linux server configuration, especially since you can do it with a box you bought for $20. Or BSD...
Microsoft again? Hey, a media storm for the ingnorant to support this Pallid Big Brother nonsense? Or is that too cynnical..?
No more security patches for Fully paid up NT licences. Hmmm...
You pays your money, and you takes your choice...
apt-get lacks the option "stuffed" It's a feature.
I don't hate them, the sheer speed at which really useful application can be developped in Excel VBA is a breakthrough. (XL97 is just fine, upgrade? Why?) But then Excel has all those unstable algorithms in their stats functions that everybody has known about for years and years...
I've been given X, Gnome & KDE. Now Give me VBA in OOo, Gnumeric or Kspread, & I'll give you Linux, Undisputed king of the office desktop.
After spending several hours looking over this latest release from the 'Redmondian Army of Doom', I have mixed feelings about this key as a whole but I still find myself strangely attracted to a few of it's verses. It is as if parts of it were composed by choruses of lilting angels while other parts we're slapped together with the premediation of a four year old making mud pies. Lets take a look at this new key... verse, by haunting verse, shall we?
C4C24-
What a stunning beginning! Almost symetrical, yet still off balance even with the repeating C's and 4's. The 2 was a discordant shocker at first, but the more I read over it, the more I found that it acted as a 'front porch', if you will, for the firmly concluding 4.
QDY9P-
This is that "Mud Pie" verse that I alluded to earlier. After such a strong beginning with "C4C24", "QDY9P" is a total dissapointment. I think the problem here is the 9. The "QDY phrase is an intriguing start to this verse but the 9 just throws away any semblance of order.
GQJ4F-
This is without a doubt, the most playful and funky verse in the key. The central "QJ4" is a sassy and taunting invocation of some well known classical themes which takes on a whole different tone when sandwiched between the "G" and the slightly naughty "F".
2DB6G-
Probably the most memorable verse in this work, I kept humming "2DB", "2DB", "2DB", "2DB" to myself all afternoon. This cadence was a welcome change of pace and helped move this key back in the right direction toward the finale.
PFQ9W
What a triumph! This final verse had me on the edge of my seat in anticipation as each new character played on the preceeding ones with a curious mixture of both lust and fury. The "PFQ" opening is both sensual and vulgar at once, but when blended into a "Q9W" clarion call, the effect is awsome and should stand as one of the great Windows Key verses of all time.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
In the land before time, or rather, the world of software before Windows XP, Microsoft OS's didn't require activation, but they did require CD Keys. Mostly this was a fiasco as ANY legitimate cd key could be used ANY number of times for that version of the software. Many will remember the NT4 days and the ever-popular 111-1111111. Microsoft got smarter for Windows 2000, but not by much. The not-so-easily-forged 25 character cd key introduced with Windows 98 was used, which at the very least prevented people from making up cd keys. However, it was soon discovered that with a simple change of no more than TWO characters to an easily-editable text file, the cd key requirement could be eliminated! Toss those keys away! This one made it super convenient to install Windows, and the piracy raged on. This hole is still wide open, even with the latest service pack.
Microsoft did start wising up, however. Summer of 1999 saw the first ever "activation" efforts implemented in Microsoft Office 2000 in certain markets, notably US education, Australia, and New Zealand. This was a successful pilot program and with the release of Office 2000 SR-1 in summer of 2000, all retail versions of Office 2000 incorporated this technology (known back then as "registration.") This, too, however, was quite simple to defeat using a corporate install feature normally reserved for large-scale deployments.
The release of Windows XP saw another big step forward for Microsoft's anti-productivity tools (excuse me, "anti-piracy efforts"). Same 25-character cd keys, but you have to "check in" with Microsoft to verify you haven't handed the key out to 25 of your closest friends. Windows XP activation is actually quite a bit more lenient than most people realize... you can change a significant amount of hardware and not be forced to reactivate, and the biggest secret is that if you don't check in with MS Activation servers for a period of 4 months, they'll wipe your history clean and you can activate anew with ANY hardware configuration. Enough room for even the heaviest geek to make all the changes he wants.
Once again, however, product activation was easily defeated. It wasn't long (well before the retail release for that matter) before someone got ahold of a corporate copy (no activation required) and let it loose on the net. The biggest change with Windows XP was that the difference between retail and corporate versions was a whopping 10 files, including one that was almost 13 MB. Not so easy to make your retail copy activation-free, but it can be done. The ramifications were clear: there was to be no more swapping of retail and corporate keys. It was too easy for Joe User to find a few characters on the net and defeat all the anti-piracy efforts MS had spent months developing.
And here's where we connect with the article. First of all, cd keys to install Windows Server 2003 have been out since before it was originally posted on MSDN (which, by Microsoft's own admitting, was less than 4 hours after RTM). The problem was, all those cd keys were from retail distributions which required activation. Yes, a "reset" patch was quickly coded which virtually made the activation requirement non-existent, but these things have been known to have been "corrected" in service packs. The public was clamoring for a "corp" release, which would eliminate the activation altogether. Insiders had access to the corporate release but it was worthless without a key... a key somebody was probably going to lose their job for if they divulged it. Almost a week went by, and then early yesterday morning, a key was located and the corporate release has been forthcoming. This wasn't the first key and it's not the only key, but it is special in that it is the first "volume license," or "corporate" key to be released.
The article fails to mention that the key MUST be matched with a corporate release. Once again, the unique files from retail and corporate editions are about 13 MB, but those files can be found on the web in
Microsoft keeps arguing that the purpose of Product Activation is to stop piracy. That's ludicrous:
First, weeks before XP was released there was the infamous leaked corporate copy of XP readily available for download in convenient ISO format.
Second, Microsoft stated that anyone using the leaked version of XP would not be able to update to SP1. However, a week before SP1 was released tweaktown.com had figured out and posted a way around it.
Third, now the exact same thing is happening to Windows Server 2003.
Exactly how did Product Activation stop piracy? It didn't. What does it stop? It stops what I call sharing. That's when a friend uses his copy of Windows to upgrade a friend's computer. That is what Product Activation has stopped and nothing more. (I'm not saying that sharing is OK, but it's hardly piracy!)
Maybe Product Activation is also Microsoft's attempt to get the average person used to paying for upgrades. Maybe it is a step in the direction of Palladium, i.e., getting the average person used to the idea that Microsoft controls their PC, and not the other way around. It could be a lot of things, but it is clearly NOT intended to stop real piracy.
If someone says he and his monkey have nothing to hide, they almost certainly do.