Slashdot Mirror
Vista Activation Cracked by Brute Force
Bengt writes "The Inquirer has a story about a brute force Vista key activation crack. It's nothing fancy; it's described as a 'glorified guesser.' The danger of this approach is that sooner or later the key cracker will begin activating legitimate keys purchased by other consumers. From the article: 'The code is floating, the method is known, and there is nothing MS can do at this point other than suck it down and prepare for the problems this causes. To make matters worse, Microsoft will have to decide if it is worth it to allow people to take back legit keys that have been hijacked, or tell customers to go away, we have your money already, read your license agreement and get bent, we owe you nothing.'"
The commentator on the Inquirer Web site is obviously a total boob (trying to use a British-sounding insult). He's cheering theft which in its own right is sleazy. Worse, he seems to be happy that the legitimate and paying Windows Vista customers are going to be at best confused and worst case screwed because some idiot stole their key. I totally don't understand the bizarre perception that software thievs are somehow Robin-hood-like characters. They're the 21st century equivalent of pick-pockets.
"as someone who has worked on systems such as these (oh the inhumanity!) we have looked at this particular attack vector. Yes, it is possible. But, when you consider the size of the activation code domain (quadrillions or more of combinations), with the number of legitimate keys (hundreds of millions), and the fact that each request takes some amount of time (a few seconds), it's not too big of a risk. A risk? yes. But there are lots of risks. This is just another one to be put on the list, watched, and mitigated against (as others have said, with blocked IPs and so forth)."
Obviously someone else who didn't read either the article OR all the other user comments - no net connection required to generate the keys - the attempts to change the key are done locally; after a successful local key change, submit the new key for activation.
Blocked IPs won't do jack shit for such a scheme.
Also, you're not trying to find a specific key that works, just one of many, so even with a huge wrong-key space, you'll get a favourable collision with a valid key sooner, rather than later. Its like the same-birthday problem.
Or they could NOT loosen up activation, and it would be a hindrance to all legitimate users.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
The problem of generated keys and conflict with legit keys isn't new, so we already know what happens. The same existed for XP -- plus the added collison of dishonest OEM's selling one legit serial number to 100 different people who bought their computers with XP preinstalled -- and we already know what Microsoft chose: to not annoy the paying customers. What it did try to do was go after the OEM's who did that, but _not_ after the victims. The victim never had to do more than call an (automated) telephone number and get another key. It's always been that simple.
Yes, there have been some fucktards too historically, but MS was sane about it so far. I'm not saying they're saintly or anything, feel free to still be anti-MS if it makes you feel any better. Just that their sane. Even if you want to see them as some kind of super-willain, well, as super-villains go, MS was the _sane_ kind so far. The kind who's read the evil overlord's list, not the random lunatic kind. It knows when _not_ to do something that would damage itself very quickly.
Look, there are plenty of real reasons to whine about MS, no need to invent bullshit FUD scenarios. That kind of going into bullshit fantasy land, just to have something bad to say about MS, just damages the credibility of the real complaints.
A polar bear is a cartesian bear after a coordinate transform.
The irony is that this is an example where IP theft *is* actually taking the original out of commission.
Unlike duplicating an mp3, here the original copy is no longer usable. It isn't just making another copy for yourself and leaving the original functional.
But the victim is MS or their customers, so it must be ok.
In which case there will be lawsuits and EULA's will be challenged and a companies responsibility to it's consumers will be better defined. Sounds like a win-win scenario here, as much as anything in regards to this can be called a win.
So you imagine he probably works for a non-commercial software company?
Regardless, its copyright infringement, not 'theft' and not 'piracy'. Its really quite simple, theft is when you physically take something that doesn't belong to you. Copyright infringement is, amongst other things, when you make a copy of something you aren't authorized too.
In fact in this case the real issue isn't even copyright infringement. Suppose I use this keygen on legally purchased software. What laws are being broken?
I didn't 'steal' your key, I happened to come up with the same number MS assigned to someone else independantly. Hell, I might have come up with the number before MS, which, if anything, would make it -my- intellectual property; and MS would be infringing my copyright by issueing you "my" key string.
Which is of course absurd.
When it's Microsoft's long costly lawsuit?
Sorry, couldn't resist.
In the end though, this sort of corporate behavior is hugely annoying. Microsoft rose to the top partly because it looked the other way on unlicensed use of it's products, and now that it's the standard, it's trying to lock down. Well, the problem is, now there is a huge group of people who have a vested interest in using that software for free, and there is no way that they're going to beat them using a purely technical solution...Crackers are proving that on a daily basis.
Smarter of them to leave things as they were.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
If I have nothing to hide, you have no reason to search me
The irony is that you think violations of IP is theft.
The person who brute force discovers and uses someone else's code is not the one causing their Copy of Windows to be invalidated. Microsoft is doing that.
This is a very important distinction.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"