Return-Path: <sentto-279987-3692-1004533652-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 31 Oct 2001 05:09:08 -0800 (PST) Received: (qmail 26067 invoked by uid 510); 31 Oct 2001 13:06:58 -0000 Received: from n3.groups.yahoo.com (216.115.96.53) by 204.181.12.215 with SMTP; 31 Oct 2001 13:06:58 -0000 X-eGroups-Return: sentto-279987-3692-1004533652-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by n3.groups.yahoo.com with NNFMP; 31 Oct 2001 13:07:33 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 31 Oct 2001 13:07:32 -0000 Received: (qmail 78108 invoked from network); 31 Oct 2001 13:07:32 -0000 Received: from unknown (10.1.10.27) by 10.1.1.221 with QMQP; 31 Oct 2001 13:07:32 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 31 Oct 2001 13:07:32 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9VD7eY11191 for iwar@onelist.com; Wed, 31 Oct 2001 05:07:40 -0800 Message-Id: <200110311307.f9VD7eY11191@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 31 Oct 2001 05:07:40 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Pirated.Copies.Of.Windows.XP.Pose.Security.Risk.-.Microsoft] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Pirated Copies Of Windows XP Pose Security Risk - Microsoft By Steve Gold, Newsbytes, 10/30/2001 <a href="http://www.newsbytes.com/news/01/171651.html">http://www.newsbytes.com/news/01/171651.html> Microsoft [NYSE:MSFT] has confirmed that pirated copies of its Windows XP operating system exist on the Web, but warned users of the potentially serious security risks they run if they download and install the software. Microsoft's warning comes in the wake of IT security firm Bit-Arts' claims that cracked versions of the commercial edition of WinXP started appearing on the Net within hours of the new operating system being put on sale last week. Duncan Reid, Microsoft's U.K. and Ireland product licensing manager, told Newsbytes that the software giant is continuing to monitor instances where the WinXP product activation system appears to have been compromised. So far, while allegedly cracked editions have appeared on the Web for download, Reid said that they appear to be "imaged" or similar copies of a volume license edition. "When we developed product activation, we designed it for retail customer applications and not for major commercial customers. So far as we're aware, the product activation system itself has not been compromised," he said. Reid acknowledged that there are imaged copies of WinXP available on several Web sites, but warned that, by downloading these pirate editions, users leave themselves wide open to viruses and other malicious code if they then install the rogue editions. John Safa, chief technology officer of Bit-Arts, who has been monitoring developments on the WinXP product activation front for some time, told Newsbytes Usenet postings last week indicated that the anti-piracy system on WinXP has been thoroughly cracked. The problem, Safa said, stems from the Microsoft's choice to ship an unprotected version of WinXP to major companies, while its small business and consumer versions have the product activation function. "This (product activation feature) stops users installing the operating system on more than one machine, but crackers have done a byte-by-byte comparison between the major company and the protected edition. From there, it's obviously been a simple matter to take the protection code out of the software," he said. Because of Microsoft's claims that its product activation system had not been compromised, Safa said that his research staff purchased a single user copy of WinXP from a local store earlier today and installed the operating system. "Our IT team has been running the WinXP cracker utility with the operating system and we can confirm the product activation system has been compromised," he said, adding that he was not pleased with Microsoft's claims the system remains intact. "We've told Microsoft of our findings. We've been trying to help them, and now they're saying the system hasn't been compromised. It has," he said. Safa obtained the cracker utility, which is about 250 kilobytes long, by running a search on the Web using Morpheus - a file sharing Internet utility - late yesterday. The utility, he said, allows protected versions of WinXP to be fooled into thinking it is always day zero of the 14-day introductory period since XP was installed on a users' PC. Safa said that Microsoft's use of the product activation system on WinXP has effectively thrown down a challenge to the software cracking community. That strategy may have backfired on Microsoft, he added, as there are now pirate versions of XP - and utilities - widely available on the Internet. Bit Arts' Web site is at http://www.bitarts.com ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST