Language Selection

English French German Italian Portuguese Spanish

Exploit Allows Windows XP Piracy

Filed under
Microsoft

There's a major chink in Microsoft's Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.

A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.'s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Mohanty's findings come as the world's largest software maker prepares a mandatory rollout of the program.

Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.

If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.

A Microsoft spokesperson on Monday confirmed Mohanty's findings but insisted that the weakness presented no real threat to the company's attempts to strangle software pirates.

The spokesperson said there were no plans to modify the way WGA works, even after Mohanty's public demonstration, which was posted on a high-profile security mailing list.

Full Story.

More in Tux Machines

today's leftovers

Proposed: A Tainted Performance State For The Linux Kernel

Similar to the kernel states of having a tainted kernel for using binary blob kernel modules or unsigned modules, a new tainting method has been proposed for warning the user about potentially adverse kernel performance. Dave Hansen of Intel has proposed a new "TAINT_PERFORMANCE" for the kernel that would proactively print a warning message about not using the kernel for any performance measurements. Dave explained in his RFC announcement, "I have more than once myself been the victim of an accidentally-enabled kernel configuration option being mistaken for a true performance problem. I'm sure I've also taken profiles or performance measurements and assumed they were real-world when really I was measuring the performance with an option that nobody turns on in production. A warning like this late in boot will help remind folks when these kinds of things are enabled." Read more

Scientific Linux 7.0 x86_64 BETA 3

Fermilab's intention is to continue the development and support of Scientific Linux and refine its focus as an operating system for scientific computing. Today we are announcing a beta release of Scientific Linux 7. We continue to develop a stable process for generating and distributing Scientific Linux, with the intent that Scientific Linux remains the same high quality operating system the community has come to expect. Please do not install Pre-Release software in your production environment. Read more

Ubuntu 14.10 (Utopic Unicorn) Now Features Linux Kernel 3.16.1

"The Utopic kernel has been rebased to the first v3.16.1 upstream stable kernel and uploaded to the archive, ie. linux-3.16.0-9.14. Please test and let us know your results," says Canonical's Joseph Salisbury, after the latest Ubuntu Kernel Team meeting. Read more