Language Selection

English French German Italian Portuguese Spanish

Exploit Allows Windows XP Piracy

Filed under
Microsoft

There's a major chink in Microsoft's Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.

A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.'s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Mohanty's findings come as the world's largest software maker prepares a mandatory rollout of the program.

Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.

If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.

A Microsoft spokesperson on Monday confirmed Mohanty's findings but insisted that the weakness presented no real threat to the company's attempts to strangle software pirates.

The spokesperson said there were no plans to modify the way WGA works, even after Mohanty's public demonstration, which was posted on a high-profile security mailing list.

Full Story.

More in Tux Machines

The Companies That Support Linux: MariaDB

MariaDB Corporation is a provider of open source database solutions for SaaS, cloud and on-premise applications that require high availability, scalability, and performance. Built by the founder and core engineering team behind MySQL, MariaDB has more than 2 million users globally and over 500 customers in more than 45 countries -- most of whom are running Linux. Read more

UK health service nurtures open source communities

The UK’s National Health Service (NHS) is nurturing a growing number of communities of software developers working on open source solutions. NHS’ Code4Health team is now supporting 17 communities that bring together health care providers, developers and supporters. Read more

LG's got a flip phone that runs Android Lollipop

Flip phones aren't just for retro hipsters and the elderly anymore... well, actually they kind of are. But they're super popular in Asia, and now you can get one that'll run the latest apps: LG's Gentle flip phone. The faux-leather adorned device is running a bleeding edge version of Android 5.1 Lollipop and packing 4G LTE. Otherwise, it's not exactly a power-user's dream with a 3.2-inch 480 x 320 screen, 3-megapixel rear camera, 4GB of (expandable) storage and 1GB of RAM. But for just 20 million won ($175) it would make a fine second phone, provided you live in Korea -- it's unlikely to come here, and similar flip phones can be pricey to import. Read more

Next-gen Android One phone launches in India for $176

The Lava Pixel V1 offers a solid value for the price, combining mid-range hardware with the latest Android software updates from Google. Read more