Language Selection

English French German Italian Portuguese Spanish

Exploit Allows Windows XP Piracy

Filed under
Microsoft

There's a major chink in Microsoft's Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.

A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.'s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Mohanty's findings come as the world's largest software maker prepares a mandatory rollout of the program.

Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.

If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.

A Microsoft spokesperson on Monday confirmed Mohanty's findings but insisted that the weakness presented no real threat to the company's attempts to strangle software pirates.

The spokesperson said there were no plans to modify the way WGA works, even after Mohanty's public demonstration, which was posted on a high-profile security mailing list.

Full Story.

More in Tux Machines

Development News

OSS Leftovers

  • The most in demand skills you need for an open source job
    With coding and software development in serious need of talent, it’s essentially a graduate’s market, but you still need the right combination of skills and attributes to beat the competition. When it comes to open source and DevOps, a deeper understanding is essential.
  • Why the Open Source Cloud Is Important
    To this end, foundations such as the Cloud Foundry Foundation, Cloud Native Computing Foundation (CNCF) and Open Container Initiative (OCI) at The Linux Foundation are actively bringing in new open source projects and engaging member companies to create industry standards for new cloud-native technologies. The goal is to help improve interoperability and create a stable base for container operations on which companies can safely build commercial dependencies.
  • AI Platforms Welcome Devs With Open Arms
    Two leaders in the field of artificial intelligence have announced that they're open-sourcing their AI platforms. After investing in building rich simulated environments to serve as laboratories for AI research, Google's DeepMind Lab on Saturday said it would open the platform for the broader research community's use. DeepMind has been using its AI lab for some time, and it has "only barely scratched the surface of what is possible" in it, noted team members Charlie Beattie, Joel Leibo, Stig Petersen and Shane Legg in an online post.
  • The Linux Foundation Seeks Technical and Business Speakers for Open Networking Summit 2017
  • Pencils down: Why open source is the future of standardized testing
    Administering standardized tests online is trickier than it sounds. Underneath the facade of simple multiple choice forms, any workable platform needs a complex web of features to ensure that databases don’t buckle under the pressure of tens of thousands of test takers at once. On top of that, it also needs to ensure that responses are scored correctly and that it’s impossible for students to cheat.
  • LLVM 4.0 Planned For Release At End Of February, Will Move To New Versioning Scheme
    Hans Wennborg has laid out plans to release the LLVM 4.0 (and Clang 4.0, along with other LLVM sub-projects) toward the end of February. The proposal by continuing LLVM release manager Hans Wennborg puts the 4.0 branching followed by RC1 at 12 January, RC2 at 1 February, and the official release around 21 February.

Red Hat and Fedora

Games for GNU/Linux