Language Selection

English French German Italian Portuguese Spanish

Exploit Allows Windows XP Piracy

Filed under
Microsoft

There's a major chink in Microsoft's Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.

A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.'s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.

Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.

Mohanty's findings come as the world's largest software maker prepares a mandatory rollout of the program.

Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.

If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.

A Microsoft spokesperson on Monday confirmed Mohanty's findings but insisted that the weakness presented no real threat to the company's attempts to strangle software pirates.

The spokesperson said there were no plans to modify the way WGA works, even after Mohanty's public demonstration, which was posted on a high-profile security mailing list.

Full Story.

More in Tux Machines

Linux evolution

We’re picking our best Linux distributions for 2014. It’s always an odd task and this year we’ve decided to take the chance to delve into the genus behind the distros that we use every day. We’ve been inspired by the GNU/Linux Distribution Timeline at http://futurist.se/gldt which we’ve mentioned before, and decided that we’d explore why the major families in the GNU/Linux world sprang up and how they’ve evolved over the years. Read more

Open source more about process than licensing

It is a testament to the success of the Open Source Initiative's (OSI) branding campaign for open source software that "open source" and "licensing" are functionally synonymous. To the extent that people are familiar with open source software, it is the source code released under a license that lets anyone see the "crown jewels" of a software program as opposed to an opaque binary, or black box that hides its underpinnings. Read more

First open source enterprise resource planning app for Drupal unveiled

ERPAL for Service Providers is the world's first open source ERP built on Drupal, a popular content management system. Read more

Eight Key Open-Source Internet of Things Projects

Open source is key to the development of the Internet of things (IoT). Therefore, the Eclipse Foundation is taking a hard look at IoT for Java developers. In fact, the Eclipse IoT community is making it easier for Java developers to connect and manage devices in an IoT solution by delivering at JavaOne 2014 an open IoT stack for Java developers. Based on open source and open standards, the Eclipse Open IoT Stack for Java simplifies IoT development by enabling Java developers to reuse a core set of frameworks and services in their IoT solutions. In addition to the core Open IoT Stack, a set of industrial frameworks are available to accelerate the process of creating home automation and SCADA factory automation solutions. "Our goal with this is to ensure that Java developers have a free and open-source platform for building IoT solutions," said Mike Milinkovich, executive director of Eclipse. Read more