Exploit Allows Windows XP Piracy

There's a major chink in Microsoft's Windows XP anti-piracy armor, although Windows users are not at risk of security attacks.
A security researcher in India has discovered an uncomplicated and easy-to-exploit weakness in Microsoft Corp.'s WGA (Windows Genuine Advantage), an anti-piracy initiative that checks whether consumer and small-business customers are running legitimately licensed copies of Windows XP.
Debasis Mohanty, a private vulnerability researcher and analyst of malicious programs, published a detailed proof-of-concept demonstration to show how the WGA validation check can be defeated to generate key codes for use on illegal copies of Windows XP.
Mohanty's findings come as the world's largest software maker prepares a mandatory rollout of the program.
Microsoft has been testing the Genuine Advantage program through its Download Center, where users are urged to validate their copies of XP before obtaining certain software updates, patches and fixes.
If users decide against validating, they are still allowed to obtain the requested downloads, but later this summer updates will only be pushed out to valid copies. Security updates will not require validation, even after WGA goes mandatory.
A Microsoft spokesperson on Monday confirmed Mohanty's findings but insisted that the weakness presented no real threat to the company's attempts to strangle software pirates.
The spokesperson said there were no plans to modify the way WGA works, even after Mohanty's public demonstration, which was posted on a high-profile security mailing list.
-
- Login or register to post comments
Printer-friendly version
- 2164 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
You Can Now Buy the PinePhone Mobian Community Edition Linux Phone
PinePhone Mobian Community Edition is powered by Mobian Linux, which offers a pure Debian GNU/Linux experience on the Linux phone, and uses the Phosh (Phone Shell) user interface by default, which is based on the GNOME Stack and developed by Purism for their privacy-focused Librem 5 Linux smartphone.
PinePhone Mobian Community Edition is built from plastic and features the Debian logo on the back. It features a generous 5.95-inch HD IPS capacitive display with 16M colors, 1440×720 pixels resolution, and 18:9 ratio.
| Today in Techrights
|
Shows/Videos: GNU/Linux News, ONLYOFFICE, LibreWolf, and AwesomeWM
| Linux 5.10.8 Kernel Released - Finally Fixes That Btrfs Performance RegressionLinux 5.10.8 is out today as the latest stable release for the Linux 5.10 LTS series. Making this point release notable is that it finally addresses the 5.10 Btrfs performance regression.
As noted back on Christmas, Linux 5.10 was seeing significant slowdowns on Btrfs. For simply unpacking a Linux kernel source .tar.zst file it could easily take multiple times longer on this stable kernel version.
While patches for addressing this poor Btrfs behavior on Linux 5.10 were floating around since before the end of the year, it's taken until now to get them tested and queued up for mainline integration. Linux 5.11 meanwhile has a plethora of Btrfs improvements.
|
Recent comments
3 hours 46 min ago
3 hours 49 min ago
10 hours 12 min ago
10 hours 23 min ago
21 hours 51 min ago
22 hours 45 min ago
1 day 5 hours ago
1 day 6 hours ago
1 day 7 hours ago
1 day 7 hours ago