Language Selection

English French German Italian Portuguese Spanish

M$ throwing in the towel?

Filed under
Microsoft

Barely a fortnight after hackers got into its new anti-piracy program, Microsoft says it has gone back to the drawing board in its efforts to crack down on users of pirated copies of Windows XP downloading free updates.

A few months back, Microsoft unveiled a way of establishing whether users accessing free downloads had a genuine copy of Windows. However, those with pirated copies were not prevented from downloading updates.

Then late last month, Microsoft announced new restrictions, in the form of the program Windows Genuine Advantage. When a user began downloading updates, WGA scanned the PC to see if it had a genuine licence key.

But barely 24 hours after the announcement, simple code to bypass the check - a line of Javascript - was posted on the internet.
Within a week, two more methods had been posted to different sites.

A Microsoft spokesman said it was important to note that the issue was not a security vulnerability and customers were not at risk.

He said WGA was not designed to catch counterfeiters or prevent hacks. "Its intent is to help innocent customers realise the full value of authentic Windows software while protecting investments made by our partners."

Full Article.

More in Tux Machines

Red Hat and Fedora

Linux Kernel News

  • Linux Foundation smushes two smaller projects together to form Open Networking Automation Platform
    The Linux Foundation announced yesterday that it had combined open source ECOMP and the Open Orchestrator Project into ONAP, the Open Networking Automation Platform, with the aim of helping users automate network service delivery, design, and service through a unified standard. Jim Zemlin, executive director of the Linux Foundation, said that ONAP should be a boon to enterprise IT departments, thanks to improved speed and flexibility.
  • Linux Foundation merges Open Source ECOMP, OPEN-O, further harmonizes virtualization group efforts
    Open source ECOMP and the Open Orchestrator Project (OPEN-O) have merged to create the new Open Network Automation Platform (ONAP) Project, further harmonizing the ever-growing array of disparate virtualization groups. ONAP will allow end users to automate, design, orchestrate, and manage services and virtual functions.
  • I am a Cranky, White, Male Feminist
    Today, I was re-reading an linux.com article from 2014 by Leslie Hawthorne which had been reshared by the Linux Foundation Facebook account yesterday in honor of #GirlDay2017 (which I was regrettably unaware of until it was over). It wasn’t so much the specific content of the article that got me thinking, but instead the level of discourse that it “inspired” on the Facebook thread that pointed me there (I will not link to it as it is unpleasant and reflects poorly on The Linux Foundation, an organization which is in most circumstances largely benevolent).
  • encyclopedia snabb and the case of the foreign drivers
    Peoples of the blogosphere, welcome back to the solipsism! Happy 2017 and all that. Today's missive is about Snabb (formerly Snabb Switch), a high-speed networking project we've been working on at work for some years now. What's Snabb all about you say? Good question and I have a nice answer for you in video and third-party textual form! This year I managed to make it to linux.conf.au in lovely Tasmania. Tasmania is amazing, with wild wombats and pademelons and devils and wallabies and all kinds of things, and they let me talk about Snabb.

Security News

  • Security updates for Friday
  • [Older] Microsoft Delays February Patch Tuesday Updates Until Next Month
    It was created by Microsoft as a way to have a standard delivery date/schedule for updates that were being provided for the companies software. This allowed a lot of stability for users and IT Pros so they could be prepared for the monthly distribution oof the updates. Well this month Microsoft has hit a snag with their monthly Patch Tuesday.
  • Watershed SHA1 collision just broke the WebKit repository, others may follow
    The bug resides in Apache SVN, an open source version control system that WebKit and other large software development organizations use to keep track of code submitted by individual members. Often abbreviated as SVN, Subversion uses SHA1 to track and merge duplicate files. Somehow, SVN systems can experience a severe glitch when they encounter the two PDF files published Thursday, proving that real-world collisions on SHA1 are now practical.
  • Cloudflare Reverse Proxies are Dumping Uninitialized Memory
    Thanks to Josh Triplett for sending us this Google Project Zero report about a dump of unitialized memory caused by Cloudflare's reverse proxies. "A while later, we figured out how to reproduce the problem. It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse for reasons I'll explain later). My working theory was that this was related to their "ScrapeShield" feature which parses and obfuscates html - but because reverse proxies are shared between customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security. "
  • Secure your system with SELinux
    SELinux is well known as the most sophisticated Linux Mandatory Access Control (MAC) System. If you install any Fedora or Redhat operating System it is enabled by default and running in enforcing mode. So far so good.

Android Leftovers