<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d13691723\x26blogName\x3daryveron\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://tyazmanians.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://tyazmanians.blogspot.com/\x26vt\x3d-7157851199588912654', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Tuesday, August 02, 2005

Hackers Crack Microsoft's Antipiracy System

Windows Genuine Advantage system first exploited within 24 hours of its launch.

Microsoft says that hackers managed to bypass a process it had implemented several days ago to ensure that users of Microsoft's update services possessed legitimate copies of Windows before they could download updates and content from those services.

A posting on the Boing Boing blog claimed that a JavaScript command string could bypass a check that Microsoft instituted Wednesday through the Windows Genuine Advantage 1.0 program.
According to the posting, users can override the WGA by pasting the string javascript:void(window.g_sDisableWGACheck='all') in the address bar of their browser and pressing Enter. The code "turns off the trigger for the key check," according to the blog posting.
Quick Work
The WGA program requires users to run a program verifying that their Windows operating system is not pirated, before they can use Microsoft's software update services. Microsoft had been running it as a pilot program since September 2004 but made the validation system a requirement just last Wednesday.
A Microsoft spokesperson conceded on Friday that hackers had indeed succeeded in cracking the WGA program, but said that the software giant will fix the flaw they exploited in an upcoming version of the WGA program.
The exploit came soon after Wednesday's launch of the program, the spokesman said. "Within 24 hours, hackers claimed to have circumvented the process and it appears that they did," he said. "This is a hack that exploits a feature that enables repeat downloads in the same session so that a hacker never has to validate as a genuine user," he said.
The move to lock out pirated copies of Windows from the update sites is part of Microsoft's effort to fight software piracy, a major issue for the software vendor.
Easy Hack?
The Boing Boing hack is not the only way to get around WGA's restrictions.
David Keller, founder of PC consulting and services firm Compu-Doctor in Cape Coral, Florida, was able to change his Internet Explorer settings to bypass WGA when he ran into a flaw in the program that flagged a legitimate product key on a customer's Windows XP Professional Service Pack 2 as invalid.
"The customer was the original owner, no hardware was changed since purchase, nor was Windows ever reinstalled on the system," Keller said in an e-mail to the IDG News Service. WGA had rejected the operating system, nevertheless, thereby preventing Windows Update from working, he said.
Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the Windows Genuine Advantage add-on within his browser's Internet Options. By clicking on Tools/Internet Options/Programs/Manage Add-ons, Keller disabled the WGA add-on. He then exited Internet Explorer and was able to do a Windows Update without completing the validation step.

Elizabeth Montalbano and Robert McMillan, IDG News Service


Post a Comment

<< Home