Hackers found a way around Microsoft's Windows Genuine Advantage (WGA) anti-piracy system last week, only a day after the system went into effect.
WGA requires Windows users to verify they are using a genuine copy of Windows before they are allowed to download certain software updates. Security patches aren't covered by the system, and remain available to any Windows user, legitimate or not.
The system asks users to download an ActiveX control, which scans Windows to determine whether it is legitimate. If the software checks out, the control installs a key allowing future downloads. The system went into place on Monday.
But by Tuesday, a simple JavaScript hack was already circulating, it emerged late last week. All users had to do was paste a JavaScript URL into the Internet Explorer browser window at the beginning of the process; this turned off the key check, according to users.
To carry out the hack, users simply needed to insert the following line into Explorer's address bar before the WGA authentication check was carried out:
javascript:void(window.g_sDisableWGACheck='all')
Microsoft said it was investigating the hack but didn't consider it a security flaw. The company said that it may not take immediate action to fix the problem. "As the validation system is updated from time to time, we will address this and other issues that may arise," a Microsoft spokeswoman said.
There are other ways of getting around WGA as well, none of them particularly complicated, say users, which raises the question of how seriously Microsoft is intending to enforce its updating policy.
Another workaround involves disabling the Explorer add-on that enforces WGA. A third method involves changing an Explorer cookie. None of the hacks involves anything particularly technical.
Hackers bust Microsoft's anti-piracy system
-
Sargeras
- Way too much time!
- Posts: 1604
- Joined: July 3, 2002, 2:35 pm
- Location: Mental Insanity of Life
Hackers bust Microsoft's anti-piracy system
http://www.techworld.com/security/news/ ... ewsID=4134
Last edited by Sargeras on August 2, 2005, 8:05 am, edited 1 time in total.
Sargeras Gudluvin - R.I.P. old friend - January 9, 2005
This one is even easier:
That's some funny shit.Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the Windows Genuine Advantage add-on within his browser's Internet Options. By clicking on Tools/Internet Options/Programs/Manage Add-ons, Keller disabled the WGA add-on. He then exited Internet Explorer and was able to do a Windows Update without the validation ste
May 2003 - "Mission Accomplished"
June 2005 - "The mission isn't easy, and it will not be accomplished overnight"
-- G W Bush, freelance writer for The Daily Show.
June 2005 - "The mission isn't easy, and it will not be accomplished overnight"
-- G W Bush, freelance writer for The Daily Show.
-
masteen
- Super Poster!
- Posts: 8197
- Joined: July 3, 2002, 12:40 pm
- Gender: Mangina
- Location: Florida
- Contact:
IIRC, Cisco was using that shit for the browser interfaces on some of their network devices. It's a bad fucking day when a stupid virus is able to crash your core routerVoronwë wrote:MS has always had very curious definitions of "security flaws".
just look at the history of IIS 7 or so years ago.
"There is at least as much need to curb the cruel greed and arrogance of part of the world of capital, to curb the cruel greed and violence of part of the world of labor, as to check a cruel and unhealthy militarism in international relationships." -Theodore Roosevelt
-
Neost
- Almost 1337
- Posts: 911
- Joined: July 3, 2002, 1:56 pm
- Gender: Male
- XBL Gamertag: neost
- Wii Friend Code: neost
- Contact:
Yup. That one sucked. Switches and other devices that had web management interfaces were especially susceptible.IIRC, Cisco was using that shit for the browser interfaces on some of their network devices. It's a bad fucking day when a stupid virus is able to crash your core router
I'm working on a content delivery project and they use apache for the cache/cdn gui.
Tsk tsk! Microsoft should know better than to try and thwart the evil pirates!
Microsoft gives up on upgrade ban
Pirates sunk our cunning plan
By Nick Farrell: Tuesday 09 August 2005, 07:58
MICROSOFT'S attempts to stop people who have pirated copies of its software from getting upgrades has run aground.
A few weeks ago, Vole announced that a program called "Windows Genuine Advantage" (WIG) would scan users' PCs to see if they had a genuine licence key before letting them have any updates.
Of course within a few hours of WIG going into action hackers had torn it apart using a fairly simple hack. This was transmitted across the Interweb and made the whole thing useless.
A Microsoft spinster told the Sydney Morning Herald this morning that Vole had sent its designers back to the drawing board on WIG.
However, he added that WIG was not designed to catch counterfeiters or prevent hacks anyway.
So why bother? According to the Spinster WIG was to help innocent customers realise "the full value of authentic Windows software while protecting investments made by our partners".
So, in other words, hackers and pirates will be allowed to get away with nicking software for the foreseeable future. While the rest of us will have to pay for it.