Vesti: Hack cracks Microsoft antipiracy check

[dvnityCker]

Sistem provere autenticnosti Windows-a prilikom skidanja updateova, koji je Microsoft ubaio prosle srede, lako je postao zrtva hakera. Hakeri su brzo nasli nacin kako da ovu proveru zaobidju, tako da do sledece verzije WGA (koja navodno treba da bude bez rupa) Windows update-ove moci ce da skidaju i oni sa pirated Windows-om

Microsoft Corp. has acknowledged that hackers were quickly able to bypass a process implemented last week to ensure that users of Microsoft's update services had legitimate copies of Windows before downloading updates and content from those services.

A posting on the Boing Boing Web log Thursday claimed that a JavaScript command string could bypass a check instituted last Wednesday by Microsoft through the Windows Genuine Advantage (WGA) 1.0 program. According to the posting, users can override the WGA by pasting the command in the address bar of their browser and pressing enter. The code "turns off the trigger for the key check," according to the posting.

The anti-piracy effort makes users run a program to verify that their Windows operating system is not pirated before they can use Microsoft's software update services (see Update: Microsoft requires Windows piracy checks). Microsoft had been running it as a pilot program since September but made the validation system a requirement on Wednesday.

A Microsoft spokesman said Friday that hackers indeed succeeded in cracking the WGA program and that the software giant will fix the flaw they had exploited in an upcoming version of the WGA program.

The exploit came soon after the Wednesday launch of the program, the spokesman said. "Within 24 hours, hackers claimed to have circumvented the process, and it appears that they did," he said. "This is a hack that exploits a feature that enables repeat downloads in the same session so that a hacker never has to validate as a genuine user."

The move to lock out pirated copies of Windows from the update sites is part of Microsoft's effort to fight software piracy, a major issue for the software vendor.

The Boing Boing hack is not the only way to get around WGA's restrictions.

David Keller, founder of PC consulting and services firm Compu-Doctor in Cape Coral, Fla., was able to change his Internet Explorer settings to bypass WGA when he experienced a flaw in the program that flagged a legitimate product key on a customer's Windows XP Professional Service Pack 2 as invalid.

"The customer was the original owner, no hardware was changed since purchase, nor was Windows ever reinstalled on the system," Keller said in an e-mail to the IDG News Service. WGA rejected the operating system, nevertheless, which prevented Windows Update from working, he said.

Keller wrote that he did not have much luck with Microsoft support technicians, so he found a way to bypass the validation process on his own and moved along with the update. He accomplished this by disabling the Windows Genuine Advantage add-on within his browser's Internet Options. By clicking on Tools/Internet Options/Programs/Manage Add-ons, Keller disabled the WGA add-on. He then exited Internet Explorer and was able to do a Windows Update without the validation.

Edited August 2, 2005 by dvnityCker

[Highl1]

proveru mozes da zaobidjesh iako nisi hacker, samo iskljuchish wga, big deal..

[IvYu[SQK]]

a ja mislio neka novost....

[dvnityCker]

proveru mozes da zaobidjesh iako nisi hacker, samo iskljuchish wga, big deal..

←

prvo ne znaju svi kako to da urade, drugo fazon je u tome sto likovi nisu iskljucili WGA nego su ga "ubili".. hteo sam da istaknem kako lako umiru Windows programcici

[Highl1]

a jaka stvar dal ces da ga iskljuchish ili ubijesh, isti kur, radi update iovako ionako, a i samim tim ko bi pametan gubio svoje vreme da provaljuje zashtitu da ga ubije, ako vec moze da ga iskljuchi iz 2 klika i uradi update :)

[Cell]

To stoji da se da iskljuciti veoma lako.Ali takodje stoji da se Microsoft programcici sve lakse provaljuju.

[th3_3d1t0r]

meni je otprilike bolje da ga jednom ubijem nego da svaki put kad treba da skiem update klikcem ta dva klika...vi znate koliko su update-ovi chesti kod M$... :)

[Highl1]

meni je otprilike bolje da ga jednom ubijem nego da svaki put kad treba da skiem update klikcem ta dva klika...vi znate koliko su update-ovi chesti kod M$... :)

←

care samo se jednom iskljuchi, drugi put ne mora, isprobao sam.