Print

Mail

wiki links

Hackers look to bust open Microsoft's Windows Vista

Is it true that Vista has already been cracked? It looked that way last week. The web was buzzing with talk that the "activation scheme" had been cracked less than two months after the release of the latest flavor of Windows.

Hackers had already found a way to bypass security features in next-generation DVD formats, so this could have been bad news for Microsoft -- which, like any maker of digital products, fights a constant battle to keep people paying and not pirating its intellectual property.

Like Windows XP, Office and many other applications such as Adobe's Creative Suite, Vista requires that you register its individual "product key" online, or the software stops working. Activation only works with genuine product keys, and slowed the tide of piracy when first introduced with XP.

The method trumpted last week on warez sites was a "brute-force keygen" -- a random search for legitimate product keys. "Brute force" is about right -- this kind of attack, seeking a valid 25-character string (with 36 possible elements, A-Z and 0-9) requires little finesse. But it could also take a few billion years to succeed. It's just luck.

Then the hacker came out and confessed.

"Fact is," he said, "the brute force keygen is a joke."

But there was a twist. ZDNet blogger Adrian Kingsley-Hughes tried out the "joke" tool -- and produced two 25-character product keys that allowed him to install Vista. He didn't however try to activate them. As both he and a Microsoft blogger noted, the real activation process is a lot tougher to hoodwink.

Panic over. But then came news of another method of attack, which relies on a tool that allows OEM manufacturers to bypass activation on the machines they build. Microsoft might be cool about the keygen, but it can't rest easy just yet.
This story has been viewed 2323 times.