Feeds

More hot summer WinXP action

Readers bemused, confused, and hot under the collar

  • alert
  • submit to reddit

Internet Security Threat Report 2014

WinXP product activation cracked: totally, horribly, fatally
Steve Gibson really is off his rocker

Alexander J. Vincent is determined to take John Lettice to task on his WinXP security pieces:

I've been reading the articles at The Register with some amusement, some alarm, some disinterest, some of everything. Recently, two particular series of stories have caught my attention. The first is the series on "Steve Gibson Really Is Off His Rocker", regarding WinXP security in respect to raw sockets. The second is on attacks to WinXP's Product Activation and beta availability, and Microsoft's attempts to secure both of these. Your latest article reports WPA is just worthless.

Given the second series of articles, one must really wonder if Steve Gibson is truly off the mark in his statement about how well Microsoft executives understand security. True, we're talking about two different subjects of security here, but security is security... and who says these crackers Mr. Gibson is so afraid of (probably with good reason, considering his site fell to them several times - is www.theregister.co.uk safe from them?) are not already downloading and installing versions of WinXP and looking for additional holes already? Courtesy of the information posted via links from your site and half a dozen others.

Ah, the risks of software and journalism. I'm familiar with both, to some extent. I just think the two editorial positions on which you are reporting security issues with Microsoft's Windows XP product are indirectly conflicting, and thus rather amusing for the irony of it all.

And while we're on the subject of WPA, Craig Barnhart wanted to ask:

Microsoft can't be that dumb can they? One file wpa.dbl is the key to the whole thing! I think you guys need to do a contest on how many viruses will be created to delete that one file by the time Windows XP hits the store shelves. The next question would be, if wpa.dbl is set as read only if Windows can still delete it? If it can't then hackers have it easy. Get an activated wpa.dbl file copy it to that directory and set it read only.

If Windows can delete it with it set to read only that sounds like a huge hole in file system security. Hacker wants to write a virus to kill Windows XP find the API and call it and have XP delete it's own file. If such an API exists do you want to take bets on it being limited to only work on wpa.dbl or will any file be susceptible to being deleted regardless of its read only attribute?

Well, how dumb can Microsoft be? Answers on a postcard please to the usual address. Only one rant per reader.

On a technical note, Tim Epstein contributed this:

Thanks for the link to the tecchannel article. It made good reading, but needs a little more work for anyone who wishes to use their WXP system on a network. The product activation workaround will only work if the MAC address of each system is changed to match the original MAC address of the activated system. The problem here is that duplicate MAC addresses are a really big no no, so you can’t have a networked XP system with this option. For this hack to work, you would need at the least a separate wpa.dbl for each installation (assuming the same amount of RAM), with each having a known and different MAC address for the NIC that the address could be changed to.

I could just imagine the red faces that this would cause if sometime in the future I hook my trusty DIY activated notebook into the WAN of a client and discover that someone else in that organisation has done the same thing using the same wpa.dbl (and thus same MAC address!)

Secure remote control for conventional and virtual desktops

More from The Register

next story
Criticism of Uber's journo-Data Analytics plan is an Attack on DIGITAL FREEDOM
First they came for Emil – and I'm damn well SPEAKING OUT
'It is comforting to know where your data centres are.' UK.GOV does NOT
Plus: Anons are 'wannabes', KKK says, before being pwned
Google's whois results say it's a lousy smut searcher
Run whois google.com or whois microsoft.com. We dare you, you PIG◙◙◙◙ER
Holy vintage vehicles! Earliest known official Batmobile goes on sale
Riddle me this: are you prepared to pay US$180k?
'Open source just means big companies can steal your code.' O RLY?
Plus: Flame of the Week returns, for one night only!
NEWSFLASH: It's time to ditch dullard Facebook chums
Everything hot in tech, courtesy of avian anchor Regina Eggbert
Hey, you, PHONE-FACE! Kickstarter in-car mobe mount will EMBED your phone into your MUG
Stick it on the steering wheel and wait for the airbag to fire
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.