Feeds

More hot summer WinXP action

Readers bemused, confused, and hot under the collar

  • alert
  • submit to reddit

Business security measures using SSL

WinXP product activation cracked: totally, horribly, fatally
Steve Gibson really is off his rocker

Alexander J. Vincent is determined to take John Lettice to task on his WinXP security pieces:

I've been reading the articles at The Register with some amusement, some alarm, some disinterest, some of everything. Recently, two particular series of stories have caught my attention. The first is the series on "Steve Gibson Really Is Off His Rocker", regarding WinXP security in respect to raw sockets. The second is on attacks to WinXP's Product Activation and beta availability, and Microsoft's attempts to secure both of these. Your latest article reports WPA is just worthless.

Given the second series of articles, one must really wonder if Steve Gibson is truly off the mark in his statement about how well Microsoft executives understand security. True, we're talking about two different subjects of security here, but security is security... and who says these crackers Mr. Gibson is so afraid of (probably with good reason, considering his site fell to them several times - is www.theregister.co.uk safe from them?) are not already downloading and installing versions of WinXP and looking for additional holes already? Courtesy of the information posted via links from your site and half a dozen others.

Ah, the risks of software and journalism. I'm familiar with both, to some extent. I just think the two editorial positions on which you are reporting security issues with Microsoft's Windows XP product are indirectly conflicting, and thus rather amusing for the irony of it all.

And while we're on the subject of WPA, Craig Barnhart wanted to ask:

Microsoft can't be that dumb can they? One file wpa.dbl is the key to the whole thing! I think you guys need to do a contest on how many viruses will be created to delete that one file by the time Windows XP hits the store shelves. The next question would be, if wpa.dbl is set as read only if Windows can still delete it? If it can't then hackers have it easy. Get an activated wpa.dbl file copy it to that directory and set it read only.

If Windows can delete it with it set to read only that sounds like a huge hole in file system security. Hacker wants to write a virus to kill Windows XP find the API and call it and have XP delete it's own file. If such an API exists do you want to take bets on it being limited to only work on wpa.dbl or will any file be susceptible to being deleted regardless of its read only attribute?

Well, how dumb can Microsoft be? Answers on a postcard please to the usual address. Only one rant per reader.

On a technical note, Tim Epstein contributed this:

Thanks for the link to the tecchannel article. It made good reading, but needs a little more work for anyone who wishes to use their WXP system on a network. The product activation workaround will only work if the MAC address of each system is changed to match the original MAC address of the activated system. The problem here is that duplicate MAC addresses are a really big no no, so you can’t have a networked XP system with this option. For this hack to work, you would need at the least a separate wpa.dbl for each installation (assuming the same amount of RAM), with each having a known and different MAC address for the NIC that the address could be changed to.

I could just imagine the red faces that this would cause if sometime in the future I hook my trusty DIY activated notebook into the WAN of a client and discover that someone else in that organisation has done the same thing using the same wpa.dbl (and thus same MAC address!)

Website security in corporate America

More from The Register

next story
Oi, London thief. We KNOW what you're doing - our PRECRIME system warned us
Aye, shipmate, it be just like that Minority Report
WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups
Mankind shuffles into the future, five fingers at a time
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.