Feeds

More hot summer WinXP action

Readers bemused, confused, and hot under the collar

  • alert
  • submit to reddit

Build a business case: developing custom apps

WinXP product activation cracked: totally, horribly, fatally
Steve Gibson really is off his rocker

Alexander J. Vincent is determined to take John Lettice to task on his WinXP security pieces:

I've been reading the articles at The Register with some amusement, some alarm, some disinterest, some of everything. Recently, two particular series of stories have caught my attention. The first is the series on "Steve Gibson Really Is Off His Rocker", regarding WinXP security in respect to raw sockets. The second is on attacks to WinXP's Product Activation and beta availability, and Microsoft's attempts to secure both of these. Your latest article reports WPA is just worthless.

Given the second series of articles, one must really wonder if Steve Gibson is truly off the mark in his statement about how well Microsoft executives understand security. True, we're talking about two different subjects of security here, but security is security... and who says these crackers Mr. Gibson is so afraid of (probably with good reason, considering his site fell to them several times - is www.theregister.co.uk safe from them?) are not already downloading and installing versions of WinXP and looking for additional holes already? Courtesy of the information posted via links from your site and half a dozen others.

Ah, the risks of software and journalism. I'm familiar with both, to some extent. I just think the two editorial positions on which you are reporting security issues with Microsoft's Windows XP product are indirectly conflicting, and thus rather amusing for the irony of it all.

And while we're on the subject of WPA, Craig Barnhart wanted to ask:

Microsoft can't be that dumb can they? One file wpa.dbl is the key to the whole thing! I think you guys need to do a contest on how many viruses will be created to delete that one file by the time Windows XP hits the store shelves. The next question would be, if wpa.dbl is set as read only if Windows can still delete it? If it can't then hackers have it easy. Get an activated wpa.dbl file copy it to that directory and set it read only.

If Windows can delete it with it set to read only that sounds like a huge hole in file system security. Hacker wants to write a virus to kill Windows XP find the API and call it and have XP delete it's own file. If such an API exists do you want to take bets on it being limited to only work on wpa.dbl or will any file be susceptible to being deleted regardless of its read only attribute?

Well, how dumb can Microsoft be? Answers on a postcard please to the usual address. Only one rant per reader.

On a technical note, Tim Epstein contributed this:

Thanks for the link to the tecchannel article. It made good reading, but needs a little more work for anyone who wishes to use their WXP system on a network. The product activation workaround will only work if the MAC address of each system is changed to match the original MAC address of the activated system. The problem here is that duplicate MAC addresses are a really big no no, so you can’t have a networked XP system with this option. For this hack to work, you would need at the least a separate wpa.dbl for each installation (assuming the same amount of RAM), with each having a known and different MAC address for the NIC that the address could be changed to.

I could just imagine the red faces that this would cause if sometime in the future I hook my trusty DIY activated notebook into the WAN of a client and discover that someone else in that organisation has done the same thing using the same wpa.dbl (and thus same MAC address!)

Boost IT visibility and business value

More from The Register

next story
Thirteen Astonishing True Facts You Never Knew About SCREWS
Threaderick the Great! And YES, we asked the Arapaho
NSA man: 'Tell me about your Turkish connections'
Spooks ask Dabbsy to suggest a nice hotel with pool
Russia sends SEX-CRAZED GECKOS to SPAAAAACE!
In space... no one can hear you're green...
Indian techies-in-training face down MAN-EATING LEOPARD - and WIN
Big cat causes big trouble at Mumbai college
Too rich for an iPhone 6? How about a gold-plated Brikk?
Not lobbed at your head, silly – a bling phone
Carlos: Slim your working week to just three days of toil
'Midas World' vision suggests you retire later, watch more tellie and buy more stuff
Yahoo! Japan! launches! service! for! the! dead!
If you're reading this email, I am no longer alive
Plucky Rockall podule man back on (proper) dry land
Bold, barmy Brit adventurer Nick Hancock escapes North Atlantic islet
Motorist 'thought car had caught fire' as Adele track came on stereo
'FIRE' caption on dashboard prompts dunderheaded hard shoulder halt
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.