Feeds

More hot summer WinXP action

Readers bemused, confused, and hot under the collar

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

WinXP product activation cracked: totally, horribly, fatally
Steve Gibson really is off his rocker

Alexander J. Vincent is determined to take John Lettice to task on his WinXP security pieces:

I've been reading the articles at The Register with some amusement, some alarm, some disinterest, some of everything. Recently, two particular series of stories have caught my attention. The first is the series on "Steve Gibson Really Is Off His Rocker", regarding WinXP security in respect to raw sockets. The second is on attacks to WinXP's Product Activation and beta availability, and Microsoft's attempts to secure both of these. Your latest article reports WPA is just worthless.

Given the second series of articles, one must really wonder if Steve Gibson is truly off the mark in his statement about how well Microsoft executives understand security. True, we're talking about two different subjects of security here, but security is security... and who says these crackers Mr. Gibson is so afraid of (probably with good reason, considering his site fell to them several times - is www.theregister.co.uk safe from them?) are not already downloading and installing versions of WinXP and looking for additional holes already? Courtesy of the information posted via links from your site and half a dozen others.

Ah, the risks of software and journalism. I'm familiar with both, to some extent. I just think the two editorial positions on which you are reporting security issues with Microsoft's Windows XP product are indirectly conflicting, and thus rather amusing for the irony of it all.

And while we're on the subject of WPA, Craig Barnhart wanted to ask:

Microsoft can't be that dumb can they? One file wpa.dbl is the key to the whole thing! I think you guys need to do a contest on how many viruses will be created to delete that one file by the time Windows XP hits the store shelves. The next question would be, if wpa.dbl is set as read only if Windows can still delete it? If it can't then hackers have it easy. Get an activated wpa.dbl file copy it to that directory and set it read only.

If Windows can delete it with it set to read only that sounds like a huge hole in file system security. Hacker wants to write a virus to kill Windows XP find the API and call it and have XP delete it's own file. If such an API exists do you want to take bets on it being limited to only work on wpa.dbl or will any file be susceptible to being deleted regardless of its read only attribute?

Well, how dumb can Microsoft be? Answers on a postcard please to the usual address. Only one rant per reader.

On a technical note, Tim Epstein contributed this:

Thanks for the link to the tecchannel article. It made good reading, but needs a little more work for anyone who wishes to use their WXP system on a network. The product activation workaround will only work if the MAC address of each system is changed to match the original MAC address of the activated system. The problem here is that duplicate MAC addresses are a really big no no, so you can’t have a networked XP system with this option. For this hack to work, you would need at the least a separate wpa.dbl for each installation (assuming the same amount of RAM), with each having a known and different MAC address for the NIC that the address could be changed to.

I could just imagine the red faces that this would cause if sometime in the future I hook my trusty DIY activated notebook into the WAN of a client and discover that someone else in that organisation has done the same thing using the same wpa.dbl (and thus same MAC address!)

The essential guide to IT transformation

More from The Register

next story
MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
'Prettier, better organised, more harmonious than if men were in charge'
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?