Publishing Microsoft License Keys - a Smart Idea!
David Berlind of ZDNet wrote "Posting your Microsoft license keys to Web not the brightest thing to do" and it may sound reasonable until you look at this from a different angle.
Now I am not playing the cynic here. Consider what happens to published keys? Correct, other people find them and use them to activate their windows. What happens next is that Microsoft takes notice and invalidates the keys, denying the PC of further security updates (unless it's Vista where it denies it of oxygen too). Most PC users (and I say it from experience) will not necessarily understand what hit them and how to resolve it. The ones that will try will be blamed by MS for distributing their keys.
So why is it a such a smart idea? Clearly it's not in the best interest of Joe Average. Well, for Joe Cracker, the well known bot-net builder, this is a lottery ticket. The last thing Joe Cracker wants is for his zombie army to get security patches from Microsoft and since Microsoft does not provide updates to 'pirated machines', all Joe Cracker needs to do is to have his zombies remit their keys and then send those keys to newsgroups and other places where they will be easily picked up.
The blame here is on Microsoft. By making the license key extractable, and by virtue of the Windows porous nature, they effectively brought this upon themselves and upon us, the users.
Bruce Schneier on his security blog wrote: "Unpatched Windows systems on the Internet are a security risk to everyone. I understand Microsoft wanting to fight piracy, but reducing the security of its paying customers is not a good way to go about it." Despite rumors of reversal of this decision, I know for fact that 'pirated' systems do not get updated and are made into further attack vector against the general Windows user community.
I was wondering for quite some time how this did not get acted upon by the hackers, am I missing something?
Now I am not playing the cynic here. Consider what happens to published keys? Correct, other people find them and use them to activate their windows. What happens next is that Microsoft takes notice and invalidates the keys, denying the PC of further security updates (unless it's Vista where it denies it of oxygen too). Most PC users (and I say it from experience) will not necessarily understand what hit them and how to resolve it. The ones that will try will be blamed by MS for distributing their keys.
So why is it a such a smart idea? Clearly it's not in the best interest of Joe Average. Well, for Joe Cracker, the well known bot-net builder, this is a lottery ticket. The last thing Joe Cracker wants is for his zombie army to get security patches from Microsoft and since Microsoft does not provide updates to 'pirated machines', all Joe Cracker needs to do is to have his zombies remit their keys and then send those keys to newsgroups and other places where they will be easily picked up.
The blame here is on Microsoft. By making the license key extractable, and by virtue of the Windows porous nature, they effectively brought this upon themselves and upon us, the users.
Bruce Schneier on his security blog wrote: "Unpatched Windows systems on the Internet are a security risk to everyone. I understand Microsoft wanting to fight piracy, but reducing the security of its paying customers is not a good way to go about it." Despite rumors of reversal of this decision, I know for fact that 'pirated' systems do not get updated and are made into further attack vector against the general Windows user community.
I was wondering for quite some time how this did not get acted upon by the hackers, am I missing something?
Comments