lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030907164058.ZJGZ13237.lakemtao05.cox.net@winxppro>
From: rkingsla at cox.net (Rick Kingslan)
Subject: Product activation is exploitable

Well, maybe on your systems.  That's the product ID that MS might want to
SUPPORT your system, but has nothing to do with Product Activation or the
ability to shut it off, if MS so desires.

Now, the DigitalProductID is a bit different - it DOES contain some
information, but is only part of the piece that one would need.  The key
that is on the back of your CD case or the 25 AlphNum that is input for
activation is NOT the ProductID.  So, I'm still a bit puzzled over what the
threat to security and the potential for someone to remotely (or locally for
that matter, unless - of course, you've left the CD case next to the
computer) retrieve any codes that could be used to shut down a group of
systems.

-rtk

-----Original Message-----
From: Geoincidents [mailto:geoincidents@...info.org] 
Sent: Sunday, September 07, 2003 5:41 AM
To: Rick Kingslan; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Product activation is exploitable


> Interesting.  But, I'm not sure how effective this would be, as 
> everything that I've looked at (XP, 2003) doesn't have the actual WPA 
> keys in the registry

In windows XP it's at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductID

Geo.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ