Vulnerability Development mailing list archives
RE: Gibson (was Crack Office XP)
From: "Kayne Ian (Softlab)" <Ian.Kayne () softlab co uk>
Date: Mon, 11 Jun 2001 15:46:46 +0100
OT, Just one comment:
1) It's not too tough to "crack" any software registration program when someone yahoo shares their enterprise license key - this is not cracking - this is a known registration number that is now warez.
This method of warez'ing is rapidly going to become extinct. Evidence Halflife & the WON (World Opponent Network). You can crack the game and download a billion generated serial numbers, but to play the game on the net you require a registered and tracked serial number on your system. I know plenty of people who grab warez of & crack everything, but actually had to buy a copy of this game simply because the protection was so well done. This got me very interested when it first came out, simply because it seemed to be the most comprehensive copy protection so far. I found that WON both tracks serial numbers released on boxed copies of the game (so you can't just generate some sufficiently huge serial number if the corresponding boxed game hasn't rolled off the production line), and client copies of Halflife, registering MAC address & various machine specific details. This includes leaving a file on your harddrive. Some crackers got round this protection initially by sniffing the packets going to the WON system and pulling the serial keys from there, but revisions of the HL package have made this measurably more difficult. Valve acknowledge that this is still a problem, but refuse to refund or reissue people who have had their WON keys stolen in this manner. I'm not saying that cracking Halflife is impossible, or obtaining valid WON keys is impossible, but it has been made so significantly harder that I would place a fair bet on piracy of the game for playing on the net has been reduced by maybe 90%. Ofcoz, the follow-through is that if this can be done for a game that is played on the net, it's less than a simple step to do it for an application staged on, for eg, the MS .net model. Ian Kayne Technical Specialist - IT Solutions Softlab Ltd - A BMW Company
-----Original Message----- From: Fenris () HammerofGod com [mailto:Fenris () HammerofGod com] Sent: Monday, June 11, 2001 6:39 AM To: ricardo_x () hotmail com; vuln-dev () securityfocus com Subject: Gibson (was Crack Office XP) >... just wanted to add my 2 cents: >folks, >regardless whether any progy/os is crackable or not (btw please add >office-xp to the list) >what I find incredible and a true issue to this newsgroup is micro$oft's >intention to 100% implement >the raw sockets specification. (see more info at Steve Gibson' >http://grc.com/dos/winxp.htm) >welcome to the jungle, >ricardo Oh puleeese! 1) It's not too tough to "crack" any software registration program when someone yahoo shares their enterprise license key - this is not cracking - this is a known registration number that is now warez. 2) Gibson has just admitted how *not* bright he is. His scenario involves getting a piece of code onto a WIndows XP box on the Internet. I'll skip the piece about how you must first compromise a system or get a user to launch a piece of code - so just for arguments sake, let's assume we send an email to an XP user and get them to launch the code. The code is a zombie client that is launched as part of a DDOS attack and uses raw sockets to spoof the originating IP address Here is where Gibson's thesis falls apart. Gibson claims that in order to do this kind of attack on NT4 or Windows 2000, you must first load a special packet driver (and reboot), then load a special IP stack (and then I'm guessing, reboot), and then write special code to leverage all of this. If this were indeed the case, Gibson might have a point - it would be difficult to write script kiddie code to do this. However, it is far simpler than all of this. I guess he's never heard of dynamically loading packet drivers or winpcap! Any thirteen year old has already figured out how to do this. All he'd have to do is add one additional file to his trojan package - and he could get any NT4 or Win2K machine to be part of his DDOS army. Weld Pond has much more to say about this at HNN (http://www.stake.com/security_news/arch.html?060501) If Gibson isn't bright enough to figure out how to write a script kiddie trojan to dynamically load the packet driver, I don't trust him enough to be telling the world that he thinks there's a problem. Besides, if this was really a problem, we'd already see this occuring on Win32 systems, Unix systems, Mac systems, etc - all of which support raw sockets. Methinks Gibsons diatribe was one more of wanting publicity for himself or his site than making a legitimate statment. He's also shown that he thoroughly misunderstands IDS products, and how to protect himself from being trojaned: http://www.theregister.co.uk/content/8/19469.html with something that should have been detected with his antivirus product =============== Fenris, The Wolf cAre to lend a hAnd? ===============
******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ********************************************************************
Current thread:
- Gibson (was Crack Office XP) Fenris (Jun 11)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- Re: Gibson (was Crack Office XP) ian (Jun 13)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- <Possible follow-ups>
- RE: Gibson (was Crack Office XP) Kayne Ian (Softlab) (Jun 11)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) Mark Collins (Jun 14)
- Re[2]: Software authentication (was RE: Gibson (was Crack Office XP)) dullien (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) J Edgar Hoover (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) bill_weiss (Jun 15)
- RE: Software authentication (was RE: Gibson (was Crack Office XP)) Dom De Vitto (Jun 17)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)