OT, Just one comment: > 1) It's not too tough to "crack" any software registration > program when > someone yahoo shares their enterprise license key - this is > not cracking - > this is a known registration number that is now warez. This method of warez'ing is rapidly going to become extinct. Evidence Halflife & the WON (World Opponent Network). You can crack the game and download a billion generated serial numbers, but to play the game on the net you require a registered and tracked serial number on your system. I know plenty of people who grab warez of & crack everything, but actually had to buy a copy of this game simply because the protection was so well done. This got me very interested when it first came out, simply because it seemed to be the most comprehensive copy protection so far. I found that WON both tracks serial numbers released on boxed copies of the game (so you can't just generate some sufficiently huge serial number if the corresponding boxed game hasn't rolled off the production line), and client copies of Halflife, registering MAC address & various machine specific details. This includes leaving a file on your harddrive. Some crackers got round this protection initially by sniffing the packets going to the WON system and pulling the serial keys from there, but revisions of the HL package have made this measurably more difficult. Valve acknowledge that this is still a problem, but refuse to refund or reissue people who have had their WON keys stolen in this manner. I'm not saying that cracking Halflife is impossible, or obtaining valid WON keys is impossible, but it has been made so significantly harder that I would place a fair bet on piracy of the game for playing on the net has been reduced by maybe 90%. Ofcoz, the follow-through is that if this can be done for a game that is played on the net, it's less than a simple step to do it for an application staged on, for eg, the MS .net model. Ian Kayne Technical Specialist - IT Solutions Softlab Ltd - A BMW Company > -----Original Message----- > From: Fenrisat_private [mailto:Fenrisat_private] > Sent: Monday, June 11, 2001 6:39 AM > To: ricardo_xat_private; vuln-devat_private > Subject: Gibson (was Crack Office XP) > > > > >... just wanted to add my 2 cents: > > >folks, > >regardless whether any progy/os is crackable or not (btw please add > >office-xp to the list) > >what I find incredible and a true issue to this newsgroup > is micro$oft's > >intention to 100% implement > >the raw sockets specification. (see more info at Steve Gibson' > >http://grc.com/dos/winxp.htm) > > >welcome to the jungle, > > >ricardo > > Oh puleeese! > > 1) It's not too tough to "crack" any software registration > program when > someone yahoo shares their enterprise license key - this is > not cracking - > this is a known registration number that is now warez. > > 2) Gibson has just admitted how *not* bright he is. His > scenario involves > getting a piece of code onto a WIndows XP box on the > Internet. I'll skip > the piece about how you must first compromise a system or get > a user to > launch a piece of code - so just for arguments sake, let's > assume we send > an email to an XP user and get them to launch the code. The > code is a > zombie client that is launched as part of a DDOS attack and uses raw > sockets to spoof the originating IP address > > Here is where Gibson's thesis falls apart. Gibson claims > that in order to > do this kind of attack on NT4 or Windows 2000, you must first load a > special packet driver (and reboot), then load a special IP > stack (and then > I'm guessing, reboot), and then write special code to leverage all of > this. If this were indeed the case, Gibson might have a > point - it would > be difficult to write script kiddie code to do this. > However, it is far > simpler than all of this. I guess he's never heard of > dynamically loading > packet drivers or winpcap! Any thirteen year old has already > figured out > how to do this. > > All he'd have to do is add one additional file to his trojan > package - and > he could get any NT4 or Win2K machine to be part of his DDOS > army. Weld > Pond has much more to say about this at HNN > (http://www.stake.com/security_news/arch.html?060501) > > If Gibson isn't bright enough to figure out how to write a > script kiddie > trojan to dynamically load the packet driver, I don't trust > him enough to > be telling the world that he thinks there's a problem. > Besides, if this > was really a problem, we'd already see this occuring on Win32 > systems, Unix > systems, Mac systems, etc - all of which support raw sockets. > Methinks > Gibsons diatribe was one more of wanting publicity for > himself or his site > than making a legitimate statment. He's also shown that he > thoroughly > misunderstands IDS products, and how to protect himself from being > trojaned: http://www.theregister.co.uk/content/8/19469.html > with something > that should have been detected with his antivirus product > > =============== > Fenris, The Wolf > cAre to lend a hAnd? > =============== > > ******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ********************************************************************
This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 22:02:00 PDT