[ Content | View menu ]

does anyone at MSFT get security?

Written on July 28, 2005

So Windows Genuine Advantage has a hole in it:

Microsoft “Genuine Advantage” cracked in 24h: window.g_sDisableWGACheck=’all’:

Microsoft “Genuine Advantage” cracked in 24h: window.g_sDisableWGACheck=’all’
Cory Doctorow: AV sez, “This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called ‘Genuine Advantage.’ It was cracked within 24 hours.”
Before pressing ‘Custom’ or ‘Express’ buttons paste this text to the address bar and press enter:
javascript:void(window.g_sDisableWGACheck=’all’)

It turns off the trigger for the key check.

Link (Thanks, AV!)

And then read this:
Schneier on Security: Microsoft Builds In Security Bypasses:

I am very suspicious of tools that allow you to bypass network security systems. Yes, they make life easier. But if security is important, than all security decisions should be made by a central process; tools that bypass that centrality are very risky.

I didn’t like SOAP for that reason, and I don’t like the sound of this new Microsoft thingy:

We’re always looking for new things that can allow you to do things uniquely different today. For example, this new feature tool we have would allow me to tunnel directly using HTTP into my corporate Exchange server without having to go through the whole VPN (virtual private network) process, bypassing the need to use a smart card. It’s such a huge time-saver, for me at least, compared to how long it takes me now. We will be extending that functionality to the next version of Windows.

That’s Martin Taylor, Microsoft’s general manager of platform strategy, talking.

Read that again: a new feature that is designed to bypass VPN authentication, all for the sake of convenience, is considered so cool, it will be in the next release of Windows. What IT manager is going to read that and not want Martin Taylor’s head on a pole?

[composed and posted with ecto]

Comments closed


My Amazon.com Wish List. Or buy yourself something from Amazon and we both benefit. Amazon Honor System payments work, too. Thanks!