November 15, 2007

Microsoft releases details on Vista activation

November 14th, 2007

Posted by Ed Bott

For nearly a year, Microsoft has refused to release technical details of the changes it made to its Product Activation technology in Windows Vista. The company was more than willing to speak in broad terms about the program and how it works, but it kept the details confidential, classifying them as trade secrets.

Until last week, that is. A newly released Technical Market Bulletin entitled Product Activation for Windows Vista and Windows Server 2008 unexpectedly appeared on Microsoft’s Download Center last week. Curiously, the document was dated September 2007, but the Date Published field indicates that it was kicking around internally for more than a month before being officially released.

The document is similar in many respects to the Technical Market Bulletin: Microsoft Product Activation for Windows XP (Word .doc format), released in August 2001, before the launch of Windows XP, and updated in 2002 after Microsoft made some activation changes in XP Service Pack 1.

Historically, the underlying principle of Product Activation has been simple: You can reinstall Windows on the original hardware as many times as you like and activate it automatically over the Internet. You need to reactivate over the phone if the hardware is substantially changed. That’s been the hard-and-fast rule for more than six years.

With that history in mind, I was surprised (to put it mildly) when I read this sentence on the next-to-last page of the Vista activation bulletin:

Reinstallation of Windows Vista or Windows Server 2008 on the same or similar hardware and a subsequent reactivation can be accomplished five times.

If that’s true, it’s a major change in policy for Microsoft. I went back through all my notes and records looking for any indication that this policy has been announced previously and found nothing. So I contacted Microsoft to get an explanation and got an impressively rapid response from Alex Kochis, Senior Product Manager in the Windows Genuine Advantage (WGA) group. His blunt response: “There has been no meaningful policy change. We need to correct that paper.”

The new activation document, it turns out, is missing some crucial details. A more complete description of the actual activation policy is found at the bottom of Microsoft’s Windows Vista Activation FAQ:

How many times can I activate Windows Vista?

Windows can be activated any number of times, but your re-activation experience will vary based on the way you acquired Windows.

If you acquired Windows Vista via retail purchase (boxed product), you may activate via the Internet the first five times. Subsequent activations are allowed but must be completed via telephone.

If you acquire Windows Vista pre-installed on a computer, re-installation would not require additional activation steps unless significant hardware changes were made.

And even that description, Kochis explains, is potentially misleading. The policy allowing five automatic activations over the Internet has been in place for the past year, but it’s subject to change at any time. The real goal, it turns out, is to block hackers who try to spoof parts of the hardware ID so that multiple systems can appear identical when they check in with Microsoft’s activation servers. In that scenario, the server logs for a single product ID might show hundreds or even thousands of activation requests, leading to a requirement that the system be activated over the phone. In that scenario, a customer service representative can confirm that the activation request is legitimate.

For systems sold from large manufacturers (Dell, HP, Sony, and the like), activation is accomplished using a separate check called OEM Activation cialis natural 2.0. If you reinstall Windows using the original media, activation should never be required unless the motherboard is replaced with one from a different manufacturer. The limit of five reactivations should only apply to retail copies, and then it will likely affect only hard core enthusiasts who repeatedly reinstall and attempt to reactivate retail copies.

If you fall into the latter category, here are three pieces of advice to avoid being bitten by activation hassles:

1. Take advantage of the initial 30-day grace period before activating. Delay activation until you’re satisfied that all hardware and software are working as you intended.

2. Use an image backup program like Vista’s Complete PC Backup (found in the Business and Ultimate editions) or a third-party alternative like Acronis True Image. After installing Windows and all current updates (including drivers), complete activation and then use the backup program to create a snapshot of the drive. If you ever need to reinstall, you can do so easily with that image, which won’t require reactivation if it’s restored to the original hardware.

3. If you’re such a fanatic that you install Windows more than five times a year, get a TechNet Plus subscription. For $299, you get a one-year subscription that includes perpetual licenses for every version of Windows Vista (including Ultimate), Windows XP Professional, Microsoft Office, and a slew of server software and tools. The licenses aren’t valid for business use, but you can install and use each product on up to 10 separate machines for evaluation purposes, and the licenses don’t expire even if you choose not to renew your subscription after the first year.

I’ll have more details from this new technical bulletin, including a rundown on the activation changes between XP and Vista.

Permalink • Print • Comment

The hack of the year

Patrick Gray
November 13, 2007

In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007.

IT WASN'T supposed to be this easy. Swedish hacker Dan Egerstad had infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world. It had taken him just minutes, using tools freely available for download on the internet.

He says he broke no laws.

In time, Egerstad gained access to 1000 high-value email accounts. He would later post 100 sets of sensitive email logins and passwords on the internet for criminals, spies or just curious teenagers to use to snoop on inter-governmental, NGO and high-value corporate email.

The question on everybody's lips was: how did he do it? The answer came more than a week later and was somewhat anti-climactic. The 22-year-old Swedish security consultant had merely installed free, open-source software – called Tor – on five computers in data centres around the globe and monitored it. Ironically, Tor is designed to prevent intelligence agencies, corporations and computer hackers from determining the virtual – and physical – location of the people who use it.

"Tor is like having caller ID blocking for your internet address," says Shava Nerad, development director with the Tor Project. "All it does is hide where you're communicating from."

Tor was developed by the US Navy to allow personnel to conceal their locations from websites and online services they would access while overseas. By downloading the simple software, personnel could hide the internet protocol address of their computers – the tell-tale number that allows website operators or intelligence services to determine a user's location.

Eventually the navy realised it must take Tor beyond the armed forces. "The problem is, if you make Tor a tool that's only used by the military . . . by using Tor you're advertising that you're military," Nerad says.

So Tor was cast into the public domain. It is now maintained and distributed by a registered charity as an open-source tool that anyone can freely download and install. Hundreds of thousands of internet users have installed Tor, according to the project's website.

Mostly it is workers who want to browse pornographic websites anonymously. "If you analyse the traffic, it's just porn," Egerstad told Next by phone from Sweden. "It's kind of sad."

However, Dmitri Vitaliev, a Russian-born, Australian-educated computer security professional who lives in Canada, says Tor is a vital tool in the fight for democracy. Vitaliev trains human-rights campaigners on how to stay safe when online in oppressive regimes. "It's incredibly important," he said in a Skype chat from the unrecognised state of Transnistria, a breakaway region in Moldova where he's assisting a local group working to stop the trafficking of women. "Anonymity is a high advantage in countries that perform targeted surveillance on activists."

It's also used to bypass website censorship in more than 20 countries that censor political and human rights sites, he says.

Tor works by connecting its users' internet requests, randomly, to volunteer-run Tor network nodes. Anyone can run a Tor node, which relays the user's traffic through other nodes as encrypted data that can't be intercepted.

When the user's data reaches the edge of the Tor network, after bouncing through several nodes, it pops out the other side as unencrypted, readable data. Egerstad was able to get his mitts on sensitive information by running an exit node and monitoring the traffic that passed through it.

The problem, says Vitaliev, is some Tor users assume their data is protected from end to end. "As in pretty much any other internet technology, its vulnerabilities are not well understood by those who use it (and) need it most," he says.

The discovery that sensitive, government emails were passing through Tor exit nodes as unencrypted, readable data was only mildly surprising to Egerstad. It made sense – because Tor documentation mentions "encryption", many users assume they're safe from all snooping, he says.

"People think they're protected just because they use Tor. Not only do they think it's encrypted, but they also think 'no one can find me'," Egerstad says. "But if you've configured your computer wrong, which probably more than 50 per cent of the people using Tor have, you can still find the person (on) the other side."

Initially it seemed that government, embassy, NGO and corporate staffers were using Tor but had misconfigured their systems, allowing Egerstad to sniff sensitive information off the wire. After Egerstad posted the passwords, blame for the embarrassing breach was initially placed on the owners of the passwords he had intercepted.

However, Egerstad now believes the victims of his experiment may not have been using Tor. It's quite possible he stumbled on an underground intelligence gathering exercise, carried out by parties unknown.

"The whole point of the story that has been forgotten, and I haven't said much about it, (is that) many of these accounts had been compromised," he says. "The logins I caught were not legit users but actual hackers who'd been reading these accounts."

In other words, the people using Tor to access embassy email accounts may not have been embassy staff at all. Egerstad says they were computer hackers using Tor to hide their origins from their victims.

The cloaking nature of Tor is appealing in the extreme to computer hackers of all persuasions – criminal, recreational and government sponsored.

If it weren't for the "last-hop" exit node issue Egerstad exposed in such a spectacular way, parties unknown would still be rifling the inboxes of embassies belonging to dozens of countries. Diplomatic memos, sensitive emails and the itineraries of government staffers were all up for grabs.

After a couple of months sniffing and capturing information, Egerstad was faced with a moral dilemma: what to do with all the intercepted passwords and emails.

If he turned his findings over to the Swedish authorities, his experiment might be used by his country's intelligence services to continue monitoring the compromised accounts. That was a little too close to espionage for his liking.

So Egerstad set about notifying the affected governments. He approached a few, but the only one to respond was Iran. "They wanted to know everything I knew," he says. "That's the only response I got, except a couple of calls from the Swedish security police, but that was pretty much all the response I got from any authority."

Frustrated by the lack of a response, Egerstad's next step caused high anxiety for government staffers – and perhaps intelligence services – across the globe. He posted 100 email log-ins and passwords on his blog, DEranged Security. "I just ended up (saying) 'Screw it, I'm just going to put it online and see what happens'."

The news hit the internet like a tonne of bricks, despite some initial scepticism. The email logins were quickly and officially acknowledged by some countries as genuine, while others were independently verified.

US-based security consultant – and Tor user – Sam Stover says he has mixed feelings about Egerstad's actions. "People all of a sudden (said) 'maybe Tor isn't the silver bullet that we thought it was'," Stover says. "However, I'm not sure I condone the mechanism by which that sort of information had to be exposed in order to do that."

Stover admits that he, too, once set up a Tor exit node. "It's pretty easy . . . I set it up once real quick just to make sure that I could see other people's traffic and, sure enough, you can," he says. "(But) I'm not interested in that sort of intelligence cialis mg dosage gathering."

While there's no direct evidence, it's possible Egerstad's actions shut down an active intelligence-gathering exercise. Wired.com journalist Kim Zetter blogged the claims of an Indian Express reporter that he was able to access the email account for the Indian ambassador in China and download a transcript of a meeting between the Chinese foreign minister and an Indian official. In addition to hackers using Tor to hide their origins, it's plausible that intelligence services had set up rogue exit nodes to sniff data from the Tor network.

"Domestic, or international . . . if you want to do intelligence gathering, there's definitely data to be had there," says Stover. "(When using Tor) you have no idea if some guy in China is watching all your traffic, or some guy in Germany, or a guy in Illinois. You don't know."

Egerstad is circumspect about the possible subversion of Tor by intelligence agencies. "If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on," Egerstad says. "Who would pay for this and be anonymous?"

While Stover regards Tor as a useful tool, he says its value is greatly overestimated by those who promote and use it. "I would not use or recommend the tool to hide from people between you and your endpoint. It's really purely a tool to hide from the endpoint," he says.

As a trained security professional, Stover has the nous to understand its limitations, he says. Most people don't.

The lesson remains but the data Egerstad captured is gone, the Swedish hacker insists. He's now focusing on his career as a freelance security consultant. "I deleted everything I had because the information I had was belonging to so many countries that no single person should have this information so I actually deleted it and the hard drives are long gone," he says.

Patrick Gray's interviews with Dan Egerstad and Sam Stover can be heard in his podcast from http://ITRadio.com.au/security..

This story was found at: http://www.theage.com.au/articles/2007/11/12/1194766589522.html

Permalink • Print • Comment

Malware found on new hard drives

November 13th, 2007

Posted by Adrian Kingsley-Hughes

Here’s an interesting story that I found in my inbox.  The Taipei Times is reporting that around 1,800 new 300GB and 500GB external hard drives manufactured by Maxtor shipped with malware on them.  What makes this story even more interesting is that Taiwanese authorities suspected that Chinese authorities were involved.

The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information.

Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said.

The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved.

In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said.

The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market.

But there’s more to this story:

Following findings by the Investigation Bureau that portable hard discs produced by US disk-drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that “contamination” took place when the products were in the hands of Chinese subcontractors during the manufacturing process.

Seagate did not disclose the stage in the manufacturing process where the Chinese subcontractor installed the Trojan horse.

Seagate recommended that all customers who had purchased the product install protective anti-virus software.

To this end, Seagate said that Kaspersky Labs would offer all Seagate customers a 60-day fully functional version of the Kaspersky Lab Anti-Virus 7.0 software for download and installation.

Now, malware can get into the manufacturing chain without the need for a subversive government plot and without more information it’s hard to point fingers, but nonetheless, it’s bad for Seagate/Maxtor.  No hard drive manufacturer wants to be found out to be shipping malware on drives.

However, there’s a moral to this story.  Practice “safe sectors” and scan, or preferably wipe, all drives before bringing them into the ecosystem.  Don’t assume that a drive is going to be blank and cialis medicine malware free.  Trust no one.  Same goes for USB flash drives – you never know what’s been installed on them.

Permalink • Print • Comment

Remove clutter with Windows XP SP2’s Duplicate Finder tool

by Greg Shultz | Feb 21, 2007

Takeaway: Hidden clutter exists on your Windows XP machine in the form of duplicate files. Here's how to free up valuable hard disk space by doing some early spring cleaning with the Duplicate Finder tool.

Even if you're a conscientious computer user (i.e., you regularly delete unnecessary files, empty the Recycle Bin, and run Disk Defragmenter), you may be unaware of a potentially big waster of hard disk space: duplicate files. Applications can litter your hard disk with duplicate files, or you can actually create duplicate files by copying files from one folder to another.

Windows XP's default installation doesn't provide you with a decent utility for tracking down duplicate files. However, Microsoft does have a tool called Duplicate Finder, which is part of the Windows XP Service Pack 2 Support Tools. Here's how to install and use the Duplicate Finder tool:

  1. Download the Windows XP Service Pack 2 Support Tools and follow the instructions for installing the Complete installation version.
  2. Open the Run dialog box by pressing [Windows]R.
  3. Type Dupfinder in the Open text box and click OK.
  4. Once DupFinder loads, simply select the drive or folder to search and then click the Start Search button.
  5. When DupFinder cialis mail order completes its search, you can scan through the list and examine the duplicate files.

Here are tips for working with the list of duplicate files:

  • Use either the Print Report or Export Data commands on the File menu to create a permanent record of the duplicate files.
  • Use the Sort command on the View menu to reorganize the list for better analysis.
  • To get more detailed information about any file, select the file, pull down the File menu, and select the Info command.
  • Leave duplicate files in the Windows folder and its subfolders alone.
  • If you don't recognize the duplicate file, it's better to use the Rename or Move commands on the File menu rather than the Delete command.

Note: This tip applies to both Windows XP Home and Windows XP Professional.

Permalink • Print • Comment

Add Microsoft Chat to your Windows XP Pro technical support toolbox

  • Date: November 14th, 2007
  • Author: Greg Shultz

Windows XP Pro comes with a LAN-based messaging program called Microsoft Chat, which is a handy addition to your technical support toolbox. Microsoft Chat provides you with a real-time messaging program that you can use to help remotely troubleshoot problems on a small business network.

By default, Microsoft Chat is hidden in your Windows folder, and the services that it depends on are disabled. Here’s how to start the Services and then uncover the program’s executable file:

  1. Right-click My Computer and select Manage.
  2. In the Computer Management window, open the Services And Applications branch in the left pane, and click Services.
  3. In the Services pane, locate and double-click Network DDE and then double-click Network DDE DSDM.
  4. In the Properties dialog box for each Service, set the Startup Type setting to Automatic, click the Apply button, click the Start button, and then click OK.
  5. Close the Computer Management window cialis jelly and then restart Windows.
  6. When the system comes back up, Press [Windows]R to open the Run dialog box.
  7. Type Winchat.exe in the Open box and click OK.

You can now see the user interface. You can initiate a call by clicking the Dial button on the toolbar. When you do, the Select Computer dialog box will appear; select the name of the network computer to which you want to establish a connection. On the other computer, the recipient responds by clicking the Answer An Incoming Call button on the toolbar. Upon connection, both parties will see a Connected To message in the status bar and can immediately begin typing messages back and forth in real time. When you’re finished, click the Hang Up button on the toolbar.

Note: This tip applies only to Windows XP Professional.

Permalink • Print • Comment
Made with WordPress and an easy to use WordPress theme • Sky Gold skin by Denis de Bernardy