|
Vulnerability Development
mailing list archives
Re: Recovering the activation key from a Win2K installation
From: "Bryan Allerdice" <bryan () professionalhacker com>
Date: Tue, 26 Jun 2001 10:34:40 -0400
I know this doesn't answer your question, and I hope someone gives this list
the answer you want, but bear with me.
As we all know, naughty students can get a working CDKEY from any number of
websites in a matter of minutes.
In my mind, the idea of securing your CDKEY is like keeping the key to your
house on a string around your neck so nobody can steal it from you. If you
have another key under the door mat, nobody needs the one safely hanging
from your neck.
BRYAN
----- Original Message -----
From: "Juan M. Courcoul" <courcoul () campus qro itesm mx>
To: "Vuln-Dev" <VULN-DEV () SECURITYFOCUS COM>
Sent: Monday, June 25, 2001 1:28 PM
Subject: Recovering the activation key from a Win2K installation
Please bear with me, as I only pretend to have a limited knowledge of
Windows internals enough to survive its use.
A discussion arose as to the security of Windows 2000's activation key,
aka the CD or Product Key. A colleague who handles Win2K installations
insisted that once you have keyed in the 29-character string and
activated the OS during a full new install, it is unrecoverable and
hence safe to install in student labs, etc., without the risk of
compromising the corporate license. She went so far as to claim that
even a user with Administrator privileges couldn't get it back.
My gut feeling is that this is bull and constitutes a prime example of
"assumed security thru ignorance".
Would you kind Windows gurus please tell me who's got it right this time ?
J. Courcoul
 By Date 
By Thread
Current thread:
Re: Valid characters on one o/s are invalid on another Sander Smeenk (CistroN Medewerker) (Jun 26)
Re: Valid characters on one o/s are invalid on another Craig Boston (Jun 26)
|
Intro
