RE: Gibson (was Crack Office XP)

["Kayne Ian (Softlab)" <Ian.Kayne () softlab co uk>]

OT, Just one comment:

> 1) It's not too tough to "crack" any software registration 
> program when 
> someone yahoo shares their enterprise license key - this is 
> not cracking - 
> this is a known registration number that is now warez.

This method of warez'ing is rapidly going to become extinct. Evidence
Halflife & the WON (World Opponent Network). You can crack the game and
download a billion generated serial numbers, but to play the game on the net
you require a registered and tracked serial number on your system. I know
plenty of people who grab warez of & crack everything, but actually had to
buy a copy of this game simply because the protection was so well done. This
got me very interested when it first came out, simply because it seemed to
be the most comprehensive copy protection so far. I found that WON both
tracks serial numbers released on boxed copies of the game (so you can't
just generate some sufficiently huge serial number if the corresponding
boxed game hasn't rolled off the production line), and client copies of
Halflife, registering MAC address & various machine specific details. This
includes leaving a file on your harddrive. Some crackers got round this
protection initially by sniffing the packets going to the WON system and
pulling the serial keys from there, but revisions of the HL package have
made this measurably more difficult. Valve acknowledge that this is still a
problem, but refuse to refund or reissue people who have had their WON keys
stolen in this manner.

I'm not saying that cracking Halflife is impossible, or obtaining valid WON
keys is impossible, but it has been made so significantly harder that I
would place a fair bet on piracy of the game for playing on the net has been
reduced by maybe 90%.

Ofcoz, the follow-through is that if this can be done for a game that is
played on the net, it's less than a simple step to do it for an application
staged on, for eg, the MS .net model.

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company


> -----Original Message-----
> From: Fenris () HammerofGod com [mailto:Fenris () HammerofGod com]
> Sent: Monday, June 11, 2001 6:39 AM
> To: ricardo_x () hotmail com; vuln-dev () securityfocus com
> Subject: Gibson (was Crack Office XP)
>
>
>
>  >... just wanted to add my 2 cents:
>
>  >folks,
>  >regardless whether any progy/os is crackable or not (btw please add
>  >office-xp to the list)
>  >what I find incredible and a true issue to this newsgroup 
> is micro$oft's
>  >intention to 100% implement
>  >the raw sockets specification. (see more info at Steve Gibson'
>  >http://grc.com/dos/winxp.htm)
>
>  >welcome to the jungle,
>
>  >ricardo
>
> Oh puleeese!
>
> 1) It's not too tough to "crack" any software registration 
> program when 
> someone yahoo shares their enterprise license key - this is 
> not cracking - 
> this is a known registration number that is now warez.
>
> 2) Gibson has just admitted how *not* bright he is.  His 
> scenario involves 
> getting a piece of code onto a WIndows XP box on the 
> Internet.  I'll skip 
> the piece about how you must first compromise a system or get 
> a user to 
> launch a piece of code - so just for arguments sake, let's 
> assume we send 
> an email to an XP user and get them to launch the code.  The 
> code is a 
> zombie client that is launched as part of a DDOS attack and uses raw 
> sockets to spoof the originating IP address
>
> Here is where Gibson's thesis falls apart.  Gibson claims 
> that in order to 
> do this kind of attack on NT4 or Windows 2000, you must first load a 
> special packet driver (and reboot), then load a special IP 
> stack (and then 
> I'm guessing, reboot), and then write special code to leverage all of 
> this.  If this were indeed the case, Gibson might have a 
> point - it would 
> be difficult to write script kiddie code to do this.  
> However, it is far 
> simpler than all of this.  I guess he's never heard of 
> dynamically loading 
> packet drivers or winpcap!  Any thirteen year old has already 
> figured out 
> how to do this.
>
> All he'd have to do is add one additional file to his trojan 
> package - and 
> he could get any NT4 or Win2K machine to be part of his DDOS 
> army.  Weld 
> Pond has much more to say about this at HNN 
> (http://www.stake.com/security_news/arch.html?060501)
>
> If Gibson isn't bright enough to figure out how to write a 
> script kiddie 
> trojan to dynamically load the packet driver, I don't trust 
> him enough to 
> be telling the world that he thinks there's a problem.  
> Besides, if this 
> was really a problem, we'd already see this occuring on Win32 
> systems, Unix 
> systems, Mac systems, etc - all of which support raw sockets. 
>  Methinks 
> Gibsons diatribe was one more of wanting publicity for 
> himself or his site 
> than making a legitimate statment.  He's also shown that he 
> thoroughly 
> misunderstands IDS products, and how to protect himself from being 
> trojaned: http://www.theregister.co.uk/content/8/19469.html 
> with something 
> that should have been detected with his antivirus product
>
> ===============
> Fenris, The Wolf
> cAre to lend a hAnd?
> ===============


******************************************************************** 
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom 
they are addressed. 

If you are not the intended recipient or the person responsible for 
delivering to the intended recipient, be advised that you have received 
this email in error and that any use of the information contained within 
this email or attachments is strictly prohibited. 

Internet communications are not secure and Softlab does not accept 
any legal responsibility for the content of this message. Any opinions 
expressed in the email are those of the individual and not necessarily 
those of the Company. 

If you have received this email in error, or if you are concerned with 
the content of this email please notify the IT helpdesk by telephone 
on +44 (0)121 788 5480. 

********************************************************************