Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Windows Key Leak Threatens Mass Piracy 722

lou_soyur writes "A key code for installing Microsoft's Windows Server 2003 has leaked onto the Internet. Rampant piracy sure to follow fears Microsoft, so it's a safe assumption that their lawyers "would scour the Internet looking for the leaked code". The joy of closed source security at work."
This discussion has been archived. No new comments can be posted.

Windows Key Leak Threatens Mass Piracy

Comments Filter:
  • by wing.app ( 601127 ) on Tuesday April 08, 2003 @01:58AM (#5684214)
    I don't think leaks have anything to do with whether it is open or closed.
    • by bsharitt ( 580506 ) <bsharitt.gmail@com> on Tuesday April 08, 2003 @02:10AM (#5684285) Homepage Journal
      The poster forgot to link to the leaked key. A fix would be appreciated.

      • Re:Missing Link (Score:5, Informative)

        by Anonymous Coward on Tuesday April 08, 2003 @02:22AM (#5684340)
        According to serials.ws [serials.ws] (mind the porn popups):

        Windows 2003 GER Server Full

        Added: 2003-04-04


        • by Anonymous Coward
          Cracks.am usually has fewer popups, and generally better quality porn ads.

          The quality of their cracks/serials are usually acceptable, too.
        • by RenHoek ( 101570 ) on Tuesday April 08, 2003 @04:52AM (#5684811) Homepage
          Hi, I need a serial for the latest Linux kernel, version 2.4.20, the old serial doesn't work anymore. I'd prefer a keygen over a crack.. TIA!!

          *now waits for the obligatory 'Me too!!' posts* :)
        • Re:Missing Link (Score:3, Interesting)

          by NCFlipper ( 69861 )
          Would the lawyers be able to do much if you said "it's the ascii equivalent of the numbers between the xth and yth digits of pi"?
      • by Anonymous Coward on Tuesday April 08, 2003 @03:54AM (#5684658)
        posting working serials here on slashdot? or are they all fake?

        well try this, does it make sense?

        Join the crowd
        Build a tower
        8 meters to the right
        8 meters to the left
        Forty meters in height
        Wait for good weather
        Tear down the tower
        2 people will help
        Questions will follow
        3 days just have passed
        Does anybody wonder
        X is a hard letter
        T is much better
        Together they fit
        You should know already
        8 again a typo?
        Good lord it's fun
        Help them spread there software
        Greed is a sin
        7 sins there are
        You should have got it now
        You remember that 'fuck you' tombstone?
        You got it.
        • by Anonymous Coward on Tuesday April 08, 2003 @04:09AM (#5684699)
          But I think you just made that up
          Unless you know something we don't
          Like you work for Microsoft
          Less chance of actually having a third valid serial
          So it seems, anyway
          Hey, or maybe you just nicked it from work
          I still don't believe you
          Thanks and goodbye!
    • by k-0s ( 237787 ) on Tuesday April 08, 2003 @02:19AM (#5684324) Homepage
      Uhhh why would you pirate free software out of curiousity?
    • by ottffssent ( 18387 ) on Tuesday April 08, 2003 @02:55AM (#5684470)
      Nah, it's poorly worded. I assume the poster was referring to the "security by obscurity" concept.

      The idea that secret keys can be effective is laughable, but nobody seems to get it. Remember the old adage that 3 people can keep a secret if 2 of them are dead? Well this whole CD key nonsense is based on the idea that millions of people can keep a secret. It just doesn't work that way. There is no "obscurity" to hold up even the flimsiest of security when the secret is pasted on millions of plastic packages.

      I believe that's what the "closed source security" comment was referring to.
    • by carlmenezes ( 204187 ) on Tuesday April 08, 2003 @07:33AM (#5685130) Homepage
      T1H1I2S-K3E4Y-H0A5S-B6E1EN-L8E6A9K2E6D-07N-P1U5R9P 2O8S8E
      • by oneiros27 ( 46144 ) on Tuesday April 08, 2003 @08:29AM (#5685291) Homepage
        You know, I personally suspect that you might have something there --

        Think about it....you get people to distribute an identifiable marker.... then you wait a few weeks for google and the otehr search engines to re-index, and then you go and search for the marker. If you find it, you sue the ISP that's hosting it 'till they take down the website.

        [and well, you make sure that the marker's not going to read as valid after some fixed date, or for any of the updates....maybe even log IP addresses should someone be stupid enough to use it, then use Software Update].

        You of course need the built-in self destruct, as there's going to be some sites that you can't get shut down (ie, the ones not in the US), and those other places it might be hiding that you can't 'clean'.

        Of course, if this was the case, would they have issued a press release that it was leaked, or would they have waited until AFTER they had released the product to the masses, and caught people then?
  • How could this happen?
  • by seann ( 307009 ) <notaku@gmail.com> on Tuesday April 08, 2003 @01:58AM (#5684218) Homepage Journal
  • by dancilmi ( 664358 ) on Tuesday April 08, 2003 @01:58AM (#5684219)
    Microsoft has decided that they can stop all instances of music piracy by scouring kazaa and gnutella.
  • A single key? (Score:4, Insightful)

    by Levine ( 22596 ) <{xc.estaog} {ta} {enivel}> on Tuesday April 08, 2003 @01:59AM (#5684225) Homepage
    There are probably ten or fifteen leaked keys by now. Finding Windows keys isn't difficult, and never has been. Why is this news?
    • Re:A single key? (Score:5, Informative)

      by DJayC ( 595440 ) on Tuesday April 08, 2003 @02:07AM (#5684265)
      There are probably ten or fifteen leaked keys by now. Finding Windows keys isn't difficult, and never has been. Why is this news?

      I think the reason why this is such a big deal is because, if you read the article, it is a key that can be used to install Windows Server 2003 WITHOUT activating it on the internet. It is a multi-license key usually given to system builders and the like. I think Microsoft is correct in stating that this will lead to more piracy since the key can be used on an "unlimited" amount of machines.
      • by ADRA ( 37398 )
        I wouldn't upgrade to SP1 if I were you nasty hacker pirates :-)
        • Re:A single key? (Score:4, Insightful)

          by evilviper ( 135110 ) on Tuesday April 08, 2003 @04:17AM (#5684724) Journal
          That's assuming this key isn't being legitimately used. If some OEM has been assigned this key, and has thousands of system installed with this key, Microsoft can't very well just disable systems using they key, can they?
          • Publicity stunt (Score:4, Insightful)

            by SgtChaireBourne ( 457691 ) on Tuesday April 08, 2003 @05:02AM (#5684833) Homepage
            Since the key is for the server, not the workstation, its release is not a big deal. Businesses eager to hand their IT budget to Microsoft will purchase the key anyway. Others would not waste resources playing with a toy that would set them up to be cleaned out by a lawsuit.

            But I can guess at two reasons why it comes just now:

            Perhaps this "leak" is to take attention away from new releases of excellent servers: OpenBSD 3.3 [openbsd.org], RedHat 9 [redhat.com] (even w/4 business hour response time), and Mandrake 9.1 [mandrakestore.com].

            Or perhaps it is to drum up sympathy in congress for new legislation [news.com.au] which could be used to mandate DRM in the U.S. This would hamstring the U.S. IT sector and many public institutions by taking money out of already tight budgets and sending it to Redmond in the form of forced purchases of new hardware and software.

      • Re:A single key? (Score:5, Insightful)

        by MortisUmbra ( 569191 ) on Tuesday April 08, 2003 @02:41AM (#5684424)
        Erm, no, because as the article ALSO states, the same case was tru for Windows XP, Corp. Vol. license keys were out before the retail package was!

        This is absolutely no different for the last....well....five Windows launches.

        There has ALWAYS been a key readily available even after WPA. And WPA has never been a problem. Sure SP1 blocked TWO popular keys but do you have any idea how many people have friends in IT depts. with access to keys?

        Me, my brother in law, my roomate, his brother, my brother, my brother in laws brother, his friend, my cousin, three of my other friends.

        ALL of us have access to different volume license keys.

        It's about as safely gaurded a number as you can get, short of plastering them on billboards and busses.
  • by rritterson ( 588983 ) on Tuesday April 08, 2003 @01:59AM (#5684227)
    Of course the key was going to be leaked- it was only a matter of time. It's the same way with all key based systems. Microsoft will still make just as much money as ever. (Keys were leaked all the time before product activation anyway) the poster spins this as though this is going to cause mass hysteria and pandemonium. What is meant by "closed source security"? An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.
    • by davebarz ( 546161 ) <david@@@barzelay...net> on Tuesday April 08, 2003 @02:06AM (#5684262) Homepage
      An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.

      Knowing the algorithm doesn't really help with any decent encryption since you also have to know any number of other keys in order to deencrypt the data. Of course, if you're still using "A=26,B=25,C=24..." encryption, then you may be on to something, there.
    • by BJH ( 11355 ) on Tuesday April 08, 2003 @02:07AM (#5684264)
      An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.

      Well, I've got this little free software program called ssh - perhaps you'd like to try and crack it.
      • by afidel ( 530433 ) on Tuesday April 08, 2003 @02:31AM (#5684380)
        SSH has been cracked quite a few times (especially SSH1, hence SSH2). Unless you really know what you are doing it's easy to make mistakes while doing cryptography, even the experts mess up once in a while, they're only human after all =)
      • Sure, just let me have the same amount of access to it as I have to Windows 2003 while installing it. Give me your key and access to your machine/network stream while you ssh out and I'll hand you the decrypted plaintext of your session.

        Of course this has little to do with the security of this particular authentication mechanism which simply looks up a secret key in a database of issued to see if it is valid and has enough licenses available. Volume licensing is always the problem in this case.

        Repeat afte
      • Okay, I'm seeing a lot of people reply to this post, but they're not making a whole bunch of sense. So in order to clarify things for people who replied, I thought I'd say a few things. First of all, BJH is talking about knowing the encryption mechanism in SSH to crack the communications. If I'm interpreting him correctly, he's saying that with the public key encryption mechanisms that SSH uses, it's not possible to crack the encryption, even if you know the public key and the mechanism (namely because
    • by dicka_j ( 544356 ) on Tuesday April 08, 2003 @02:14AM (#5684304) Homepage
      An open source security program would be exceptionally easy to bypass, I'd think, since you'd have direct access to any encryption mechanism used.

      I think you will find that most, if not all strong ecryption algorithms are in the public domain. The algorithm used should be strong enough that the key is required to decode the message, and the knowledge of the algorithm is next to useless.

      Do a goole search for say DES, and you will find various articles explaining the implementation of the algorithm, and tripple DES is about as strong as you can get nowdays.

      security through obscurity NOT effective security.
      • by Tim C ( 15259 ) on Tuesday April 08, 2003 @02:55AM (#5684471)
        I think the original poster's point was that with an open source product, one could simply remove the key checking stage entirely, rather than having to rely on acquiring a key.

        • by LordLucless ( 582312 ) on Tuesday April 08, 2003 @03:48AM (#5684639)
          In an open source product, they would, presumably, not need to foist key-codes, activation and other sorts of crud to try and control piracy.
        • I think you're right, but the fact is that one can simply remove the key checking stage entirely from a closed-source product too. It just takes knowledge of the assembly code for whatever CPU you're using, rather than a knowledge of a higher level language (most likely C or C++). So it's a bit harder, but it's obviously entirely possible - just witness all the cracked commercial software that's floating about. And "a bit harder" means nothing once one person has put the effort in to crack the software.
    • the poster spins this as though this is going to cause mass hysteria and pandemonium

      RTFA. C|Net spun it that way. The poster was simply quoting the article.
    • by dmeranda ( 120061 ) on Tuesday April 08, 2003 @04:02AM (#5684676) Homepage

      Security is only as strong as the weakest part, and I seriously doubt that's with the encryption algorithm here. Remember this system is not designed to protect your computer from outside threats (like SSH, etc), it is to protect the operating system from the user. The threat model and problem being solved are entirely different.

      Why attack the encryption algorithm directly? Instead reverse engineer and bypass the parts of the OS that invoke the license checks. Or fool the probes which try to determine your hardware signatures. "Borrow" a key. Or for that matter just be sure to run IIS, as it lets perfect strangers run any applications they want on your computer, it should just as easily let you use your own computer too without any security checks :-)

      I do have two important observations though:

      1. I suspect this is one of the reasons MS is pushing so hard for TCPA/Palladium or other Distrustful Restrictions Management (DRM, sic) in hardware. That would finally allow Windows to completely distrust the user with a vengeance, as well as a side effect of preventing other choices in OS (look at the X-Box as their prototype of a hardware-enforced monopoly).
      2. This is actually bad news for Open Source advocates as it widens the distribution and exposure of this product to people who otherwise may never intend or have the $$ to buy it anyway, futhering their illegal monopolistric grip on the modern world. I for one hate it when people pirate Windows or Office or even Windows Plus, that's one more person that doesn't "feel" the heavy price for using MS software and has no desire to look for other choices. Open Source people would love for more so-called piracy of their products! Perhaps GNU/Linux should require an activation key, maybe that would accelerate its adoption (I'm joking here).
      • Well, I think you forget one huge fact:

        Pirated copies are very important for the distribution of Microsoft products.

        There are of course ways to improve security - why still use such general keys? Look at e.g. Mathematica, they have far better protection mechanisms.

        I postulate that piracy is tolerated and helpful for Microsoft, they will never try to generally stop it. They have of course their ways to reduce piracy, especially by intimidation and bad conscience.

        The more the Microsoft monopoly grows, the
  • by miketang16 ( 585602 ) on Tuesday April 08, 2003 @02:02AM (#5684237) Journal
    The apparent owner of the 'leaked' key has disappeared today. Microsoft states there is absolutely no connection between the 2 events...
  • Big Freaking Deal (Score:5, Insightful)

    by Jah-Wren Ryel ( 80510 ) on Tuesday April 08, 2003 @02:02AM (#5684240)
    Anybody who needs to run this server edition of windows is going to pay for it and probably buy a support contract to boot. Joe Downloader who decides he wants to run Windows 2003 on his piddly two generation old machine just to show how cool he is would never ever pay for 2003 in the first place, he'd just stick with the XP Home edition that his machine came bundled with.

    Mountains out of Molehills, or should that be mothballs in the case of a microsoft losing market dominance?
    • by Soko ( 17987 )
      Your post implys, IMHO correctly, that no matter the steps taken to protect software against piracy, there will be piracy. However, there will emerge in the end a need to by software from a vendor in order to get support. Hmmmmm...

      Seems to me there's [redhat.com] a few [suse.com] companies [mandrakesoft.com] out [ximian.com] there [postgres.com] who do something very much like that. Seems we have the answer for Microsoft, don't we?

      • Too funny (Score:3, Insightful)

        by FredFnord ( 635797 )
        > Seems we have the answer for Microsoft, don't we?

        So your suggestion would be for MS to keep their source closed (they're going to anyway) and then give out the software, but sell the support?

        And this would encourage good, easy-to-use, easy-to-configure, bug-free software with a consistent interface, I bet, right?

  • by dtolton ( 162216 ) on Tuesday April 08, 2003 @02:04AM (#5684252) Homepage
    I typically try very hard to avoid the hard line stance that all
    software should be free, but I have to say I just don't feel very
    sympathetic to Microsoft. Just a quick glance at their financials
    make it abundantly clear how much they are gouging their customers.
    Last quarter they made just over 8 billion in revenue with just over
    2 billion in costs. The three quarters prior to that they pulled in
    just over 7 billion (per quarter) in revenue with a little under 1.5 billion in
    costs each quarter.

    If you compare that to other companies that are in the 20ish billion
    dollar per year range you will see a different story.

    I honestly find the whole argument that piracy has hurt them
    incredibly dubious. I read somewhere that MS-DOS was the most
    pirated software of all time. Does anyone have a link to that
    article? If that's true, piracy is definately a problem...I mean
    look what it did to Microsoft.
  • Oh no! (Score:4, Funny)

    by Stormie ( 708 ) on Tuesday April 08, 2003 @02:06AM (#5684261) Homepage
    Nobody has ever leaked a key or serial number [google.com] before!!! Thank god C|Net alerted us to this atrocity!!
  • by markov_chain ( 202465 ) on Tuesday April 08, 2003 @02:08AM (#5684269) Homepage
    1. Leak a copy of the upcoming OS on purpose, along with the installation key
    2. Wherever possible, fine users of pirated copies (BSA audits, people buy a license for their pirated copy, etc.)
    3. Profit!

  • Timing (Score:4, Interesting)

    by Mattygfunk1 ( 596840 ) on Tuesday April 08, 2003 @02:09AM (#5684275)
    The timing of this may actually _help_ them push their case for DRM. Could the leak have been deliberate?

    This reminds me of the "leaked" internal memo about security from Febuary last year.

    :) cheap web site hosting [cheap-web-...ing.com.au] :)

    • Ooh, yes. Could it have been deliberate? Let's indirectly acuse Microsoft of some wild-eyed conspiracy theory, because this is Slashdot, and companies routinely release cracks to their own software in order to push things on customers. Yes. This is helping the cause.
  • First Pirate Post! (Score:5, Informative)

    by teamhasnoi ( 554944 ) <teamhasnoi@ y a h o o . com> on Tuesday April 08, 2003 @02:11AM (#5684288) Homepage Journal
    YAR! Shiver me timber!! [google.com]

    Only a scurvy dog would run the likes of this barnacle cover OS, yar.

    • by Anonymous Coward on Tuesday April 08, 2003 @02:35AM (#5684399)

      pirate name generator [fidius.org]

      I used to work for a microsoft help desk that was supplied with the corporate software disks known at the time as "select", we used to get four or more copies of everything in every langauge Microsoft could be bothered with, and not a single thing required us to enter the licence keys in. They were "pre-installed".

      The weird thing? was that we were allowed to make "evaluation" copies of these disks and "support" copies of these disks to give to our clients and engineers. And these evaluation and support disks used to get "lost" as fast as we could issue them. And after long discussions with the local microsoft office, they said they were fine with the evaluation and support disks. Ie microsoft sanctioned piracy, in the interests of having more client sites and more technicians with the skills to support them. Ie most of us technicians couldn't afford to pay for microsoft software to install at home so we could learn it. In fact I think that Microsoft and my company had an agreement that said that we were allowed to install microsoft software at home so long as we worked for that company (a microsoft solution provider). I later used this technique to get around the useless recovery disks that some PCs come bundled with, so that you can only re-build your system by formatting the hard disk again...Blech.

      Funny how installing IBM mainframe software at home was never expected or required. We couldn't take that work home with us.
    • K4RBR is the new FCKGW.
  • by DJayC ( 595440 ) on Tuesday April 08, 2003 @02:12AM (#5684291)
    (From the article)
    Those copies of the software installed using the leaked code "won't be able to install future updates or service packs of access Windows Update," the spokeswoman said.

    "They're caught between a rock and a hard place," Cherry said.

    It's funny.. she's basically saying "Yes, they can install the retail version BUT they are screwed when all of our security holes and bugs are found." She seems to imply that if you don't update Win2k3 (note this is stated before it is even released!) you are going to have a junky product. Funny stuff.. only Microsoft.
  • by ejaw5 ( 570071 ) on Tuesday April 08, 2003 @02:14AM (#5684305)
    "Windows Key Leak threatens mass piracy"

    If I'm reading it correctly (2am w/o coffee) it seems that the subject of the sentence --Windows Key Leak-- is acting --threatens(threaten)-- on the predicate --mass piracy--.

    If MS is worried about piracy, shouldn't they leak *more* codes?
  • by Auriam ( 85155 ) on Tuesday April 08, 2003 @02:16AM (#5684309)
    Um, I guess no one here's heard of what MS did with XP SP1.. if you upgraded from XP, and were using a pirated corporate key, you were OK.. but if you tried to do a slipstreamed CD install (that is, with SP1 included on CD, a full install from that CD), you were SOL when you tried the old key. A Friend Of A Friend of mine had some trouble with that himself.. but luckily some smart person had apparently held back some of the corporate keys from wider release, fearing that this might happen, and released the new key as the SP1 key.

    Thus, a single keycode getting out isn't THAT much of a piracy threat - it can easily be patched. Now, a KEYGEN, on the other hand...
  • by BooMonster ( 110656 ) on Tuesday April 08, 2003 @02:19AM (#5684326)
    I still don't want it!
  • Here is logic (Score:3, Interesting)

    by ADRA ( 37398 ) on Tuesday April 08, 2003 @02:20AM (#5684331)
    "Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise. But the stolen codes show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves."

    So, out of all the pirating going on, do you think that even 1% of it is coming from enterprise customers? I seriously doubt it, and I am sure they do as well.

    I think its a "scape goat" tactic to justify expected poor returns on their newest sinking flag ship product.
  • by andih8u ( 639841 ) on Tuesday April 08, 2003 @02:22AM (#5684343)
    with any luck they will go ahead and block that key code from upgrading to SP1, therefor saving us from the pesky memory leak that SP1 is bound to cause.
  • The other foot (Score:5, Insightful)

    by meta-monkey ( 321000 ) on Tuesday April 08, 2003 @02:30AM (#5684376) Journal
    At first, when I saw this, I chuckled. Then, I thought about all the times I've seen stories on /. about some company using GPL'ed code in their closed-source product. That pisses me off. Microsoft has decided that, if you want to use their software, you need to abide by their license agreement, which includes the stipulation that you pay for their software. If you don't want to pay for their code, then don't use their software. Myself, I'm a Linux and Mac user. I obviously don't pay for Linux, and I gladly pay for OS X when I buy a Mac from Apple. Power of choice, people, but you can't have it both ways. Either respect other people's licenses, or don't be surprised when they don't respect yours.
    • Re:The other foot (Score:4, Interesting)

      by WasterDave ( 20047 ) <davep@@@zedkep...com> on Tuesday April 08, 2003 @04:11AM (#5684703)
      Yeah, I'm with you on that one, and it's one of the rare occasions where I'm with Microsoft too. If you're going to use Windows, pay. If you're going to use Windows servers, pay more. And if you use Windows (particularly for business) and think you don't need to pay, you should get your arse kicked.

      The more people who are forced to pay, through the nose, for this shit.... the more we will see both a proliferation of open source AND a return to an active and competitive closed source software industry.

    • Re:The other foot (Score:3, Insightful)

      by egjertse ( 197141 )
      At first, when I saw this, I chuckled. Then, I thought about all the times I've seen stories on /. about some company using GPL'ed code in their closed-source product.
      Either respect other people's licenses, or don't be surprised when they don't respect yours.

      Hmm, I'm not sure what you're trying to say here, but if you mean that it's OK for Microsoft to steal GPL'ed code because some kids are pirating windows, I have to disagree. Speaking from my own experience, piracy is not really an issue, exc

  • by epsalon ( 518482 ) <slash@alon.wox.org> on Tuesday April 08, 2003 @02:30AM (#5684377) Homepage Journal
    One thing missing - what's the key?
  • by no_mayl ( 659427 ) on Tuesday April 08, 2003 @02:38AM (#5684409)
    They could have used a timed key (valid only for a couple of weeks). All the machines in that company that leaked the key would have had to be installed (no user prompting, but still requiring internet connection) within the timeout period. If somebody stole the timed key, and re-adjusted their computer time just to get by the install, it would fail, as the computer would still need to connect to a MS-owned server with its own notion of time.
    For something this easy (other companies like Symantec provide timed keys) not to be implemented can only be a sign of deliberate action.
    "I'll give out (oops! I meant leak out) this free OS. Once people get used to it, then I'll charge a huge amount for all these other softwares and services. And I'll give major parties (i.e. sueable) a chance to get back on the right track by purchasing a valid license."
  • by unborracho ( 108756 ) <ken@sykora.gmail@com> on Tuesday April 08, 2003 @02:46AM (#5684443) Homepage
    uhm... hi. My name is _________ and I'VE NEVER PURCHASED A COPY OF WINDOWS IN MY LIFE!

    let's see here...

    Windows 98, got key from a friend
    Windows 98 SE, got key from a friend
    Windows ME, got key from a friend, uninstalled the next day
    Windows 2000, found a key on an altalavista search
    Windows 2000 Server, "borrowed" a key from work
    Windows XP Pro, hello mr. corporate no-registration key

    Don't get me started on other microsoft products. Office XP has its own registration work-arounds as well.

    I'm just surprised this made it to a /. story. Most anyone in this community would know where to go to get a windows key if they needed one.

    I would think this would be expected for any and all releases of software microsoft puts out. Hell, we can get software from my school for so dirt cheap, ($30 for Windows XP Pro) they might as well give it away for free.
  • by AvengerXP ( 660081 ) <jeanfrancois...beaulieu@@@mckesson...ca> on Tuesday April 08, 2003 @03:24AM (#5684566)
    Each pirated version of Windows running is one less copy of Linux or other variant OSes running. In order of their preferences, 1) Legit MS 2) Pirated MS 3) Alternative OS So they almost approve piracy.
  • by ites ( 600337 ) on Tuesday April 08, 2003 @03:33AM (#5684597) Journal
    By Microsoft as a way of getting Win2003 Server onto lots of systems that would otherwise run Linux. "Oh, dear, we've lost our key!" One has to wonder why a product like this even needs a master key. Surely system-builders and so-on can use product activation like anyone else: even if they can use the same key multiple times, nothing says they cannot activate it on-line.
    Oh those damn pirates, now we will have to crack down even harder on all those people still using bootleg copies of Office 97!!!
  • by Zakabog ( 603757 ) <john@jma u g . com> on Tuesday April 08, 2003 @04:01AM (#5684674)
    Stolen codes are often traded with the Microsoft software, typically on Web sites, newsgroups or Internet Chat Relay (IRC).

    That's from the news.com article, it's good to know that sites other than slashdot have lazy editors.
  • by stevenp ( 610846 ) on Tuesday April 08, 2003 @04:17AM (#5684721)
    >> The leaked key codes cast an unexpected shadow over the launch of Windows Server 2003 later this month. Microsoft is banking on the thrice-delayed operating system to increase its penetration into the enterprise. But the stolen codes show the difficulty the company faces in protecting its valuable intellectual property and potential sales from thieves.

    Microsoft tactics again, nothing else. They currently need to enter the server market and push Linux out of there. So they will try with all means to increase the instaled base of the WinServer 2003 - it doesn't matter with or without licence. Later they will come with BSA and collect the fees, no doubt. The current statement has a double purpose - first to show to the world how much Microsoft is losing on piracy and second to inform the people that they can install Server 2003 without paying. The first one is typical Microsoft FUD - "We are weak, pirates rob us constantly", this will help them also in the monopoly trial. The second one says generally "Hey there is a key on the wild, just get it and install WinServer if you need it"
    Are the MS executives stupid enough to beleive that a sysadmin that has received a key for installing a bunch of WinServer-s 2003 will not leak it on the Internet? No, they are smarter than anyone else when it comes to money, just the target is different - to get a maximum number of installations, become monopoly on the server market, and then ... fire-up BSA, colect the missing licences, charge as much as they want for new installation and so on.
    The same story is repeating again and again, they can not give WinServer 2003 for free (like InternetExplorer) because the DoJ will nail them immediately, thay can only play the "illegal but free" game and hope that the sysadmins will byte - and may will, especially in the poorer contries. So I beleave the fixed keys are built into the code exactly with the purpose to allow the "widespread piracy". Why does WinXP does not have such fixed keys? MS officials may say "Because it is a client OS, it is not installed in volumes". Bzzzzt - wrong, the clients are usually installed in volumes, the servers are usually 1 to 10 compared to the clients. The answer is because MS has already monopoly on the client side, they do not need new installations, they need money for the existing ones. The server market is different, MS needs "piracy" in order to become the de-facto standard on the server.
  • by frovingslosh ( 582462 ) on Tuesday April 08, 2003 @04:51AM (#5684810)
    Windows Key Leak Threatens Mass Piracy

    That's silly. My piracy isn't threatened by this leak. In fact, if I were to guess, I would think this leak will increase piracy, not threaten it.

  • by Harry8 ( 664596 ) on Tuesday April 08, 2003 @05:02AM (#5684831)
    Posts here seem to suggest that everybody who knows what a keyboard is, can find a Key using nowt but a search engine. So who benefits from the publicity?
    Software pirates? They already knew.
    People who don't like Microsoft? Good for a laugh for about half a second, I guess...
    Microsoft? More people with experience using their servers? Right now if you're a poor student you're likely to know a thing or two about Linux server configuration, especially since you can do it with a box you bought for $20. Or BSD...
    Microsoft again? Hey, a media storm for the ingnorant to support this Pallid Big Brother nonsense? Or is that too cynnical..?
    No more security patches for Fully paid up NT licences. Hmmm...
    You pays your money, and you takes your choice...
    apt-get lacks the option "stuffed" It's a feature.

    I don't hate them, the sheer speed at which really useful application can be developped in Excel VBA is a breakthrough. (XL97 is just fine, upgrade? Why?) But then Excel has all those unstable algorithms in their stats functions that everybody has known about for years and years...

    I've been given X, Gnome & KDE. Now Give me VBA in OOo, Gnumeric or Kspread, & I'll give you Linux, Undisputed king of the office desktop.
  • by GeneralEmergency ( 240687 ) on Tuesday April 08, 2003 @05:41AM (#5684907) Journal

    After spending several hours looking over this latest release from the 'Redmondian Army of Doom', I have mixed feelings about this key as a whole but I still find myself strangely attracted to a few of it's verses. It is as if parts of it were composed by choruses of lilting angels while other parts we're slapped together with the premediation of a four year old making mud pies. Lets take a look at this new key... verse, by haunting verse, shall we?

    What a stunning beginning! Almost symetrical, yet still off balance even with the repeating C's and 4's. The 2 was a discordant shocker at first, but the more I read over it, the more I found that it acted as a 'front porch', if you will, for the firmly concluding 4.

    This is that "Mud Pie" verse that I alluded to earlier. After such a strong beginning with "C4C24", "QDY9P" is a total dissapointment. I think the problem here is the 9. The "QDY phrase is an intriguing start to this verse but the 9 just throws away any semblance of order.

    This is without a doubt, the most playful and funky verse in the key. The central "QJ4" is a sassy and taunting invocation of some well known classical themes which takes on a whole different tone when sandwiched between the "G" and the slightly naughty "F".

    Probably the most memorable verse in this work, I kept humming "2DB", "2DB", "2DB", "2DB" to myself all afternoon. This cadence was a welcome change of pace and helped move this key back in the right direction toward the finale.

    What a triumph! This final verse had me on the edge of my seat in anticipation as each new character played on the preceeding ones with a curious mixture of both lust and fury. The "PFQ" opening is both sensual and vulgar at once, but when blended into a "Q9W" clarion call, the effect is awsome and should stand as one of the great Windows Key verses of all time.

  • by nachoboy ( 107025 ) on Tuesday April 08, 2003 @05:55AM (#5684931)
    In the land before time, or rather, the world of software before Windows XP, Microsoft OS's didn't require activation, but they did require CD Keys. Mostly this was a fiasco as ANY legitimate cd key could be used ANY number of times for that version of the software. Many will remember the NT4 days and the ever-popular 111-1111111. Microsoft got smarter for Windows 2000, but not by much. The not-so-easily-forged 25 character cd key introduced with Windows 98 was used, which at the very least prevented people from making up cd keys. However, it was soon discovered that with a simple change of no more than TWO characters to an easily-editable text file, the cd key requirement could be eliminated! Toss those keys away! This one made it super convenient to install Windows, and the piracy raged on. This hole is still wide open, even with the latest service pack.

    Microsoft did start wising up, however. Summer of 1999 saw the first ever "activation" efforts implemented in Microsoft Office 2000 in certain markets, notably US education, Australia, and New Zealand. This was a successful pilot program and with the release of Office 2000 SR-1 in summer of 2000, all retail versions of Office 2000 incorporated this technology (known back then as "registration.") This, too, however, was quite simple to defeat using a corporate install feature normally reserved for large-scale deployments.

    The release of Windows XP saw another big step forward for Microsoft's anti-productivity tools (excuse me, "anti-piracy efforts"). Same 25-character cd keys, but you have to "check in" with Microsoft to verify you haven't handed the key out to 25 of your closest friends. Windows XP activation is actually quite a bit more lenient than most people realize... you can change a significant amount of hardware and not be forced to reactivate, and the biggest secret is that if you don't check in with MS Activation servers for a period of 4 months, they'll wipe your history clean and you can activate anew with ANY hardware configuration. Enough room for even the heaviest geek to make all the changes he wants.

    Once again, however, product activation was easily defeated. It wasn't long (well before the retail release for that matter) before someone got ahold of a corporate copy (no activation required) and let it loose on the net. The biggest change with Windows XP was that the difference between retail and corporate versions was a whopping 10 files, including one that was almost 13 MB. Not so easy to make your retail copy activation-free, but it can be done. The ramifications were clear: there was to be no more swapping of retail and corporate keys. It was too easy for Joe User to find a few characters on the net and defeat all the anti-piracy efforts MS had spent months developing.

    And here's where we connect with the article. First of all, cd keys to install Windows Server 2003 have been out since before it was originally posted on MSDN (which, by Microsoft's own admitting, was less than 4 hours after RTM). The problem was, all those cd keys were from retail distributions which required activation. Yes, a "reset" patch was quickly coded which virtually made the activation requirement non-existent, but these things have been known to have been "corrected" in service packs. The public was clamoring for a "corp" release, which would eliminate the activation altogether. Insiders had access to the corporate release but it was worthless without a key... a key somebody was probably going to lose their job for if they divulged it. Almost a week went by, and then early yesterday morning, a key was located and the corporate release has been forthcoming. This wasn't the first key and it's not the only key, but it is special in that it is the first "volume license," or "corporate" key to be released.

    The article fails to mention that the key MUST be matched with a corporate release. Once again, the unique files from retail and corporate editions are about 13 MB, but those files can be found on the web in
  • by Anita Coney ( 648748 ) on Tuesday April 08, 2003 @09:29AM (#5685568) Homepage
    Microsoft keeps arguing that the purpose of Product Activation is to stop piracy. That's ludicrous:

    First, weeks before XP was released there was the infamous leaked corporate copy of XP readily available for download in convenient ISO format.

    Second, Microsoft stated that anyone using the leaked version of XP would not be able to update to SP1. However, a week before SP1 was released tweaktown.com had figured out and posted a way around it.

    Third, now the exact same thing is happening to Windows Server 2003.

    Exactly how did Product Activation stop piracy? It didn't. What does it stop? It stops what I call sharing. That's when a friend uses his copy of Windows to upgrade a friend's computer. That is what Product Activation has stopped and nothing more. (I'm not saying that sharing is OK, but it's hardly piracy!)

    Maybe Product Activation is also Microsoft's attempt to get the average person used to paying for upgrades. Maybe it is a step in the direction of Palladium, i.e., getting the average person used to the idea that Microsoft controls their PC, and not the other way around. It could be a lot of things, but it is clearly NOT intended to stop real piracy.

A computer without COBOL and Fortran is like a piece of chocolate cake without ketchup and mustard.