Earlier this year, Microsoft and Lenovo teamed up to tackle the first Windows 7 activation workaround. It was based upon a leaked OEM volume activation key, and was neutralized fairly quickly.

Things have been fairly quiet for a while. Microsoft's anti-piracy team had cooked up WAT - Windows Activation Technology - in hopes that it would prove more successful at thwarting unlicensed Windows use than its predecessor WGA. And so began the latest round of cat-and-mouse with pirates. "You've got a better activation system? We'll build a better crack," is how the game usually plays out.

It should come as no surprise, then, that there are two new activation bypass tools spreading like wildfire on the Internet. Called RemoveWAT and ChewWGA, the apps provide one-click patching of Windows 7 RTM installations.

Microsoft, of course, has promised a speedy response. Still, once a system is patched and a user shuts off Windows Update, there's really not much Microsoft can do - or is there? Maybe they know something we don't.

[via CNet]

First you got your hands on a leaked copy of the Windows 7 RTM. Bad idea, says Microsoft.

Then you tracked down 7loader, which took advantage of a leaked Lenovo product key. We know it's out there, came the nonchalant reply from Redmond.

And now, thanks to a cooperative effort, the workaround has already been defeated. The official blog post touts improvements in Windows 7, which "already includes an improved ability to detect hacks, also known as activation exploits, and alert customers who are using a pirated copy." The post continues, stating that no systems will ever be sold using the particular OEM key that was utilized by the exploit.

So what's Microsoft's real goal here? "Our objective isn't to stop every "mad scientist" that's out there from dabbling; our aim is to protect our customers from commercialized counterfeit software that impacts our customers' confidence in knowing they got what they paid for."

Sure...There's absolutely no reason it would have anything to do with crippling the biggest Windows competitor on the market - pirated copies of Windows.

Getting your hands on the WIndows 7 RTM build isn't really that hard at this point. It's all over torrent trackers and other file sharing networks (including the meatspace "can you burn me a copy" network).

That's only step one, of course. Without a valid key to activate your copy, you're dead in the water eventually.

However, just as it happened with Windows Vista, there's already been a Windows 7 crack created utilizing a major OEM's volume license pre-activation key. Instead of Dell, this time the key in question belongs to Lenovo. The key and OEM certificate were simply extracted from the Windows 7 Ultimate .wim files.

Reports from various other sites and forums indicate that the crack will only work for Windows 7 Ultimate, though both 32 and 64 bit versions can be cracked. What about Genuine Advantage? Passed with flying colors. That doesn't mean Microsoft will never sort this out, but I have my doubts - it was never blocked with Vista.

We're not linking to the actual crack or any of the proof-of-concept posts, of course, so don't ask. If you're already running the RTM, you'll be able to figure things out for yourself anyway.

[via Softpedia]

Despite proud boasts that Vista was the most hack-proof version of Windows to date, Microsoft Senior Product Manager Alex Kochis has written on a developers' blog that Microsoft has recognized two ways that hackers have cracked Vista's product activation.

Basically the hacks affect OEM copies of Vista that are meant to run on a specific piece of hardware. The first hack changes some code in a computer's BIOS to make Vista think it's installed on the correct PC. The other hack does something similar, but with software.

Basically, Kochis says Windows XP was vulnerable to the same sort of hack, but Microsoft never paid much attention because there were far easier ways to obtain a bootleg copy of Windows XP.

And it turns out Microsoft isn't going to place much priority on combating this hack now either. Since it's a relatively tricky and dangerous way to get an illegal copy of Vista running, the company figures most users won't try modifying their BIOS. Microsoft will instead focus on "organized counterfeiters and protect users from becoming unknowing victims."

[via CNet]

Ever wonder how secure your passwords are? Odds are the answer is not very secure at all.

One Man's Blog has an article showing just how easy it is to crack most passwords. And since the vast majority of users use the same password for everything from their email to their bank accounts, all you really need to do is find one password. And with some passwords, that can take less than a second. The chart above shows just how long it would take the average cracker to uncover your password using a brute force password generator.

Of course, all hope is not lost. Here are few basic tips toward a more secure existence:

1. Don't make your password a person's name or any word in the dictionary.
2. Don't use your birthday, social security number, or sequential numbers like 1234 (did we really have to tell you this one?)
3. Do use longer passwords (7 or more characters if you can).
4. Do use a combination of letters, numbers, and symbols.
5. Do make your passwords case sensitive and mix up the uppercase and lowercase letters.
6. Substitute letters for numbers. For example "D0wnl04d Squ4d" would take a lot longer to find than "download squad."
7. Do use a different password for every site you visit.

That last one's a killer. You'll either want a good program to keep track of your passwords, or at the very least make sure that you use a different password for your bank account than you use for online photo sharing sites.
[via lifehacker]

The author of the program that allegedly generates activation keys for Windows Vista (if you let it run long enough) is back. And now he says the key generator "is a joke, I never intended for it to work."

Further, he never actually got the program to work himself, and he says anyone who claims they have is either mistaken or lying.

Here's the thing. In theory, the brute force kegyen could work. It basically generates random combinations of 25 characters. Sooner or later, it's bound to come up with a valid product key. But while initial reports suggested that you could get a few keys by running the program for a few hours, there's little evidence that anyone has succeeded yet.

Of course, you can still extend your Windows Vista trial period from 30 to 120 days and run Vista for 4 months before purchasing an activation key.

[via Slashdot]

Mega-events are high-security animals. When something like the Super Bowl goes on in a city, everyone from the local Sheriff to the FBI and Homeland Security are involved in keeping the visitors and fans safe from any real or perceived threat imaginable but, the digital world isn't quite as safe. Someone forgot to lock up the website belonging to Dolphin Stadium, this year's Superbowl host. Websense warns in a threat alert, "A link to a malicious javascript file has been inserted into the header of the front page of the [Dolphin Stadium] site. Visitors to the site execute the script, which attempts to exploit two [recent Windows] vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file."

What a reminder that exactly this type of site presents a disproportionate security threat. When a site that has a relatively low volume of traffic on average becomes host to a large swarm of users, it also drastically increases its threat profile. Translation: You might as well paint a target on the side and hand out boxes of bullets.

ZDnet adds that the official Dolphin Stadium website has been cleared of the exploit but also cautions that a site with a simillar name was targeted and hasn't been fixed or taken offline.

Ever had a PDF document that you needed to read, but was protected by a pesky password? Digital Inspiration has you covered. Now none of us endorse breaking passwords in ways that violate copyrights and so on, DI posits a plausible scenario: "Say one of your former colleague created some critical sales reports in PDF format but he is not working with the company anymore. In his absence, you have no option but to crack the PDF password in order to open, read or print these PDF files." Ah, yes, the good old departed, paranoid colleague. The guide covers how to copy or print PDFs that restrict such activities and how to use password recovery tools to ferret out that password--just hope your colleague used a simple password or it's bound to take awhile.

I know it is incredibly difficult to crack DRM in some cases. Now that DVD Jon has cracked the iPod, but it doesn't matter to me that much. Many times a poorly executed DRM system can be bypassed with almost no effort, but some of the well-coded ones can be hard (i.e. the iPod and iTunes "FairPlay" DRM). It is isn't that I don't appreciate the effort of it, but I really don't see the point of it. Is it really going to help the music sharing problem go away, is it going to stop all the lawsuits by the RIAA? I know that many iTunes fans will download the crack and use it, what are the chances that anyone will get caught using it right? I feel like this is just another trip around the circus ring. I still maintain that the music problem (meaning DRM, sharing, digital rights) is not any better. I don't care who cracks what anymore. Call me obscenely critical, but come on, when is the bouncing-fairy dance going to end? The issue hasn't improved for either side in my not-so-humble opinion. What do you think? Are you sick of hearing about DRM, sick of having to do all kinds of dumb things, jumping through hoops to be to use your music, when clearly record companies are clinging to a dying business model with their dollar-clenched fists? I want problem resolution, I want results, and I want to see real change in the industry. Are there reasons why the cracking and repatching and recracking of DRM and its minions is a good thing that will drive change and usher in the new world of music downloading utopia? If you have a good reason that cracking is a good thing in this case, please let me know, but right now I just don't see it.

Last week I reported on MusicForMasses, a new program from questionable Russian online music retailer AllOfMP3 that lets you download and listen to every song in their expansive library for free, provide you use their very limited Windows player that requires a net connection. Well, as I predicted in that post, it didn't take long for someone to figure out how to get around MusicForMasses' DRM. The cheekily-named MusicForMe is a program that strips out whatever protections AllOfMP3 is using on its free MP3s and turns them into plain old MP3 files that you can play in the player of your choice. Now, given that AllOfMP3 is of questionable legality in the first place, using MusicForMe is undoubtedly all kinds of illegal, not to mention of entirely unknown origin and infested with who knows what, so under no circumstances do I recommend that you download it from this link. I did try it out myself, though--in the name of science, of course--and it seems to have worked flawlessly. One caveat is that the resulting files have names like "00E117A8.mp3," but their ID3 tags are intact and accurate, so an MP3-renaming program should make short work of them. Seriously, though, MusicForMe is probably totally illegal and possibly dangerous, so use it at your own, not insignificant, risk.

[Thanks, Josh!]

Update: As a number of readers have point out, the original download link is busted. The author has released an updated version of MusicForMe, which includes the MusicForMasses program. Reader Josh says that this program does the same thing as MusicForMe, but works better. I haven't tested either program, much less screened them for viruses, so as always use at your own risk and don't blame me if things go south.

Critics of online music stores like the new Napster and Yahoo! Music Unlimited say by giving them you're money you're really just renting your music, since if you stop paying their fees, you lost the ability to listen to the tracks you've downloaded. But if the makers of FairUse4M have anything to say about it, that's no longer the case. Engadget has the scoop on this new, probably-illegal program for Windows that strips the DRM from Windows Media 10 and 11 files, allowing you to play those Napster tracks indefinitely, even after you've canceled your subscription. Engadget's Ryan Block says, "we can verify with all certainty that yes, Windows Media DRM can now be easily and quickly stripped from PlaysForSure media services," but it didn't work on their Vongo videos or Windows Media 9 DRMed files. This is a pretty big deal for Microsoft, which has busily been ensuring record companies for years that PlaysForSure is the best way to protect their content. For awhile software has been available that strips the DRM from music purchased from Apple's iTunes Music Store--the difference is, one had to pay for each of those tracks in the first place, whereas with Windows Media-based subscription stores, one could buy a one-month subscription and potentially unlock tens of thousands of files for the price of a single CD (or for free, if one takes advantage of a free trial period). Yow.

Locked out of Windows? Try Ophcrack. It's a Windows password cracker that claims to be able to crack 99.9% of alphanumeric passwords in seconds. Ophcrack is available for Windows and Linux, and the Linux version comes in a handy bootable LiveCD version for when you don't have access to any account. It's also open source software, so you can get cracking for free.

[Via Digg]