Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Bryan Allerdice (bryanprofessionalhacker.com)
Date: Tue Jun 26 2001 - 09:34:40 CDT
I know this doesn't answer your question, and I hope someone gives this list
the answer you want, but bear with me.
As we all know, naughty students can get a working CDKEY from any number of
websites in a matter of minutes.
In my mind, the idea of securing your CDKEY is like keeping the key to your
house on a string around your neck so nobody can steal it from you. If you
have another key under the door mat, nobody needs the one safely hanging
from your neck.
----- Original Message -----
From: "Juan M. Courcoul" <courcoulcampus.qro.itesm.mx>
To: "Vuln-Dev" <VULN-DEVSECURITYFOCUS.COM>
Sent: Monday, June 25, 2001 1:28 PM
Subject: Recovering the activation key from a Win2K installation
> Please bear with me, as I only pretend to have a limited knowledge of
> Windows internals enough to survive its use.
> A discussion arose as to the security of Windows 2000's activation key,
> aka the CD or Product Key. A colleague who handles Win2K installations
> insisted that once you have keyed in the 29-character string and
> activated the OS during a full new install, it is unrecoverable and
> hence safe to install in student labs, etc., without the risk of
> compromising the corporate license. She went so far as to claim that
> even a user with Administrator privileges couldn't get it back.
> My gut feeling is that this is bull and constitutes a prime example of
> "assumed security thru ignorance".
> Would you kind Windows gurus please tell me who's got it right this time ?
> J. Courcoul