I know this doesn't answer your question, and I hope someone gives this list
the answer you want, but bear with me.

As we all know, naughty students can get a working CDKEY from any number of
websites in a matter of minutes.

In my mind, the idea of securing your CDKEY is like keeping the key to your
house on a string around your neck so nobody can steal it from you. If you
have another key under the door mat, nobody needs the one safely hanging
from your neck.

BRYAN

----- Original Message -----
From: "Juan M. Courcoul" <courcoulcampus.qro.itesm.mx>
To: "Vuln-Dev" <VULN-DEVSECURITYFOCUS.COM>
Sent: Monday, June 25, 2001 1:28 PM
Subject: Recovering the activation key from a Win2K installation

> Please bear with me, as I only pretend to have a limited knowledge of
> Windows internals enough to survive its use.
>
> A discussion arose as to the security of Windows 2000's activation key,
> aka the CD or Product Key. A colleague who handles Win2K installations
> insisted that once you have keyed in the 29-character string and
> activated the OS during a full new install, it is unrecoverable and
> hence safe to install in student labs, etc., without the risk of
> compromising the corporate license. She went so far as to claim that
> even a user with Administrator privileges couldn't get it back.
>
> My gut feeling is that this is bull and constitutes a prime example of
> "assumed security thru ignorance".
>
> Would you kind Windows gurus please tell me who's got it right this time ?
>
> J. Courcoul

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]