Hacks of the week
Hack into a Windows PC – no password needed
A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.
Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.
Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could "unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command".
It’s official: Pirates crack Vista at last
A genuine crack for Windows Vista has just been released by pirate group Pantheon, which allows a pirated, non-activated installation of Vista (Home Basic/Premium and Ultimate) to be properly activated and made fully-operational.
Unlike cracks which have been floating around since Vista RTM was released in late November, this crack doesn’t simply get around product activation with beta activation files or timestop cracks – it actually makes use of the activation process. It seems that Microsoft has allowed large OEMs like ASUS to ship their products with a pre-installed version of Vista that doesn’t require product activation – apparently because end users would find it too inconvenient.
This version of Vista uses System-Locked Pre-Installation 2.0 (SLP 2.0). It allows the “Royalty OEMs” to embed specific licensing information into the operating system which Vista can activate without having to go back to Microsoft for verification. The licensing components include the OEM’s hardware-embedded BIOS ACPI_SLIC (which has been signed by Microsoft), an XML certificate file which corresponds to this ACPI_SLIC and a specific OEM product key.
Pantheon released a bundle which includes the certificate files from ASUS, Dell, HP and Lenovo along with OEM product keys for Vista Home Basic, Home Premium and Ultimate, and an emulator which allows the BIOS ACPI_SLIC driver for any manufacturer to be installed without requiring the system to be physically running that hardware. For example, you can install the ASUS certificate information on any machine, not just an ASUS.