- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jul 12, 2001 (Vol. 6, #51 - Issue #286)
WPA Details Revealed
  This issue of W2Knews™ contains:
    • WPA Details Revealed
    • WPA Details Revealed
    • New at EU Tech.Ed: Windows.NET Advanced Server
    • MS Ultimatum: Upgrade to XP by October -- Or Else
    • Warriors Of The Net
    • Where To Discuss Exchange Problems?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • CRYPTO: How the Code Rebels Beat The Government
  SPONSOR: Migrating to Windows 2000
Migrating to Windows® 2000? Just tune in to Win2TV.
The new segment of this fast-paced, informative show offers
a wealth of information and advice from unbiased industry
experts. You?ll also get the latest news and updates,
fascinating features on innovative applications, and a chance
to register to win a new Compaq iPAQ desktop computer.

Your migration to Windows 2000 starts at Win2TV. Watch it now!
Visit Migrating to Windows 2000 for more information.


WPA Details Revealed

Quite a few people asked me what impact the latest decision in the MS court case would have. Well, in my humble opinion, it's going to be business as usual although somewhat influenced by the current economic weather. In short, MS is going to put the screws in regarding its license enforcement, push WXP like mad, continue to include features (like Instant Messaging) in the OS, and goes on developing their products at the same pace. They will continue to expand in new markets and be unapologetic about it. Only thing they may be a bit more careful about is avoiding the perception they use their monopoly power too much. Basically, this is what I have been saying all these last years. This thing is going to drag on through the courts for quite a while to come.

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

SecureIIS protects Microsoft IIS Web servers from known and unknown
It wraps around IIS and works within it, verifying and
analyzing incoming and outgoing Web server data for any possible
security breaches. SecureIIS combines the best features of Intrusion
Detection Systems and Conventional Network Firewalls all into one,
with very low overhead. Cost? Just $495. Download your eval copy here:
Visit PROTECT YOUR IIS-BASED WEBSERVERS for more information.

WPA Details Revealed

I have talked about this in several earlier issues. The new Product Activation feature (WPA) in Windows XP is a hot topic but MS has been not really forthcoming with how they are doing it, for obvious reasons. However a few techies in Berlin have taken the time to reverse engineer the whole WPA scheme and made it public. (This in itself is not illegal by the way, despite what you might think).

Our Sunbelt Chief Web Developer, has gone through the whole thing and from a tech/programmer's point of view, it's all valid and makes sense. The link to the German site was posted on slashdot.org.

I went over the German site (link below) and they have an FAQ: I pulled two questions that seem to catch the crux of the matter:

"5. Why did you release details on Windows Product Activation?

We felt that there is a need for facts in the debate about Windows Product Activation. Many people suspected that WPA could be abused to spy on end-users. Our paper, however, shows that insensitive information is transmitted during product activation. From this, it can be seen that the facts that we provide really are a necessary contribution to the ongoing discussion about WPA.

We think that license enforcement mechanisms will be an important part of the future of software distribution via the Internet. Thus, we do think that public discussion of technology of this kind must be free from bias and it must be based on facts and openness.

We hope that the information that we provide positively affects the current debate. The debate is necessary, but it should be based on facts and full disclosure of information relevant to the privacy question.

"6. Do you know how to circumvent Windows Product Activation?

No. We provide insight into which information is transmitted to Microsoft during activation. Our paper is important to help people understand the impact of WPA on their work and their privacy. We do not believe that our paper helps in any way to circumvent the license enforcement provided by WPA".
--end quote--

Now, of course they have to say that. I'm assuming their lawyer told them that this would be the most prudent way to go. But there is a lot of stuff on that site, like the complete technical explanation, and a command line utility suitable for verifying the presented information called XPDec, that implements the algorithms presented in their paper.

They even provide the source code of it, but they have removed an important cryptographic key from the XPDec source code. That means the source code if you recompile it will not get you a functioning executable. But some one already posted that key on slashdot.org. The XPDec executable on the German website contains the key and will work.

It boils down to the fact you can download the source code to learn about the inner workings of WPA, and can use their compiled code to experiment with your installation of Windows XP. Or, if you are a programmer, recompile the source with the 'secret' key. Now, it has happened three times in so many weeks that when we publish a site in W2Knews, the traffic increase pretty much killed that site. So, if this link does not work, it's not our fault. Please try later?


New at EU Tech.Ed: Windows.NET Advanced Server

As always, MS wants us to use their latest and greatest versions. They decided to use Tech-Ed in Barcelona, Spain to come out with an early version of Advanced Server version of Windows.NET. (Remember, this is the big brother of WindowsXP). They just came out with a pre-release that they will sell with a special name: Advanced Server LE (Limited Edition). And it might even be called "WXP AS LE". Dang, things get confusing.

If you buy it, you get 90 days worth of full support after it gets released to manufacturing, and a free upgrade to the final gold version. MS is not screaming this from the rooftops, but the docs you can get at the Tech.Ed MS-Booth show it's clear. Looks like this limited edition is really RC1 that MS pushed out the door last week, and it build 2505 in the 64-bit version. So, when was that Itanium box going to arrive again? WXP AS LE is only going out via OEM's, so you'll have to be real nice to your hardware vendor and ask them to preinstall it on your new Itanium.

MS Ultimatum: Upgrade to XP by October -- Or Else

David Coursey @ the ZDnet AnchorDesk wrote this article that I thought was summarizing the issue nicely: I'm quoting the first three paragraphs, but if you are interested in the rest you need to click on the link below which will show you the complete article:

"Wouldn't it be great if you could get all your big customers to make their next two years' worth purchases all before October 1 --and still give you more money over the coming two years? That's exactly what Microsoft is doing, and short of customer revolt or federal action, they will probably get away with it.

"Microsoft is giving its corporate volume buyers this choice: Get "current" by October 1 or pay full price the next time you need new software (with no upgrade discount).

"HERE'S THE KICKER: Microsoft is defining "current" as a computer running either Windows 2000 or with an agreement to purchase Windows XP. These computers must also be running Office XP, which has only been released to volume buyers for about three weeks.
-- end quote ---
The rest is here


Warriors Of The Net

If you have been asking yourself what actually goes on when a TCP/IP session takes place, or if you are a visual person (like me) that needs to SEE what they study, this may come in handy. It takes a bit to download, but this movie explains how packets are finding their way around the Net. It's a fairly large download, but the rendering is done really well. It was made by a few Swedish techies for Telephone company personel that needed to get their wits wrapped around the Net.

Where To Discuss Exchange Problems?

You may not be aware that Sunbelt Software sponsors several forums, free. One of these is the Exchange List. More than 3,000 subscribers discuss configuration, migration, management and bug related issues on a daily basis. This is a high volume list. 100 messages per day is normal. You can choose to get them all in real-time, or once a day in a digest format. Subscribe to the Exchange List here:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Good article about the next generation Internet, and technologies used
  • Microsoft inked deal with Verisign to use its digital certs for .NET
  • WXP will use and support IPv6: solution for IP address shortage

    CRYPTO: How the Code Rebels Beat The Government

    If the National Security Agency (NSA) had wanted to make sure that strong encryption would reach the masses, it couldn't have done much better than to tell the cranky geniuses of the world not to do it. Author Steven Levy, (also wrote "Hackers") tells the story of the cypherpunks, their foes, and their allies in Crypto. It's a great story and when you have read the book, you'll know all you need about PGP and how it really works. I liked it a lot myself.