news.com posted an article with the title "Bypass found for Windows piracy check" which still calls Debasis Mohanty founder
of this crack.But they cant really know who found it first because their only source to the article is THIS mailing list
and the article is based on Debasis Mohanty's disclosure.
The interesting on the article is the official microsoft answer
on the crack. "Microsoft confirmed that the technique could circumvent the piracy check, but a representative said Monday that the company is not worried." In the article the representative analyze this hack and explain why (by microsoft's opinion...) it is not a threat for Microsoft. Also the article speaks about the rapidly expiration which is a point that Debasis Mohanty mistaken.
Read it at http://news.com.com/Bypass+found+for+Windows+piracy+check/2100-1002_3-5717127.html?tag=st_lh
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

The proof is in the date that the article was posted, I posted my
article weeks ago on the 9th of May, that news.com article was posted on
the 23rd. This can also be proven by looking at when it was indexed by
various bots, eg: google or the way back machine.

Justin Allen (a.k.a. poedguy)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Justin,

I have been working on WGA since past 2 months and this particular issue was
found by me in the first week of April, 2005. It seems that you too
discovered this issue and posted it before me. I am absolutely not surprised
that it has been posted by you 2 weeks before I posted for which I was not
unaware. However, claiming that you are the only person who discovered it,
is something I believe is unfair.
The timestamp also play a good role here. Just incase if you are not aware
of then try changing the dates to advance date atleast 8 to 12 months then
you will see the differences. However, a small trick can be used to
circumvent it. I have my test machines configured with all those public
betas since 1.5 months which are still up and running.
After going through the link mentioned by you, I now don't rule out the case
that you posted this issue earlier to me but however it is unfair on your
part to claim that you are the only one who discovered it.

There could be possibility that there are guys around who might have
discovered this issue much before me and you but has never bothered to bring
it to the public.

I am not so much interested in getting credits infact my idea of posting a
bug is always to share my findings with the entire security community. That
is what FD and other security lists are all about. One thing I must say,
neither way I was aware that someone else has posted this issue before I
posted otherwise won't I have posted it.

Before posting any of my findings, I always make sure I report it to the
vendor and other security sites like idefense, securiteam etc etc... Verify
it with the vendor and then make it public if the vendors are ok with it.

It also happened once earlier that I reported one bug on "MAP tag url
spoofing" to idefense but then later on the same day while surfing few
security sites I found that the same issue was already discovered and posted
by someone else. I had to stop my posting to FD and other sec sites. It is
still lying as a hidden info on my site.

You can find it here:
http://www.hackingspirits.com/vuln-rnd/map-urlspoof-demo.html

Hence, it can also happen that a particular issue / bug can be found by
multiple researchers who are unaware of others findings but that doesn't
mean the one who posted first is the first one and the only one to find it.

If you have discovered this issue before me then definitely you deserve the
credits but however it can now become a debate who found it first. I am not
so much interested in the credits rather I am more interested in uncovering
such issue to this community.
Debasis Mohanty (a.k.a. Tr0y)
www.hackingspirits.com



-----Original Message-----
From: full-disclosure-***@lists.grok.org.uk
[mailto:full-disclosure-***@lists.grok.org.uk] On Behalf Of Justin Allen
Sent: Tuesday, May 24, 2005 8:27 AM
To: full-***@lists.grok.org.uk
Subject: Re: [Full-disclosure] Defeating Microsoft WGA Validation Check

This was posted on xillioncomputers.com on May 9 and can be found at:
http://www.xillioncomputers.com/modules.php?name=News&file=article&sid=336

The timestamp they are referring to has nothing to do with the
application you download, WGA does not do anything to the application.
It simply "verifies" your copy of windows and allows you to download the
application. The timestamp is quite simply to make sure you do not use
the same code over and over and that you generate a new one each time
you want to download something from the Microsoft download center.

Do not claim this as your own, I discovered this weeks ago.

Justin Allen (a.k.a. poedguy)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/