BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Never Lose Your License Keys or Proof of Ownership Again

Posted April 23, 2010    Morey Haber

I had the unfortunate experience this weekend of working with Microsoft’s Genuine Office Validation Product. Let me give you the skinny on this one.

Microsoft released an update that validates whether your operating system or office product is genuine or a bootleg copy several years ago. The system verifies the registration with an online database and pops up a warning saying your product may not be genuine if there is a match to their database. Sounds like a great way to stop piracy – except for when it trips incorrectly and it becomes increasingly difficult to access vulnerability patches until you verify you have a legitimate version.

So how did I get into this mess? Well, a friend recently had a hard disk failure and needed to have the system re-imaged. The onsite technician reloaded the system and MS Office since it came with the computer. When he reinstalled, he did not use the license key that shipped with the computer but rather some obscure one he had in his bag of tricks.

Guess what? That key is in the “bad” database from Microsoft. Okay – a simple search through an online KB database revealed a registry key to delete and restart of office to prompt for a new key. Again, simple enough. I entered the key and no dice, the registration program would not accept the original number since we had two different versions of Office installed.

The only recourse was a complete uninstall and reinstall of office to correct the problem. Total time, a little over an hour but the annoyance meter started to peak at 10. A little lesson I learned a few years ago would have helped from day one.

If you are like me, and you do not save every box that ships with software or hardware, I found a great way to be a minimalist about proving ownership and license keys:

1. Save all the original CDs and DVDs in a binder made to hold discs. This minimizes space to a single binder for all original software.

2. Cut out all of the UPC codes on boxes and manuals and store them in a folder. This proves purchase and ownership.

3. Save all original purchase receipts with the UPC codes.

4. Any holograms or authentication seals, cut out or rip the page off the book and store in the same folder. This proves licensing.

5. Finally, any location that has serial numbers, cut out and store as well. (Note many new systems have the OS and MS Office serial numbers directly on the PC in the form of stickers.)

This allows you to toss all books, manuals, and trash that accompanies each purchase and prove ownership and licensing if needed. These may sound trivial but how many times have you hunted for software keys and licenses for a reinstall?

Simple organization will go along way and allow to keep your system up to date.

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,