BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Never Lose Your License Keys or Proof of Ownership Again

Posted April 23, 2010    Morey Haber

I had the unfortunate experience this weekend of working with Microsoft’s Genuine Office Validation Product. Let me give you the skinny on this one.

Microsoft released an update that validates whether your operating system or office product is genuine or a bootleg copy several years ago. The system verifies the registration with an online database and pops up a warning saying your product may not be genuine if there is a match to their database. Sounds like a great way to stop piracy – except for when it trips incorrectly and it becomes increasingly difficult to access vulnerability patches until you verify you have a legitimate version.

So how did I get into this mess? Well, a friend recently had a hard disk failure and needed to have the system re-imaged. The onsite technician reloaded the system and MS Office since it came with the computer. When he reinstalled, he did not use the license key that shipped with the computer but rather some obscure one he had in his bag of tricks.

Guess what? That key is in the “bad” database from Microsoft. Okay – a simple search through an online KB database revealed a registry key to delete and restart of office to prompt for a new key. Again, simple enough. I entered the key and no dice, the registration program would not accept the original number since we had two different versions of Office installed.

The only recourse was a complete uninstall and reinstall of office to correct the problem. Total time, a little over an hour but the annoyance meter started to peak at 10. A little lesson I learned a few years ago would have helped from day one.

If you are like me, and you do not save every box that ships with software or hardware, I found a great way to be a minimalist about proving ownership and license keys:

1. Save all the original CDs and DVDs in a binder made to hold discs. This minimizes space to a single binder for all original software.

2. Cut out all of the UPC codes on boxes and manuals and store them in a folder. This proves purchase and ownership.

3. Save all original purchase receipts with the UPC codes.

4. Any holograms or authentication seals, cut out or rip the page off the book and store in the same folder. This proves licensing.

5. Finally, any location that has serial numbers, cut out and store as well. (Note many new systems have the OS and MS Office serial numbers directly on the PC in the form of stickers.)

This allows you to toss all books, manuals, and trash that accompanies each purchase and prove ownership and licensing if needed. These may sound trivial but how many times have you hunted for software keys and licenses for a reinstall?

Simple organization will go along way and allow to keep your system up to date.

Leave a Reply

Additional articles

{c4eae211-3ca2-4f8e-b2b9-6df0e970aab1}_g.markhardy

The “insider” threat. Is it real, or is it being blown out of proportion?

Posted March 4, 2015    G. Mark Hardy

A lot depends on whether or not you’ve been compromised. And therein lies the problem. Cyber threats are often ignored until they cause some damage, at which point management looks for people to blame and gives all kinds of attention to fixing the problem – until the next crisis in accounting or warehousing or staffing comes along.

Tags:
, , ,
webinar_chalk

Webinar March 4th: Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

Posted March 3, 2015    Lindsay Marsh

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack.

Tags:
, ,
VMware Hardening Guidelines-img3

How to Audit VMware ESX and ESXi Servers Against the VMware Hardening Guidelines with Retina CS

Posted February 27, 2015    BeyondTrust Research Team

Retina CS Enterprise Vulnerability Management has included advanced VMware auditing capabilities for some time, including virtual machine discovery and scanning through a cloud connection, plus the ability to scan ESX and ESXi hosts using SSH. However, in response to recent security concerns associated with SSH, VMware has disabled SSH by default in its more recent…

Tags:
, , , ,