Microsoft secretly marked XP beta ISO's
Warren Togami
warren at togami.com
Mon Sep 3 05:09:49 PDT 2001
http://www.wininformant.com/Articles/Index.cfm?ArticleID=22291
Microsoft Secretly Marking XP CDs Given to Beta Testers
Technical beta testers who downloaded Windows XP Home or Professional
Edition from Microsoft's servers last weekend might want to be careful about
giving out copies of the CD-ROMs they generated. Microsoft has embedded a
security check into each XP CD-ROM that uniquely identifies each tester so
the company can tell if someone else uses the authorized tester's CD-ROMs to
install XP. A tester who wondered about a universally unique identifier
(UUID) reference number in the CD-ROM's International Organization for
Standardization (ISO) header unwittingly uncovered the security measure.
(Microsoft used ISO files to generate the XP CD-ROMs). Security expert Steve
Gibson is examining the UUID, and the preliminary results are obvious:
Microsoft is watching you.
"Earlier today someone forwarded an interesting post to me from the [Windows
XP newsgroups] regarding the discovery of a UUID at offset 9400 bytes into
the ISO images we have been downloading," Gibson wrote yesterday. "It caught
my curiosity." Gibson posted a small downloadable application testers could
use to check their UUID numbers against his, and although he obviously isn't
asking users to forward their UUID information, he's interested in hearing
whether other testers have unique numbers. Based on discussions I've had
with various testers, they do.
"It turns out that the UUID is indeed unique per beta tester," one tester
wrote. "If I give you the Windows XP ISO image, Microsoft can, at a later
date, track it back to me." The tester noted that it's still fairly easy to
bypass this antipiracy measure, but I'm waiting for a response from
Microsoft before I publish this information.
Given Microsoft's recent antipiracy moves, this news isn't surprising, but
Microsoft could have mitigated the inevitable backlash against this
customer-tracking measure by informing testers that their downloaded
versions of XP were somewhat rigged. During the XP beta, technical beta
testers and others leaked an unprecedented number of interim builds to
various "warez" Internet sites. Some leaks, however, clearly came from
within Microsoft. Is the company also watching its own employees?
More information about the LUAU
mailing list