Windows 7 Ultimate RTM Cracked, Fully Validated (Already?)

David Murphy

Jul 29, 2009 1:50 pm

That didn’t take long. It has only been a week since the official Windows 7 RTM announcement by Microsoft, but crackers have already managed to activate and validate the tricked-out Ultimate version of the OS. The hack is nothing new, as it borrows the same techniques used to bypass activation and verification of previous Vista editions.

According to Softpedia, crackers somehow obtained a copy of an OEM Windows 7 Ultimate disc from Lenovo. From there, they were able to extract two critical bits of information: Windows 7’s OEM-SLP (system-locked pre-installation) product key and the OEM certificate for Windows 7 Ultimate.

But before these can be of any value, one first has to modify a system’s BIOS to fool the operating system into believing that the PC is an authentic OEM machine. This is done by tweaking the values found in the Software Licensing Description Table (SLIC) that is stored in the system’s memory during boot-up.

Once a person has disguised a system as a legitimate OEM machine, the OEM-SLP and OEM certificate allow for permanent, validated activation of the operating system. To Microsoft, the PC is no different from a functional OEM machine–and the “OEM machine,” in turn, has no need to call back to Microsoft’s activation servers for any kind of additional verification. That would defeat the convenient basis behind the creation of SLIC-based OEM activations in the first place.

Just because the OEM disc and keys came from Lenovo doesn’t mean that the crack is exclusive to that brand. According to Softpedia, the crack has proven successful on Dell, HP, and MSI machines as well.

Powered by ScribeFire.

OEMs Picking Up Windows 7 RTM Code

Yes, HP, Toshiba, Lenovo, Asus, Acer, Dell and Fujitsu Siemens, all of them already have Windows 7 RTM!

a handful of OEMs arrived in Redmond to pick up their RTM code. In the past when a Windows release reaches RTM, we have traditionally given some/selected OEMs the opportunity to come to Redmond and pick up the RTM code personally.

That’s good news. This does not mean that we will see right this week PCs from this brands shipped with W7, this means that the engineers from these companies have a lot of work to do in the next few weeks to have everything ready to start shipping their PCs with W7.

Powered by ScribeFire.

Google Wave Opens to Select Users this Fall

Ian Paul

Jul 22, 2009 10:39 am

Are you looking forward to the day when Google Wave, Mountain View’s all-in-one communication and collaboration tool, goes public? Well, for a select group of users, that day is coming this fall. Google announced in a blog post earlier this week it will open up Wave to 100,000 people on September 30. To get on the early bird list, you have to volunteer to be part of the Google Wave testing community.

Google didn’t say whether it’s too late to sign up now, but if you’re interested you might as well try. Just head over to Google Wave’s Website, provide your e-mail address, and make sure you check off the option that says, “Enlist me! I’ll report bugs and give feedback (e.g. user surveys).” You also need to let Google know how you want to use Wave, and then write a short message to the Wave development team — Google says haiku, sonnets, and ASCII art submissions will be accepted.

What is Google Wave?

At its core, Google Wave is a combination of e-mail and instant messaging combined with any Web-based media you can think of. I find the best way to get my mind around it is to think of Google Wave as a mutlimedia conversation thread that includes a variety of tools to help your discussion. You can collaborate on documents, chat with people over IM, e-mail show photos, throw in a map, play games, and so on.

But the advantage of the Wave is that it’s not going to be like Facebook where you just spit out your posts for all your FB friends to see. Google Wave is supposed to let you decide who you want to share information with for every single wave or thread. It’s true that, to a certain degree, you can control who sees your posts on Facebook, but not to the same degree you should be able to with the Wave.

But Will it Succeed?

From what I’ve seen, Google Wave looks like a helpful tool, but there could be a complication barrier that holds many people back from trying the service. A similar problem is affecting FriendFeed, the social network aggregation site. FriendFeed is a social network that lets you control who sees your posts to a greater degree than Facebook, and, like Google Wave, FF is geared towards sharing information and developing conversations. But many users take a look at FriendFeed and ask, “What the heck is that? What can I use it for?” I recently started using FriendFeed, and it’s actually a great service, but it did take me some time to get my mind around what I could do with it.

That’s the same danger for Google Wave: everybody is used to planning events with Evite or regular e-mail and posting their favorite video, article or photo on Facebook. For Wave to succeed, Google will have to convince users to give up their habits and try something new.

The other problem is that it’s likely not all your friends have Gmail, but presumably you’ll need to have a Google Account to get in on a wave. So if you’re planning an event with Wave, your non-Google pals will have to sign up for yet another e-mail account or service to use something they may not even understand. “Just send me an e-mail, dude,” will no doubt be a common response.

Google Wave may be a great information-sharing tool for personal and business users, but getting people to give up their habits and try a new method is always a tough sell.

Powered by ScribeFire.

ozilla yesterday confirmed the first security vulnerability in Firefox 3.5, and said that the bug could be used to hijack a machine running the company’s newest browser.

A noted Firefox contributor called the situation “self-inflicted,” and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla’s bug- and change-tracking database. (See our introduction to the new version.)

The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. “[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,” the company’s security blog reported Tuesday.

Secunia, a Danish security company, rated the bug “highly critical,” the second-highest threat ranking in its five-step system, and added that the vulnerability is in TraceMonkey’s processing of JavaScript code handling “font” HTML tags.

Older versions of Firefox, including Firefox 3.0, are not vulnerable, according to a message posted by Asa Dotzler, Mozilla’s director of community development, in a comment to the company’s blog.

“Mozilla developers are working on a fix for this issue and a Firefox security update will be sent out as soon as the fix is completed and tested,” said that same blog.

In lieu of a patch, users can protect themselves by disabling the “just-in-time” component of the TraceMonkey engine. To do that, users should enter “about:config” in Firefox’s address bar, type “jit” in the filter box, then double-click the “javascript.options.jit.content” entry to set the value to “false.” The popular NoScript add-on will also ward off attacks.

The hacker who published exploit code on the milw0rm.com malware site Monday was not the first to uncover the vulnerability: Mozilla developers first noted the flaw last Thursday, and were in the middle of working on it when the attack code appeared.

“Looking at the exploit code and our test cases, I think this is self-inflicted and we should have hidden the bug earlier,” argued Andreas Gal on Bugzilla. Gal is a project scientist at the University of California, Irvine, where the technique called “trace trees” was developed. Firefox 3.5’s TraceMonkey engine is based on that technique, and builds on code and ideas shared with the open-source Tamarin Tracing project.

Another contributor agreed. “It would seem that the milw0rm exploit code is based on the test cases for this bug,” said someone identified only as “WD” in the same Bugzilla thread. “When you look at the crash details in a debugger, it’s pretty clear that it’s exploitable with a heap spray to the access violation address in question.”

The fix has been slated for Firefox 3.5.1, a fast-track update originally scheduled to release in the last two weeks of this month.

That update will be accelerated to plug the just-gone-public hole, said Daniel Veditz, a security lead at Mozilla. “[The bug] was checked in yesterday, a few hours before we learned of the milw0rm posting,” Veditz said Tuesday night in a comment on the Mozilla security blog. “This fix was going to be in the 3.5.x update we had scheduled for the end of July, but obviously now we have moved up the schedule for release.”

Mozilla launched Firefox 3.5 on June 30.

Powered by ScribeFire.

How to Build Credibility

by Darren Rouse

How do you rate when it comes to credibility? But more importantly, how do you go about getting credibility if you don’t have any or not much of it? Important question for bloggers – Andrew Rondeau from We Build Your Blog shares some tips on building credibility as a blogger.

There are some interesting theories around this topic. One such exponent of a theory is Graham Jones who writes about the credibility pyramid.

This pyramid is made up of four key elements.

1. Knowledge (10%) – At the bottom of the pyramid is a band of knowledge. Although this only represents 10% of a credibility score, it is nevertheless the foundation. If you don’t know what you are talking about, you have no credibility no matter what else you might bring to the mix.

Focus (15%) – The next level up according to Mr Jones is focus which constitutes 15% of the total score. Focus describes the process wherein people do not deviate or go off at tangents. This is when we come across people who seem to be single minded in their opinions, approach and knowledge.

This does not mean that you need to bombard other people with huge amounts of details and information in order to be considered credible. It is more the clarity and enthusiasm as well as the consistency of the information that is being presented that allows people to assess the credibility factor.

In some instances it is even possible that providing far too much information can undermine the credibility score. Perhaps this is where the popularity of the ‘elevator speech’ comes into play. You have two minutes to present your information. You have to be focused and only provide the most important points.

3. Enthusiasm (25%) – The next component on this pyramid of credibility is enthusiasm. This has an allocation of 25% which is fairly high. We probably call this passion more often than not. We view enthusiastic people as being far more credible than those who are not.

Perhaps it is because we feel that if the person can’t be enthusiastic about their own topic then he can’t be believing in his own words. Of course this can be unfair. There are some people who are too shy to speak up never mind appear enthusiastic.

4. Care and Concern (50%) – Possibly the most surprising component of credibility is the top part of this pyramid. It shows that 50% of your credibility is associated with your care and concern. If you show that you care about your audience you will be able to gather up half of the score towards a strong credibility rating.

This means that when building up your online credibility you have to show a huge amount of caring and concern for the interests and well-being of your audience. No matter what you are trying to do online, whether build a blog, communicate with readers, sell a product or even just hold a conversation on a social media platform such as Twitter or Facebook, if you care for your audience you build credibility.

It seems that a small percentage of your credibility is knowledge, add to that focus and enthusiasm and you only have half of what makes up your credibility. The other half is all about caring and concern for the other person’s well-being.

Powered by ScribeFire.

Eduify helps students write better by providing online applications to edit and store documents, capture and discover research, find writing tutorials and models, safeguard against plagiarism, and get on-call expert writing coaching whenever you need it. Eduify’s service integrates with social networks, giving students everywhere the community, applications, and the help you need to immediately improve your writing.

Eduify gives students a smarter way to write, providing web-based solutions to help you research faster, write better, and receive help on-demand.

http://eduify.com

Eduify Persuade with your words by using these 5 tips on how to write persuasively. http://bit.ly/persuasive5