How many people are stupid enough to publish their Windows XP Professional product key to the web? You know, the unique ID that allows them to activate their software?
As of this afternoon, the number is at least 103. [Update: Less than a year later, on March 21, 2008, that search pulls up more than 28,000 pages. Even granting some of those pages are like this one, warning people not to do this, the majority still appear to be product keys that people published to the web. Damn, that’s a lot of stupid.]
If you use the Belarc Advisor tool, you might want to do some judicious editing before you actually post its raw results to your website. And it appears that more recent versions of the advisor don’t include the actual key, just the product ID that it generates (and which can’t be reverse-engineered to produce the key). Do no, you won’t be able to find any Windows Vista keys this way.
I’m kinda guessing that not a single one of these keys will actually activate for anyone except the original owner, given that close to 5000 people have flagged this story on Digg already.
Still, dumb doesn’t even begin to describe it.
(via David Berlind)
6 thoughts on “Publish your Windows product key on the web?”
The thing I noticed about all of these “Belarc Advisor Current Profile” pages is that they are all exactly identical.
This led me to speculate that Belarc must be using a server to record the outputs of their tool being used in PCs and then publishing the results.
Text in the pages claims “The information on this page was created locally on your PC by the Belarc Advisor. Your computer profile was not sent to a web server.”
Patrick, the Belarc Advisor produces its output in the form of a web page, which loads in the local browser. That’s why that message is there and that’s why the format is identical. The people who are posting this are uploading that locally produced HTML report, unmodified, to their own web site.
The Belarc Advisor is a great tool, I wrote about it years ago, and uploaded the resulting profile for readers to go see. But I redacted the software keys. Looking through Google search from the Digg post, I apparently am one of the few to have removed the keys.
I wonder, in light of the Digg posting, whether Belarc will change the structure of its report so the keys aren’t immediately visible.
Offhand I’d think that someone attempting to use someone else’s product key would be squelched by PA / WPA, but I’m just cynical enough to believe it would simply screw the legit user.
The interesting thing is that you can install Windows Vista with no product key, giving you a 30-day evaluation period (renewable with slmgr -rearm) before you have to activate. Whereas with XP you have to provide a key, any key, to install. So having a key that will allow you to complete the installation is valuable, even if it won’t activate, as long as you intend to blow away the system within 30 days.
I have the most recent version of the Belarc Advisor (V7.2k) and I just ran it and sure enough, there’s the key (and the product Id also) for the whole world to see if I posted the page as is to the web.
Oh, the key and product ID are there for Office 2007 also.
Comments are closed.