Dynamics User Group - Archived Forums

The forums in this section of DUG are no longer accepting new post, but you can still get lots of value from the old posts here.
Please visit the active forums to comment/post new questions (choose which product you are interested in):


Sven Gustavson Wanted

I lost contact to Sven Gustavson (svenny@fnmail.com). If anybody knows his new e-mail then please say me const@land.ru

  • Constantin,

    probably Navision couldn't laugh about his efforts on cracking their license file and he rushed into some problems ?

    Never mind, selling his cracking capabilities, like he did, does not always lead to wellness and much money, sometimes this causes also pain :-)

    Torsten


    quote:
    Originally posted by constis:

    I lost contact to Sven Gustavson (svenny@fnmail.com). If anybody knows his new e-mail then please say me const@land.ru





  • Correct. And I'm sure that Navision and the BSA would like to know where to find as well!

    He is not someone you would like to be associated with.

    Best regards, Erik P. Ernst, webmaster
  • Hi!

    It is always pleasant to hear good words about itself...
    Probably, Navision and BSA in the sleep see, as will catch me... -)))
    By the way, I did not crack the license file of Navision Financials, I went by another way and developed the small utility, during the use by which original program "forgets" some license limitations. And another utility makes it possible for any user to login to database with the Superuser rights.
    I must say that authorization system into Navision Financials is realized sufficiently weakly. Even in the programs from Microsoft Office everything is made much more reliable.

    Sven.

    P.S. I hope that you will not cancel my registration on this forum... -)



    Edited by - GoodMan on 2001 Oct 06 19:23:59
  • By the way, I have read answer to my message, but noted the misprint in my message. This answer disappeared after the correction of misprint. I'm sorry, these are the error of the forum control script, but not my malicious design... -)

    Sven

  • What's your explanation about ? About not only using a cracked license file but a much better solution ? It doesn't make any difference whether you cracked the license file or the authorization system, whether you patched the FIN.EXE or disable the system by a hook. The result is the same: a bypass of an access restriction covered by Navision's rights and license.

    If you think that the authorization system is weak and you can proof this, why not showing this to Navision ? I can tell you why: because you are selling your crack (your words, you personally called it a crack) to your own profit and now you are trying to justify this by the access system beeing weak ? How do you call what you are doing (selling the crack) ? Business ? Oh man, come back to reality...

    Torsten

    quote:
    Originally posted by GoodMan:

    Hi!

    It is always pleasant to hear good words about itself...
    Probably, Navision and BSA in the sleep see, as will catch me... -)))
    By the way, I did not crack the license file of Navision Financials, I went by another way and developed the small utility, during the use by which original program "forgets" some license limitations. And another utility makes it possible for any user to login to database with the Superuser rights.
    I must say that authorization system into Navision Financials is realized sufficiently weakly. Even in the programs from Microsoft Office everything is made much more reliable.

    Sven.

    P.S. I hope that you will not cancel my regis



  • I rather doubt this is the real guy. I think this is a hoax. The FBI would trace his IP address so fast and I doubt he is that stupid... Of course, we can only hope...
  • Well. We shall leave a problem of detour of the license restrictions.
    We shall study the database user's access authorization system. At input by the username and the password the system forms inquiry such as "SELECT * FROM USERS WHERE USERNAME=XXX". If the inquiry returns any object the system will transform the entered password and compares to the information written down in this object. At concurrence access is authorized. At updating inquiry to "SELECT * FROM USERS WHERE USERNAME<XXX (1 byte of FIN.EXE), and also at change of the program code so that system compared the received object with itself (1 more byte), the bad person at input of a name "zzz" will get access with the rights of user "Willy", at input of "Willy" - access with rights of Timmy, and at input of "Timmy" - access with rights of SUPERUSER!!!
    As far as I have understood, you pay Navision for reliable system of authorization...
    If someone still doubts, that it is possible, create small base with the user "VERY_ARTFUL_USER" and the password "VERY_LONG_AND_ARTFUL_PASSWORD". Pack with any archiver and send this base to me. I shall change the password of the user to VERY_SHORT_AND_DUMB_PASSWORD, and also I shall add user Svenny with Superuser rights.

    Sven

    quote:
    Originally posted by todro:

    What's your explanation about ? About not only using a cracked license file but a much better solution ? It doesn't make any difference whether you cracked the license file or the authorization system, whether you patched the FIN.EXE or disable the system by a hook. The result is the same: a bypass of an access restriction covered by Navision's rights and license.

    If you think that the authorization system is weak and you can proof this, why not showing this to Navision ? I can tell you why: because you are selling your crack (your words, you personally called it a crack) to your own profit and now you are trying to justify this by the access system beeing weak ? How do you call what you are doing (selling the crack) ? Business ? Oh man, come back to reality...

    Torsten




  • Hi all,
    i think that people is getting an exagerate reaction to sven's crack. The reality is really different to what people usually thinks about cracks and so...

    a) BSA suks.... BSA is an organism made by powerful companies to gain more money from bad software: Forcing you to buy all software you would like to try instead of just trying the software and buying it if you find it useful for your purposes. They force you to first buy the software, then test it and then, if you find it unuseful or not as good as it was suposed to be, lose your money as there are usually no refunds on working but unuseful software.

    b) Cracking programs is an old tradition, specially when you're a student with low economical resources and you want to play (at least for an hour) with almost the new games before buying one of them. Usually you find that only one percent of the games are good enough for keeping you playing for more than an hour. The same can be applied to commercial programs, where most of them are not good enough for the price they are costing. If you can't test them, you're losing your money and helping bad software instead of forcing companies to increase the quality of their products (example of crap software only useful for using the cd's for decoration is windows XP)

    c)
    quote:
    Jim HollcraftI rather doubt this is the real guy. I think this is a hoax. The FBI would trace his IP address so fast and I doubt he is that stupid... Of course, we can only hope...
    Jim... FBI is only authorized to "play games" INSIDE the States. If Sven is using other countries for the distribution of his crack, the FBI cannot touch him... excepting if he's selling his crack inside the states. Remember also that different countries have different legal treatment to the cyber-crimes, and there are some countries where copying/cracking and selling copied/cracked software is not a crime...

    d) Cracking programs is the only way to improve their security: if noone tries to crack the program noone will try to improve it security. The fact is a good software design should include some hard-testing such as people trying to break into all the security aspects of the program (especially when we're talking about a serious program for keeping all our company information). Instead of contacting BSA what Navision should do is contacting Sven and trying to improve their security instead of just trying the guy that finds the hole... as probably there are more people than can find the same hole...) The problem is that companies try to keep their security catching the guy's who are able of breaking it instead of using more money on security improvement.

    e) If you're worried about the crack, you better should be worried about serious security bugs in Navision, such the one that allows any user with restore capabilities to access all data on navision using a database backup file.... that's a bug reported a long time ago that's still on Navision....

    BTW... i like your t-shirt, Sven... nice Netscape logo... ;)

    Regards,

    Alfonso Pertierra (Spain)apertierra@teleline.es


    Edited by - apertierra on 2001 Oct 11 02:17:41
  • Come on guys. Get a life!

    In response to the previous post:

    A.
    BS (B*ll S*it)

    B.
    True, but that does not make it legal.

    C.
    True, and consider the implications on YOUR long-term salary, if everybody used pirate copies. Not to mention what will happen to the next generation of our beloved products, if the developers don't make money.

    D.
    Yeah right! And Sven does this for fun only?? Wake up!

    E.
    You're right. This SHOULD have been fixed. However, it's not and until it gets fixed restrict other users than the trusted ones from actually MAKING a backup in the first place - that IS possible, you know. Hey wait a minute, only trusted users are allowed to make backups anyway!?!? Aren't they? Did you forget that when you implemented? Shame on you! Now, go and change it immediately and at the same time, make sure that the physical security around the backup media is also in order! :-)


    Lars Strøm Valsted
    Head of Project and Analysis

    Columbus IT Partner A/S
    www.columbusitpartner.com
  • Hi, Lars...
    the all-time old discussion about hacking/cracking morality would take too long... (lol) is a theme that always take too long.
    Just for resuming, remember that there is also a "hacking"-ethic:
    a) Support the good software: if you test a program and you like it or you're planning to use it, buy it.
    b) make all software available for testing for free... (selling cracks is not on that ethic).

    The only thing about Sven's crack i'm really versus is the fact that he's selling that crack. Cracks are not supossed to be sold... that's strictly piracy
    :)


    Alfonso Pertierra (Spain) apertierra@teleline.es


    Edited by - apertierra on 2001 Oct 11 02:18:24
  • Alfonso,
    No doubt that there might be a "hacking"-ethic - just like there might exist a "terrorist"-ethic! Hacking is a criminal act - read the Navision license. And this will not be accepted by NOLUG!

    I've not stopped this debate (but I will move it to Open Subject) because I think this is an interesting topic. And as Jim, then I don't believe that this Sven here is "the-real-thing".

    Yes the BSA (business software association) is the big bad commercial guys. The same as the guys who made Navision. Do any of you really think that they made Navision just for the fun of it? Of cause I think that the founders and employees have fun as well (at least I hope so), but I don't think anyone invests money in it because of this!

    Best regards, Erik P. Ernst, webmaster
  • I too do not agree that this is the real Sven.

    So my only comment is will the REAL Sven please stand up.

    _________________________
    Wendy O'Connor - co moderator Attain/Financials - End User Questions NOLUG
  • quote:
    Originally posted by Admin:
    Alfonso,
    No doubt that there might be a "hacking"-ethic - just like there might exist a "terrorist"-ethic! Hacking is a criminal act - read the Navision license. And this will not be accepted by NOLUG!
    [...]
    Yes the BSA (business software association) is the big bad commercial guys. The same as the guys who made Navision. Do any of you really think that they made Navision just for the fun of it? Of cause I think that the founders and employees have fun as well (at least I hope so), but I don't think anyone invests money in it because of this!



    Just two points, Erik:
    Hacking is not a criminal act... Cracking is a criminal act. Hacking doesn't mean illegal activities, but the films and the publicity that certain people like Microsoft or BSA have made of the famous "hackers" had mixed both of them. Usually computer security companies have hackers working for them (for testing and discovering bugs on the security or for just administering the system). A hacker is just a person who really knows how the system works and it's vulnerabilities and study the system where he/she is working for knowing how all works. When i was developing in a MUD i hacked the system for allowing a char having full permissions (as administrator) on the MUD and testing a possible bug on the security... after realizing that the test worked and the security was broken, i told the real administrator about the bug for being able of solving it. The difference between hacking and cracking is when you destroy information or try to make a damage or obtain something you're not allowed from/to the system you're hacking that becomes cracking.
    A better example could be: hacking is knowing how to defeat Navision license's protection and inclusively telling to Navision for letting them to solve their security problem. Cracking is using that knowledge. Piracy is using that knowledge for selling the "crack".
    The problem is that mostly when people reaches the first point, the usually continue to the second one, and someones, like Sven, to the third...
    As long as Hacking doesn't mean "destruction" or "illegal use of a knowledge", but study and experimentation, hacking cannot be considered as a criminal act (so the comparison between hacking-ethic and terrorist-ethic seems ridiculous to me). It's more like a genetical engineer. You can have a person studying the genetical structure of an animal and trying to understand all for being able of discovering or helping discovering cures for various diseases (like a hacker) and you can have the person trying to discover how those diseases work for being ables of creating new diseases and spreading them through a population (like the goverment... sorry... i mean.. the crackers.. ;) )

    About the BSA, i just will say that some of the companies that are forming the BSA could better use their money for improving some of their probed lack-of-quality products instead of trying to keep people from finding their failures by restricting the knowledge.

    There are allways two ways for improving security on a system: the first one is trying to fix the problems and increasing the security by decreasing the holes. The second one is restricting the users rights and increasing the punishment for those who discover the fails. The first method makes better and more secure systems with users than in a future can become good administrators as they're able of "playing" and testing all that they want. The second one is cheaper, but makes users that won't be able of administering the system without lowering more the permissions to their users... that becomes in a no-permissions system.

    As i told you... one of the first things in that "ethic" is "support the good software: if you try a program and you're going to use it or you like it, BUY IT.". That means that if you're going to use a program (like navision), you've also the right of testing it before (navision allows that with the demo license, so there is no reason for "cracking" it), but other programs don't allow the user to test them before buying, so the user is buying an unknown product just having to trust what the software developer says... and we all know that not all the products are as good as they promise.
    Well... as i said before... this is a theme that can take for long on a discussion.... ;)
    Regards,


    Alfonso Pertierra (Spain)apertierra@teleline.es


    Edited by - apertierra on 2001 Oct 11 02:19:13
  • Alfonse, come on!

    You claim that hacking is not a criminal act, unless you destroy data or something like that.

    Hacking is entering someones "premises". Premises which are protected because the owner does NOT want you to enter.

    That IS illegeal.

    By using your analogy, then if you had put a "no trespassing" sign in front of your house, locked the front door but had a lousy lock on the back door. Then it would be legal for me to enter your house through the back door, walk around and look at your stuff - as long as I did not steal or destroy anything?

    And then you should be thankful to me, if I told you that your lock on the back door is lousy?

    I don't think so :-)

    It always puzzles me why some people think that it is okay to do things like we discuss here in cyberspace, when it is not okay to do it in the real world.


    Lars Strøm Valsted
    Head of Project and Analysis

    Columbus IT Partner A/S
    www.columbusitpartner.com
  • The analogy between housebreaking and codebreaking (sorry, cracking) that Lars presents is a reasonable one. However, real world laws have evolved over a very long time. For example, compared to the 2000+ years of human history, it is only recently that piracy at sea has been outlawed.

    Obviously, I'm not suggesting that cyberspace law will take that long to evolve but what I am trying to illustrate is that it has not caught up with all the complexity of real world laws and we need to be patient while that happens.

    There have been cases where a mistyped URL has taken someone to lists of bank account information. If they inform the owner they may be taken to court as a hacker. Breaking and entering a property is illegal. But if doing so means that you save the occupant who is lying injured inside then it is unlikely that you will be prosecuted. In both cases, establishing the intent is difficult but necessary to the resolution.

    It is a horribly complicated business and drawing real world analogies will show the way but not necessarily provide the answers (at this time anyway).

    Cheers,
    John
Related