Sven Gustavson Wanted

I lost contact to Sven Gustavson (svenny@fnmail.com). If anybody knows his new e-mail then please say me const@land.ru

Constantin, probably Navision couldn’t laugh about his efforts on cracking their license file and he rushed into some problems ? Never mind, selling his cracking capabilities, like he did, does not always lead to wellness and much money, sometimes this causes also pain :slight_smile: Torsten

quote:


Originally posted by constis: I lost contact to Sven Gustavson (svenny@fnmail.com). If anybody knows his new e-mail then please say me const@land.ru


Correct. And I’m sure that Navision and the BSA would like to know where to find as well! He is not someone you would like to be associated with. Best regards, Erik P. Ernst, webmaster

Hi! It is always pleasant to hear good words about itself… Probably, Navision and BSA in the sleep see, as will catch me… -))) By the way, I did not crack the license file of Navision Financials, I went by another way and developed the small utility, during the use by which original program “forgets” some license limitations. And another utility makes it possible for any user to login to database with the Superuser rights. I must say that authorization system into Navision Financials is realized sufficiently weakly. Even in the programs from Microsoft Office everything is made much more reliable. Sven. P.S. I hope that you will not cancel my registration on this forum… -) Edited by - GoodMan on 2001 Oct 06 19:23:59

By the way, I have read answer to my message, but noted the misprint in my message. This answer disappeared after the correction of misprint. I’m sorry, these are the error of the forum control script, but not my malicious design… -) Sven

What’s your explanation about ? About not only using a cracked license file but a much better solution ? It doesn’t make any difference whether you cracked the license file or the authorization system, whether you patched the FIN.EXE or disable the system by a hook. The result is the same: a bypass of an access restriction covered by Navision’s rights and license. If you think that the authorization system is weak and you can proof this, why not showing this to Navision ? I can tell you why: because you are selling your crack (your words, you personally called it a crack) to your own profit and now you are trying to justify this by the access system beeing weak ? How do you call what you are doing (selling the crack) ? Business ? Oh man, come back to reality… Torsten

quote:


Originally posted by GoodMan: Hi! It is always pleasant to hear good words about itself… Probably, Navision and BSA in the sleep see, as will catch me… -))) By the way, I did not crack the license file of Navision Financials, I went by another way and developed the small utility, during the use by which original program “forgets” some license limitations. And another utility makes it possible for any user to login to database with the Superuser rights. I must say that authorization system into Navision Financials is realized sufficiently weakly. Even in the programs from Microsoft Office everything is made much more reliable. Sven. P.S. I hope that you will not cancel my regis


I rather doubt this is the real guy. I think this is a hoax. The FBI would trace his IP address so fast and I doubt he is that stupid… Of course, we can only hope…

Well. We shall leave a problem of detour of the license restrictions. We shall study the database user’s access authorization system. At input by the username and the password the system forms inquiry such as “SELECT * FROM USERS WHERE USERNAME=XXX”. If the inquiry returns any object the system will transform the entered password and compares to the information written down in this object. At concurrence access is authorized. At updating inquiry to "SELECT * FROM USERS WHERE USERNAME<XXX (1 byte of FIN.EXE), and also at change of the program code so that system compared the received object with itself (1 more byte), the bad person at input of a name “zzz” will get access with the rights of user “Willy”, at input of “Willy” - access with rights of Timmy, and at input of “Timmy” - access with rights of SUPERUSER!!! As far as I have understood, you pay Navision for reliable system of authorization… If someone still doubts, that it is possible, create small base with the user “VERY_ARTFUL_USER” and the password “VERY_LONG_AND_ARTFUL_PASSWORD”. Pack with any archiver and send this base to me. I shall change the password of the user to VERY_SHORT_AND_DUMB_PASSWORD, and also I shall add user Svenny with Superuser rights. Sven

quote:


Originally posted by todro: What’s your explanation about ? About not only using a cracked license file but a much better solution ? It doesn’t make any difference whether you cracked the license file or the authorization system, whether you patched the FIN.EXE or disable the system by a hook. The result is the same: a bypass of an access restriction covered by Navision’s rights and license. If you think that the authorization system is weak and you can proof this, why not showing this to Navision ? I can tell you why: because you are selling your crack (your words, you personally called it a crack) to your own profit and now you are trying to justify this by the access system beeing weak ? How do you call what you are doing (selling the crack) ? Business ? Oh man, come back to reality… Torsten


Hi all, i think that people is getting an exagerate reaction to sven’s crack. The reality is really different to what people usually thinks about cracks and so… a) BSA suks… BSA is an organism made by powerful companies to gain more money from bad software: Forcing you to buy all software you would like to try instead of just trying the software and buying it if you find it useful for your purposes. They force you to first buy the software, then test it and then, if you find it unuseful or not as good as it was suposed to be, lose your money as there are usually no refunds on working but unuseful software. b) Cracking programs is an old tradition, specially when you’re a student with low economical resources and you want to play (at least for an hour) with almost the new games before buying one of them. Usually you find that only one percent of the games are good enough for keeping you playing for more than an hour. The same can be applied to commercial programs, where most of them are not good enough for the price they are costing. If you can’t test them, you’re losing your money and helping bad software instead of forcing companies to increase the quality of their products (example of crap software only useful for using the cd’s for decoration is windows XP) c)

quote:


Jim HollcraftI rather doubt this is the real guy. I think this is a hoax. The FBI would trace his IP address so fast and I doubt he is that stupid… Of course, we can only hope…


Jim… FBI is only authorized to “play games” INSIDE the States. If Sven is using other countries for the distribution of his crack, the FBI cannot touch him… excepting if he’s selling his crack inside the states. Remember also that different countries have different legal treatment to the cyber-crimes, and there are some countries where copying/cracking and selling copied/cracked software is not a crime… d) Cracking programs is the only way to improve their security: if noone tries to crack the program noone will try to improve it security. The fact is a good software design should include some hard-testing such as people trying to break into all the security aspects of the program (especially when we’re talking about a serious program for keeping all our company information). Instead of contacting BSA what Navision should do is contacting Sven and trying to improve their security instead of just trying the guy that finds the hole… as probably there are more people than can find the same hole…) The problem is that companies try to keep their security catching the guy’s who are able of breaking it instead of using more money on security improvement. e) If you’re worried about the crack, you better should be worried about serious security bugs in Navision, such the one that allows any user with restore capabilities to access all data on navision using a database backup file… that’s a bug reported a long time ago that’s still on Navision… BTW… i like your t-shirt, Sven… nice Netscape logo… :wink: Regards, Alfonso Pertierra (Spain)apertierra@teleline.es Edited by - apertierra on 2001 Oct 11 02:17:41

Come on guys. Get a life! In response to the previous post: A. BS (Bll Sit) B. True, but that does not make it legal. C. True, and consider the implications on YOUR long-term salary, if everybody used pirate copies. Not to mention what will happen to the next generation of our beloved products, if the developers don’t make money. D. Yeah right! And Sven does this for fun only?? Wake up! E. You’re right. This SHOULD have been fixed. However, it’s not and until it gets fixed restrict other users than the trusted ones from actually MAKING a backup in the first place - that IS possible, you know. Hey wait a minute, only trusted users are allowed to make backups anyway!?!? Aren’t they? Did you forget that when you implemented? Shame on you! Now, go and change it immediately and at the same time, make sure that the physical security around the backup media is also in order! :slight_smile: Lars Strøm Valsted Head of Project and Analysis Columbus IT Partner A/S www.columbusitpartner.com

Hi, Lars… the all-time old discussion about hacking/cracking morality would take too long… (lol) is a theme that always take too long. Just for resuming, remember that there is also a “hacking”-ethic: a) Support the good software: if you test a program and you like it or you’re planning to use it, buy it. b) make all software available for testing for free… (selling cracks is not on that ethic). The only thing about Sven’s crack i’m really versus is the fact that he’s selling that crack. Cracks are not supossed to be sold… that’s strictly piracy :slight_smile: Alfonso Pertierra (Spain) apertierra@teleline.es Edited by - apertierra on 2001 Oct 11 02:18:24

Alfonso, No doubt that there might be a “hacking”-ethic - just like there might exist a “terrorist”-ethic! Hacking is a criminal act - read the Navision license. And this will not be accepted by NOLUG! I’ve not stopped this debate (but I will move it to Open Subject) because I think this is an interesting topic. And as Jim, then I don’t believe that this Sven here is “the-real-thing”. Yes the BSA (business software association) is the big bad commercial guys. The same as the guys who made Navision. Do any of you really think that they made Navision just for the fun of it? Of cause I think that the founders and employees have fun as well (at least I hope so), but I don’t think anyone invests money in it because of this! Best regards, Erik P. Ernst, webmaster

I too do not agree that this is the real Sven. So my only comment is will the REAL Sven please stand up. _________________________ Wendy O’Connor - co moderator Attain/Financials - End User Questions NOLUG

quote:


Originally posted by Admin: Alfonso, No doubt that there might be a “hacking”-ethic - just like there might exist a “terrorist”-ethic! Hacking is a criminal act - read the Navision license. And this will not be accepted by NOLUG! […] Yes the BSA (business software association) is the big bad commercial guys. The same as the guys who made Navision. Do any of you really think that they made Navision just for the fun of it? Of cause I think that the founders and employees have fun as well (at least I hope so), but I don’t think anyone invests money in it because of this!


Just two points, Erik: Hacking is not a criminal act… Cracking is a criminal act. Hacking doesn’t mean illegal activities, but the films and the publicity that certain people like Microsoft or BSA have made of the famous “hackers” had mixed both of them. Usually computer security companies have hackers working for them (for testing and discovering bugs on the security or for just administering the system). A hacker is just a person who really knows how the system works and it’s vulnerabilities and study the system where he/she is working for knowing how all works. When i was developing in a MUD i hacked the system for allowing a char having full permissions (as administrator) on the MUD and testing a possible bug on the security… after realizing that the test worked and the security was broken, i told the real administrator about the bug for being able of solving it. The difference between hacking and cracking is when you destroy information or try to make a damage or obtain something you’re not allowed from/to the system you’re hacking that becomes cracking. A better example could be: hacking is knowing how to defeat Navision license’s protection and inclusively telling to Navision for letting them to solve their security problem. Cracking is using that knowledge. Piracy is using that knowledge for selling the “crack”. The problem is that mostly when people reaches the first point, the usually continue to the second one, and someones, like Sven, to the third… As long as Hacking doesn’t mean “destruction” or “illegal use of a knowledge”, but study and experimentation, hacking cannot be considered as a criminal act (so the comparison between hacking-ethic and terrorist-ethic seems ridiculous to me). It’s more like a genetical engineer. You can have a person studying the genetical structure of an animal and trying to understand all for being able of discovering or helping discovering cures for various diseases (like a hacker) and you can have the person trying to discover how those diseases work for being ables of creating new diseases and spreading them through a population (like the goverment… sorry… i mean… the crackers… :wink: ) About the BSA, i just will say that some of the companies that are forming the BSA could better use their money for improving some of their probed lack-of-quality products instead of trying to keep people from finding their failures by restricting the knowledge. There are allways two ways for improving security on a system: the first one is trying to fix the problems and increasing the security by decreasing the holes. The second one is restricting the users rights and increasing the punishment for those who discover the fails. The first method makes better and more secure systems with users than in a future can become good administrators as they’re able of “playing” and testing all that they want. The second one is cheaper, but makes users that won’t be able of administering the system without lowering more the permissions to their users… that becomes in a no-permissions system. As i told you… one of the first things in that “ethic” is “support the good software: if you try a program and you’re going to use it or you like it, BUY IT.”. That means that if you’re going to use a program (like navision), you’ve also the right of testing it before (navision allows that with the demo license, so there is no reason for “cracking” it), but other programs don’t allow the user to test them before buying, so the user is buying an unknown product just having to trust what the software developer says… and we all know that not all the products are as good as they promise. Well… as i said before… this is a theme that can take for long on a discussion… :wink: Regards, Alfonso Pertierra (Spain)apertierra@teleline.es Edited by - apertierra on 2001 Oct 11 02:19:13

Alfonse, come on! You claim that hacking is not a criminal act, unless you destroy data or something like that. Hacking is entering someones “premises”. Premises which are protected because the owner does NOT want you to enter. That IS illegeal. By using your analogy, then if you had put a “no trespassing” sign in front of your house, locked the front door but had a lousy lock on the back door. Then it would be legal for me to enter your house through the back door, walk around and look at your stuff - as long as I did not steal or destroy anything? And then you should be thankful to me, if I told you that your lock on the back door is lousy? I don’t think so :slight_smile: It always puzzles me why some people think that it is okay to do things like we discuss here in cyberspace, when it is not okay to do it in the real world. Lars Strøm Valsted Head of Project and Analysis Columbus IT Partner A/S www.columbusitpartner.com

The analogy between housebreaking and codebreaking (sorry, cracking) that Lars presents is a reasonable one. However, real world laws have evolved over a very long time. For example, compared to the 2000+ years of human history, it is only recently that piracy at sea has been outlawed. Obviously, I’m not suggesting that cyberspace law will take that long to evolve but what I am trying to illustrate is that it has not caught up with all the complexity of real world laws and we need to be patient while that happens. There have been cases where a mistyped URL has taken someone to lists of bank account information. If they inform the owner they may be taken to court as a hacker. Breaking and entering a property is illegal. But if doing so means that you save the occupant who is lying injured inside then it is unlikely that you will be prosecuted. In both cases, establishing the intent is difficult but necessary to the resolution. It is a horribly complicated business and drawing real world analogies will show the way but not necessarily provide the answers (at this time anyway). Cheers, John

It is possible to debate that in some countries what Sven did by cracking/hacking/or whatever you want to call it, is not illegal. It is a violation of the Digital Millenium Copyright Action (aka DCMA) in the USA. I do not believe his actions are illegal in Russia or Finland. However, in all countries, if someone uses a Sven crack to use Navision, they are doing so in violation of copyright laws. Navision customers that use this crack are also in violation of the license agreement, a contract to which they agreed. Various penalties are allowed for this. If Sven assisted the person in violating these laws and agreements by providing the crack to them (even for free), he probably has some potential penality applied to him too. Even withouth the DCMA, in the USA, if Sven helps someone violate a contract I think he can be sued. I am not a lawyer in the USA or any other country, but I pay lawyers to defend my legal rights and so does Navision Software. Also, “Sven Gustavson” is probably made up name. I have received an email offer of this crack in exchange for cash. The offer arrived in my email box in the USA. So, if this person, whoever he or she is, does come to the USA, jail time is a very real possibility.

Jim, I concur with you that using this crack would violate the Navision licence agreement. No problems about that (although there is probably some smart arse lawyer who would be happy to try and fight it). However, if you ask the question, is it illegal to identify that a security hole exists and what will the response of the relevant authorities will be when they find out that you know about it? This is what I mean about proving intent. If you trip over a hole accidentally, it is unfair to be on the receiving end of a lawsuit even though you are in violation of the letter of the law. On the other hand, if you go looking for a hole or if, having found a hole, you then attempt to exploit it, that (in my book) makes you fair game for the law. Real world law has had plenty of time to deal with these subtleties and precedents whereas cyberspace law has yet to establish itself firmly although it is clearly getting there. Cheers, John

quote:


Originally posted by lstroem: […] By using your analogy, then if you had put a “no trespassing” sign in front of your house, locked the front door but had a lousy lock on the back door. Then it would be legal for me to enter your house through the back door, walk around and look at your stuff - as long as I did not steal or destroy anything? And then you should be thankful to me, if I told you that your lock on the back door is lousy? […]


I think that you’re missing my point… using your own example, is like if you put a “no trespassing” sign in front of your house, locked the front door and having a lousy lock on the back door, i see that you’ve a lousy lock on the back door and tell you that your back door’s lock is a piece of s**t, and when you don’t trust me, i show you how to open it (that’s more the typical hacking activities than the ones you’re watching on TV). The problem is if entering the house, but hacking doesn’t means you’ve to “enter the house”, but you learn the ways of entering… in your example is like if you’re studying for being tinker and you know how all the locks work and how to open them… does it makes you a criminal?. As i told before, the problem is not having the knowledge… but using it incorrectly. Regards Alfonso Pertierra (Spain)apertierra@teleline.es Edited by - apertierra on 2001 Oct 11 02:16:22

quote:


Originally posted by JohnP: Jim, I concur with you that using this crack would violate the Navision licence agreement. No problems about that (although there is probably some smart arse lawyer who would be happy to try and fight it). However, if you ask the question, is it illegal to identify that a security hole exists and what will the response of the relevant authorities will be when they find out that you know about it? This is what I mean about proving intent. If you trip over a hole accidentally, it is unfair to be on the receiving end of a lawsuit even though you are in violation of the letter of the law. On the other hand, if you go looking for a hole or if, having found a hole, you then attempt to exploit it, that (in my book) makes you fair game for the law. Real world law has had plenty of time to deal with these subtleties and precedents whereas cyberspace law has yet to establish itself firmly although it is clearly getting there.


Totally agree… the USE of the crack violates all Navision license agreements and is illegal. But answering the question, if you find a hole (searching or not) on a system is not punishable (not illegal also…). Is like if you’re walking through the street and you see that someone has left his car’s door open and the keys inside. May be you just see it by being walking and seeing the door without being searching for it… may be you’re just a “car security” paranoic and you’re watching at every car’s door for watching if it’s open or not (watching… not opening…). That makes no difference. The punishable act is if you open the car’s door after seeing that it’s open. Computer’s world is not as easy as just “having a look” and knowing that the door is open or not, but playing a bit. If you suspect that a security hole can be found in a program, and you make tests for knowing if that security hole exists, while you don’t access any data you’re not legally allowed to, while you don’t destroy any information, while you don’t copy any information or use anything (example: login and just logout of navision without just seeing any data), while you don’t try to use that flaw in your own benefit… can it be considered a criminal act?? The ethical thing should be if you discover a flaw in any system to tell the system developer about that flaw and (if possible), helping them to fix the problem (and that’s how it works most of times…), but sometimes people use those flaws instead of reporting them (why only bad actions usually have publicity?). As i told before, a hacker basically is just someone who studies about security on systems and the ways to improve it, and there is no better way for improving the security of your own system than knowing it’s fails for being able to solve them, or, if solving is not possible easily, for trying to keep trace or all possible intrussions through those holes and minimizing the damage they can do through them. A good place for knowing about security flaws and how to fix them is http://neworder.box.sk .It’s a good example of how “hacking” is also a useful thing for computer comunity by preventing people about the bugs they can found in their systems and showing the ways to fix them. Regards – Alfonso Pertierra (Spain)apertierra@teleline.es Edited by - apertierra on 2001 Oct 11 02:15:36