Parallels’ KeyGenie lets you play for a free product key — but you can’t ever win – gpgmail


When is a game not a game? When you never win.

For years, virtualization software maker Parallels offered the chance to win a free product keys if you “stump the KeyGenie,” a virtual robot which users can play against. Normally, users must buy a product key to run the software beyond its two-week free trial. But if you can make it through five questions without the robot guessing what you’re thinking, the robot says a key “may be yours.”

But it turns out it’s an impossibility.

Security researcher John Wethington alerted gpgmail to the KeyGenie game, more than a year after he told Parallels that the game was impossible to win. He examined at the source code of the webpage to see how it worked. He quickly found that no matter what a user does, the code never allows a user to win a free product key.

“It’s to get people to sign up for a trial by pretending to give them a chance at a free license,” he said. “But the source code proves it never will.”

We asked three security researchers to independently verify our findings. Spoiler alert: they did.

Yonathan Klijnsma, a threat researcher at cyberthreat intelligence firm RiskIQ, looked at the code and found that the robot’s responses were hardcoded.

“There’s never any product key,” he told gpgmail. “You have that winning screen but there’s never a product key on the page,” he said. “You can trigger the case for getting a key but there is no way to get to it.”

Though it’s possible to trick the game into thinking you’ve won, nothing happens — and no key is ever awarded.

A screencap of the KeyGenie game. No product key is ever produced. (Image: gpgmail)

“It’s a bunch of hardcoded if-else statements that just take you to the same widget in the end,” said Edwin Foudil, a security researcher who also performed a cursory review of the site. And Baptiste Robert, who’s known for finding security vulnerabilities in apps and websites, said his own checks show nothing is ever pulled from the server after the user wins, suggesting the winner is never served a product key.

“It seems to be a fake game,” said Robert.

We contacted Parallels prior to publication but spokesperson John Uppendahl did not comment. If that changes, we’ll update.

The KeyGenie site was born more than five years ago after Parallels found its popular desktop emulation software was regularly falling victim to software piracy. Hackers would crack the software’s product key algorithm, then build and share their product key generators — known as keygens — on file-sharing sites. Quickly, these keygens floated to the top of search engines, making user piracy even easier.

Parallels built the aptly named “KeyGenie” game so it would rise to the top of search results and replace the illegal keygen search results.

One of Parallels’ marketing agencies at the time published a blog post claims that KeyGenie “will actually hand out keys,” and that the game was “programmed randomly.” The post, published seven months later, “generated dozens of trials” and “four-figures in revenue.”

The Federal Trade Commission, which regulates potentially deceptive advertising and marketing, did not comment outside business hours.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Google’s Titan security keys come to Japan, Canada, France and the UK – gpgmail


Google today announced that its Titan Security Key kits are now available in Canada, France, Japan and the UK. Until now, these keys, which come in a kit with a Bluetooth key and a standard USB-A dongle, were only available in the U.S.

The keys provide an extra layer of security on top of your regular login credentials. They provide a second authentication factor to keep your account safe and replace more low-tech two-factor authentication systems like authentication apps or SMS messages. When you use those methods, you still have to type the code into a form, after all. That’s all good and well until you end up on a well-designed phishing page. Then, somebody could easily intercept your code and quickly reuse it to breach your account — and getting a second factor over SMS isn’t exactly a great idea to begin with, but that’s a different story.

Authentication keys use a number of cryptographic techniques to ensure that you are on a legitimate site and aren’t being phished. All of this, of course, only works on sites that support hardware security keys, though that number continues to grow.

The launch of Google’s Titan keys came as a bit of a surprise, given that Google had long had a good relationship with Yubico and previously provided all of its employees with that company’s keys. The original batch of keys also featured a security bug in the Bluetooth key. That bug was hard to exploit, but nonetheless, Google offered free replacements to all Titan Key owners.

In the U.S., the Titan Key kit sells for $50. In Canada, it’ll go for $65 CAD. In France, it’ll be €55, while in the UK it’ll retail for £50 and in Japan for ¥6,000. Free delivery is included.

 


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something