Microsoft's "Dead Cow" Patch Was 7 Years In the Making 203
narramissic writes "Back in March 2001, a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how an attack on a flaw in Microsoft's SMB (Server Message Block) service worked. Or maybe the flaw was first disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog). It was so long ago, memory is dim. Either way, it has taken Microsoft an unusually long time to fix. Now, a mere seven and a half years later, Microsoft has released a patch. 'I've been holding my breath since 2001 for this patch,' said Shavlik Technologies CTO Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, 'showed how easy it was to take control of a remote machine without knowing the password,' he said."
Now I get it (Score:5, Funny)
Re:Now I get it (Score:5, Funny)
Things look a bit bleak for Windows 2008 then :(
Re:Now I get it (Score:4, Funny)
No, they needed to get some luck for Windows, so they added the lucky number 7 to it. This bug fix was introduced to confuse us all.
Re: (Score:3, Funny)
"Windows Se7en - What's in the box?" was my personal favorite.
Re:Now I get it (Score:5, Funny)
George Costanza works for Microsoft?
Re: (Score:2, Funny)
Re: (Score:2)
Are you saying that Windows 9 will be the last?
I'll drink to that.
Re: (Score:2)
If Windows 7 is as good as her posterior, then times might be interesting.
'been holding my breath since 2001 for this patch' (Score:5, Funny)
...and boy are my arms tired.
P.S. I'm dead.
Re: (Score:2)
Re: (Score:3, Interesting)
I believe that's "*Hobbit*" ...
(jan '97)
Re:I forget... (Score:5, Informative)
CIFS: Common Insecurities Fail Scrutiny [ussrback.com]
- SR
Re: (Score:2)
It must be older than that if the USSR was still around!
Does anyone use this OS any more? (Score:5, Interesting)
I mean, seriously, most of us have written it off, and it makes bad business sense too.
At work we've cancelled plans to use Win7 and WinVista and are moving to all Linux where we can, just from a staffing level perspective.
Re:Does anyone use this OS any more? (Score:5, Interesting)
Yes, lots of people still do.
Makes little business sense right now to go to Win7/Vista, but XP is still a smart move for most people.
It's too bad Slashdotters here are so entranced with the platform, they forget what it's supposed to delivery. I don't really care what OS is on the desktop, so long as it allows us to achieve what we are trying to do. Usually, it's the software that does that, not the OS.
Re:Does anyone use this OS any more? (Score:5, Insightful)
Of course, if the OS is fighting you all the way while you're trying to work with the software, that's a problem.
Re:Does anyone use this OS any more? (Score:5, Insightful)
From my experience, the Linux folks that try to work in Windows just simply don't know WTF they are doing.
Likewise, Windows Admins who work in Linux don't know either.
It's always easy to curse the platform if you don't have the knowledge. I've built stable environments out of Windows and out of Linux, and they all serve their purpose with perfectly fine uptime. Just a different delivery platform for different things.
Re:Does anyone use this OS any more? (Score:4, Insightful)
I'm not specifically referring to tasks which are "hard to do" in the OS--I'm referring to the incessant stream of vulnerabilities in various components that makes working with Windows a virtual minefield.
Re:Does anyone use this OS any more? (Score:4, Insightful)
In the 7 years as a Windows Sysadmin I've seen my job getting easier and easier by taking a few proactive steps to corporate use of Windows.
For server use, it's perfectly fine. I have a Windows file cluster running over a year without an downtime, but we've taken cluster members offline for patches in turn, and failed back to the alternate which is a net of 0 downtime.
We use strict policies on the desktop, and don't allow users to do things that are going to cause problems. Mostly, this includes *not* giving them administrative rights, though we do delegate some things out.
It's like any other system. The problem is that Windows is so large an ecosystem, and so many folks that 'represent' Windows sysadmins pretty much suck at their job, or are MCSEs on paper and not in practice, then it does a disservice to what I feel is a perfectly fine OS for daily use, and corporate use. I have no 'virtual minefield' because I know my business well, I know my job well, and I perform well in bringing harmony between them (the business and the IT use).
It's like ANY system (*nix included), because if you have an incompetent sysadmin, you will have problems on your domain and infrastructure. If you have a competent sysadmin, you won't see anything wrong. Our users are largely very happy, and that's done by internal auditing (mandatory surveys, as we represent 19000 employees country wide), and consistently the 2500+ userbase I work with and for rank me highest of the family of companies I work for in their satisfaction in their computing needs.
Again, it's not the platform at fault, it's the admins around it. If you feel Windows is a virtual mine field then it may indicate your talents lie elsewhere (*nix), and as such should keep to the business you know, rather than tell folks who run Windows successfully that they have inherent problems at hand they aren't aware of.
Re:Does anyone use this OS any more? (Score:5, Insightful)
Hear hear. I've been running UNIX and Windows in admin capacity since the early '90s. The biggest problem I've seen at the moment is caused by marketing. Microsoft just refuse to stop advertising Windows servers as being so simple the cat could administer it.
With that message on the table, HR departments get the idea that all it then takes to administer servers is one cat and a magic wand. So they create low paid jobs for 'admins' that don't actually know much about administration (as it's so easy, who actually needs skills in it 'eh?).
UNIX tends to get better results overall, largely because it's seen as a skilled job. They pay the money, they require that you know what you're doing.
Where you get admins that know the detail on Windows to the depth that UNIX gurus know UNIX, comparable results are obtained.
Now, if only Microsoft would stop telling suits that all they need to administer Windows is someone with one finger and half a brain, then the rep. of Windows would increase dramatically. However, there's money to be made today by churning out an MCSE who two weeks ago didn't know what the power cable plugged into. Who cares about the future of the platform when you can advertise tomorrow with a new glossy pamphlet, and make money today? Well, apart from the people who really understand system administration, and hey, what do they know?
Re: (Score:2, Insightful)
There is something to be said about *nix platforms always championed by the 'geeks'. Windows is GUI based to be sure, but there are behind the scenes things (registry, hosts files, policies, clustering, etc) that is not as intuitive as people think it may be. That's also where a LOT of problems occur, and cause the BSODs and other things that the *nix fans love to jump at.
I'm not really a proponent of Windows, or Unix. I am a proponent of *getting things done*. Now whether I find *nix to do a job better, fa
Re:Does anyone use this OS any more? (Score:5, Interesting)
Windows is GUI based to be sure, but there are behind the scenes things (registry, hosts files, policies, clustering, etc) that is not as intuitive as people think it may be. That's also where a LOT of problems occur, and cause the BSODs and other things that the *nix fans love to jump at.
Yes, my penultimate reason for leaving Windows was all of those hidden problems like "why is xxx.dll using 92% of my capacity? and WTF is xxx.dll anyway?" MS would never tell anyone the answers so you had to go to all of the forums where people volunteer to help you, but first you have to download and run a spy seeker, an ad finder, a virus detector and "Hijack this." BTW, I have great respect for these volunteers but they shouldn't be needed in a system that I paid for.
Just to forestall questions, my ultimate reason for leaving was when I read what Microsoft Genuine Advantage was going to do, rather than blindly pushing the download key so that I could get this "advantage."
Re: (Score:2)
Thank the Lord that *nix is so intuitive that you need have need of a support forum.
I support Linux, I really do, but the community aspect is a large part of solving problems in any environment. Hint: not just approved Windows or Linux people can solve problems, or have them.
Re:Does anyone use this OS any more? (Score:5, Funny)
Damn skippy! Alt-Ctrl-Del takes three fingers.
Re:Does anyone use this OS any more? (Score:4, Insightful)
What format was that survey in?
I recently had the opportunity to design a survey. And preemptively learned from the mistakes at UPS [surveycompany.com].
We started out with a ton of questions we thought were good, then scrapped the idea and asked three open ended questions with big free form text fields.
Another group went ahead and asked a bunch of continuum and multiple choice questions.
In their survey everything looked peachy.
In ours (the freeform one) results were considerably less favorable, and considerably more useful.
Usefulness can be lost especially easily when you simply boil the continuum questions down to percentages. What if that mere fraction of a percentage of your employees that are extremely dissatisfied are crucial to it's function? Or if you didn't ask the right questions?
It's really easy to create a survey that tells you absolutely nothing useful.
Re: (Score:3, Informative)
We didn't initiate the survey (it comes from a third party, and we don't know when it goes out), but it was about your user experience, what problems you have, how quickly they are resolved, that kind of thing.
Given the 'marks' our department gets consistently, and the bonus *I* get as a result afterwards, I am going to assume that I'm doing okay. Besides, I'm one of the few sysadmins that puts my name out 'in the wild' for the business users to get a hold of me. I don't answer helpdesk calls, but at least
Re: (Score:2)
We use strict policies on the desktop, and don't allow users to do things that are going to cause problems.
That must be a long list.
Seriously though, we use Macs in our office and one person here has the touch of death for computers. He was given a brand-new iMac running Leopard, clean install, and within a month he has managed to get the computer so bunged-up it won't even log out. What did he do? "Nothing," apparently.
I hate to say it, but things were better when the computers were mostly locked out by the previous tech, a permission nazi, and only a few computer-savvy people like myself with our collection
Windows Server can be solid, however... (Score:5, Insightful)
My #1 beef with Microsoft is that they market it so that every small to medium business owner thinks that everything will all run together happily on one box all "plug-n-play" and snuggly whirring away on the floor of their office closet.
I have the hardest time convincing users that they cannot run their 20-user network on one SBS 2003 server, with Exchange (running OWA and OMA), running their heavily-accessed SQL database, sharepoint, anti-virus server software, backup software, and company file and printer sharing to 5 multi-function copiers and expect 5 9's of freaking uptime.
This is how it is marketed. This is what the end user expects when shopping for a Microsoft solution. You tell them that they'll need at least 3 separate boxes, Server, Exchange, SQL, etc all separate, RAID and ideally a failover system and an excellent firewall for the remote access they look at you like you're nuts. So they buy it and have it set up their way, it works like hell for a year, then they end up paying in the end to have it done again the right way (and more this time, because they have to now migrate off of their old system).
And the Microsoft money machine chugs on.
Re: (Score:2)
That's cool.
http://milw0rm.com/platforms/osX [milw0rm.com]
Says the latest remote exploit for OS X is when you're using 1+ yr old Quicktime.
Nice to know.
Then there's this:
http://milw0rm.com/platforms/windows [milw0rm.com]
Holy crap. Just keep scrolling....
Re:Does anyone use this OS any more? (Score:5, Informative)
I've hacked an interesting little solution together for my household, which I'm sure would scale. I've been using Linux for about 13 years, and have forgotten more tricks than most people know. Over that time I've done a certain amount with Windows, too, but the lack of a rich toolset and open / free documentation and source always put me off spending too much time on it. I understand things are a bit better now on those fronts, but I chose where to invest my time ages ago. I've certainly not bothered about keeping up to speed, have no experience with Vista, Office, 2007, etc.
Anyway .. I have to provide a Windows environment for a family member who's really not up to learning anything new. I wanted to be able to manage it, secure it, control changes to the configuration, etc., etc., and eventually hit on the idea of just running XP inside VBox on Ubuntu. It starts automatically, changes to the main Windows partition are discarded on each shutdown, and I can do all my management with ssh (and occasionally rdesktop if I need to actually fiddle with Windows, which is rare.) Performance is fine even on old hardware.
Virtualization on the server is obviously mainstream now, and I guess many users are running virtualization software themselves to provide access to apps on other platforms and run old software. I haven't seen much about using virtualization as a platform for managed desktops though, and I reckon it has some advantages: moving images between machines when hardware fails or users move departments; change control; configuration testing, etc., etc. Knowing you've got the exact same disk image in use on a herd of workstations, regardless of hardware, seems like a good thing for peace of mind ..
Re: (Score:2)
Re: (Score:2)
True, I guess with modern server and network performance and reliability fairly dumb terminals are possible again (there was a decade or so when it was all rather iffy, beginning about the time that people started using Windows.) There might be a niche for poorly connected workstations, though - offices in locations with no broadband, laptops ..
Re: (Score:2)
Agree, neat & easy. I do this for the kids. (I've been around a while too..started with an RM 380Z then IBM S/3).
Is it ready for prime time on corporate desktops? Has been tried, (not just via virtualisation, which I agree has come on a lot), but also more simply by just 'locking' the client desktop. In each case, result similar - users complaining about lost settings, tweaks and sometimes (OK, illegally-installed) apps.
Will the growth of Google Apps, Salesforce.com et al. neuter the desire of PC use
Re: (Score:2)
Ah yes, the eternal tension between empowering users and protecting them from themselves :)
Sticking user profiles somewhere writeable should be enough for 90% of users. For those more trustworthy and with more need for customization, their own personal disk image should do the trick. It still means firewalling and virus scanning can be run on the host where it can't be subverted, and disk images can be shunted around and rdiff'd for backups, etc.
The only snag is that playing Direct X-requiring games is prob
Re: (Score:2)
Oh yes - Direct-X. Yet another failed USP for Vista.
Shame OpenGL is - still - not 'there' yet. Optimised drivers for Linux or BSD - where are they, outside of high-end CAD cards? Real Soon Now (c) Pournelle.
You're right - it's always the 'emotional' apps that somehow fire people up. Funny how the business case evaporates in front of the VP.
Still, the user still hates you forever for saying 'no'. Lose/lose. I'm now handing out 200$ Asus EeePCs for those situations. Dual boot in Linux/Win, and user can
Re: (Score:2)
Still, the user still hates you forever for saying 'no'. Lose/lose. I'm now handing out 200$ Asus EeePCs for those situations. Dual boot in Linux/Win, and user can restore from 'bricked' to original config in 30 seconds...high CPU and FPS game playing - unfortuantely - impossible ;-)
Neat. It'll be interesting to see how they get treated. Something tells me people may "connect" better with a portable device that small, than a damn great desktop on a desk wired to the network. Hopefully people will feel more
Re:Does anyone use this OS any more? (Score:5, Informative)
Re: (Score:2)
Interesting - I had absolutely no idea that existed, shows how out of touch I am. Personally, I'll stick with my implementation, because it gives me a Unix host and pretty good confidence in the non-"subvertibility" of the change control (I couldn't - quickly - find any details of what level Windows Disk Protection works at), but I'll certainly suggest it for anyone who needs a Windows-based solution ..
Re: (Score:3, Insightful)
One thing is for sure, though. I don't want to make an 'Impress' presentation and send it to a clie
Re: (Score:3, Insightful)
Actually, I thought that was specifically the point. If people hate using their computer, then you're doing something wrong.
It's about getting the job done, but Microsoft has consistently been the roadblock. Microsoft is the barrier to compatibility. They're the roadblock to having everything "just work". The Windows monopoly has to end before we can move forward again.
Re:Does anyone use this OS any more? (Score:5, Insightful)
If you've used Windows in a corporate environment and still feel that way, there is something wrong with your organization. I've been with my current company for just over a year now and yesterday I called the help desk for my first Windows related problem.
Perhaps the gp was on the other end of the line, dealing with the nightmare to keep the rest of the organization including you, clear from it. In other words, your experience with your office desktop computer might say more about the quality of the IT department that installed the OS than about the flaws in the installed OS.
It's stable, period. Now, all the antivirus, security, firewall etc they install makes the thing so slow it's awful to use, but that's beside the point.
No, that is *not* beside the point. You see, if you *need* to bog down your OS with third party software to keep it working reliably at all, I'd say that the flaws in this OS are exactly what causes your pc to slow down to the point that it's awful to use.
One thing is for sure, though. I don't want to make an 'Impress' presentation and send it to a client unless I'm sure they are going to be able to open it in Powerpoint.
Yeah or in something else they might have, like Impress ;) I actually don't know Impress, btw. But I get your point.
Re:Does anyone use this OS any more? (Score:4, Informative)
One thing is for sure, though. I don't want to make an 'Impress' presentation and send it to a client unless I'm sure they are going to be able to open it in Powerpoint.
It may give you peace of mind to know that MS released the specs on their binary formats [slashdot.org] in late June, so the OOo team had about 2.5 months to fix their implementations in version 3. If they didn't manage that, they should have them in the next release.
Not all that great... (Score:3, Funny)
"Microsoft has released the specifications for the binary file formats used by pre-2007 Microsoft Office applications"
And we all know how well Microsoft maintains backwards compatibility with its office file formats...
Re: (Score:2, Funny)
Re: (Score:2)
people who produce costly products with little value
The market says otherwise.....
Re: (Score:2)
Not those markets. I was referring to the sales of Windows. It appears to be the dominant client OS and has growing market share in server space.
Re: (Score:2, Interesting)
Market cap is a reference to net revenue multiplied by copies.
If we were to do a simple math exercise, we would see that if they (as they did) double the price of Windows (WinVista and Win7) but only lose 40 percent of the customers, then they end up with INCREASING MARKET SHARE.
Even if the number of people actually losing it decreases.
Even if many copies of WinVista are rebuilt as either WinXP or Linux (or BSD).
Simple math exercise any first year economist could do.
Re:Does anyone use this OS any more? (Score:5, Funny)
Hardly anybody still uses Windows, it's dying out.
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Re:Does anyone use this OS any more? (Score:4, Insightful)
Just because YOU don't like Vista doesn't mean others don't. On my desktop I happen to think my system runs smoother and faster and is easier to fix than with XP. To each his own, like several other +5 Insightful in this thread have mentioned...
Re: (Score:2)
"most of us"
You might want to expand your world-view slightly... even if you are not a fan of their products, living in THAT fantasy world will get you nowhere.
my prayers are answered! (Score:5, Funny)
Seven years ago, The Register devastated me with this terrible news:
Finally, I can use my favorite thrilling NTLM features without giving in and using NTLMv2!
SMB? (Score:3, Funny)
Re:SMB? (Score:5, Informative)
SMB [wikipedia.org] is used by Windows for file/printer sharing.
Re:SMB? (Score:4, Interesting)
Okay Mr. Quick with the link.. Where does the "dead cow" Reference come from?
Re:SMB? (Score:5, Funny)
What a crappy headline. I hate teasers like that.
Re:SMB? (Score:5, Informative)
http://en.wikipedia.org/wiki/Cult_of_the_Dead_Cow [wikipedia.org]
and
http://en.wikipedia.org/wiki/SMBRelay [wikipedia.org]
Re:SMB? (Score:5, Informative)
http://en.wikipedia.org/wiki/Server_Message_Block [wikipedia.org]
Also,
http://justfuckinggoogleit.com/ [justfuckinggoogleit.com]
Re: (Score:2)
I would hope enterprise environments would use something a bit more sophisticated than windows file sharing. Even then, I doubt any business would have any box with smb/samba enabled without a firewall preventing internet based or external smb connections.
Re: (Score:2)
I would hope enterprise environments would use something a bit more sophisticated than windows file sharing.
Such as?
If you have Windows clients and Windows servers, SMB is the most common way to get files between them. This is true whether you're connecting two Windows machines to your home wifi router or you're running a corporate environment with tens of thousands of Windows machines on it.
Re: (Score:2, Insightful)
Samba's primary weakness is that it doesn't run on a Windows file system.
Re: (Score:2)
Windows Server Admin? On Slashdot? Are you kidding (Score:5, Funny)
Re: (Score:3, Informative)
I do.
You can make fun of me :)
That said, if you have a Linksys firewall in place, it usually takes care of the issue. Granted the attacks you'll get internally *can* happen, but we have managed to circumvent SMB exploitation via policy settings in Windows. It works fine for us, nice to see they finally patched it though.
Re:Windows Server Admin? On Slashdot? Are you kidd (Score:5, Funny)
Now you deserve to be made fun of.
Re: (Score:2, Insightful)
It wasn't meant in seriousness, but if you want to take it and run, feel free.
Just meant that any port blocking software or hardware (as simple AS a Linksys firewall) prevents this from being anything of an issue.
Hell, even Windows built-in firewall will do the trick.
Re: (Score:2)
Re: (Score:3, Interesting)
C2MyAzz (Score:5, Interesting)
Re: (Score:2)
Except there's several ways of monitoring traffic even on switches.
You can spoof ARP packets and confuse the client, confuse the switch, or use any one of several DNS vulnerabilities. That's not even mentioning WiFi networks!
Sounds like typical Microsoft arrogance.
port 139 (Score:5, Funny)
Oh well, I guess I'd better block incoming public Internet traffic on port 139 then. That's a shame because it's been so very useful to have an Internet facing SMB share.
Re:port 139 (Score:4, Insightful)
If you still want that service just run it over a vpn.
Re: (Score:2)
If you still want that service just run it over a vpn.
I guess you missed the attempted irony of my original post.....
Re: (Score:2)
I agree.
Instead of needing to go out looking for pr0n and Warez they just magically appear in the SMB share.
Sure, not all of it are your tastes, but you can always pick and choose later, right?
Sorry, gotta go, there seems to be a knocking at my door.
Why hello officers ...
Without knowing the password? (Score:5, Insightful)
It's always been easy to take control of a machine without the password. Sit down in front of the computer. Now the only thing stopping you is yourself. Oddly enough, that's what keeps most systems up... The fact that the vast majority of people are honest, decent folk. That, and they don't know what a null pointer is.
Re: (Score:2)
That, and they don't know what a null pointer is.
Does that help?
Not if they're programmers.
Holding his breath ? (Score:4, Funny)
"I've been holding my breath since 2001 for this patch"
With lungs like that he should try free-diving!
Re: (Score:3, Funny)
Re: (Score:2)
"I've been holding my breath since 2001 for this patch"
With lungs like that he should try free-diving!
"By this time his lungs were aching for air."
What made it worse? Really? (Score:5, Insightful)
What made it worse? Taking 8 years to fix it or disclosing it before the patch was released?
Further it is not a bug at all. It is essentially badly designed protocol having a hole and instead of abandoning it and making users upgrade, MSFT left this hole open for 8 years. All the in the name of backward compatibility. Why has backward compatibility trumped security for 8 years? It not surprising no one takes MSFT's statements about its commitment to security seriously?
Re:What made it worse? Really? (Score:5, Insightful)
This is MS modus operandi. You know all those MS based studies that say that MS fixes bugs faster than Linux. Well we never really believed them but they are technically true. See MS only counts the time between when they publicly disclose a bug and when they patch it. They don't count the time between when they find or are informed of the bug. With Linux people the whole process is more transparent. When bugs are discovered in Linux, they are almost disclosed at the same time. So this 8 year old bug will appear on all MS studies as only taking a few days rather than 8 years.
Re: (Score:2)
Why has backward compatibility trumped security for 8 years?
Because the best security in the world is of no use or consequence if your hardware and software can't do the job.
Why? Perhaps the end of the original notice tells (Score:2)
Why has backward compatibility trumped security for 8 years?
Well, if you look at the original notice you'll see it ends this way:
Perhaps Microsoft decided to hold off publication of the exploit code until none of their valued customers were using the service. B-)
That's a silly question. (Score:2)
Why has backward compatibility trumped security for 8 years?
"Microsoft: putting the 'backwards' into 'backward compatibility'."
When Microsoft abandons ActiveX and other technologies that run unsandboxed binaries from random websites, then I'll start taking their claim that they care about security seriously.
Re: (Score:2)
Then you should try Vista. It runs ActiveX low-priv [...]
[...] in a porous sandbox that has had several holes documented already.
A remote execute exploit that has to be followed by a well known and more-or-less unfixable privilege escalation exploit is not much of an improvement over a straight remote execute exploit.
and has all of XP SP2's "are you really sure you want to run this?" prompts too.
All those do is train users to approve security dialogs.
Worse, Apple seems to have gotten sucked into the stupid
And yet the world didn't end. (Score:4, Insightful)
Re: (Score:2)
How many people were actually a victim of this exploit?
IIRC, it wasn't just the shares that were affected by the port 139 holes.
I'm pretty sure port 139 was abused in very large numbers for silly IRC channel pissing matches. Sending a few hundred 'winnukes' was easier than splitting EFnet, and largely just as effective, except the larger #'s.
Re: (Score:2)
That you can ask this question on Slashdot - and hear nothing in response but the sound of crickets chirping in the background - answers your question, I should think.
Easter egg for Windows 7? (Score:3, Funny)
Re:Easter egg for Windows 7? (Score:5, Funny)
That would make it harder to get to than the Secret Cow Level in Diablo II, because in Diablo II all you have to do is go through Hell, whereas with Windows 7 you have to install it successfully.
Re: (Score:2)
Way overhyped ... only applies to deprecated OSes (Score:2, Informative)
http://support.microsoft.com/kb/q147706/ [microsoft.com]
You will see that the affected operating systems are old and that Microsoft long ago told people how to configure their systems to avoid this issue.
Veracode Blog Clarification (Score:2, Insightful)
I've posted on the Veracode Blog [veracode.com] about this issue for clarification purposes.
Here's the content:
With regard to the recent Patch Tuesday fix, there has been an issue fixed regarding NTLM Relaying, that has been around for more than eight years.
In 2000, I wrote an advisory about NTLM relaying (CVE-2000-0834). The problem turned out to be significantly larger than I originally suggested in the advisory. The attack extended to other NTLM-based authentications on other protocols and allowed general-purpose crede
Re: (Score:2)
You're getting nostalgic / introspective / retrospective over a 7 year old bug?
Call me when they patch a PDP-11 bug. __m_(^,^)_m__
Re: (Score:2)
yep, march 2001
had my abitur exams, my girlfriend just dumped me, i finally gave up on os/2 and started to become a fatty i am now.
and about your partitioning problems: back then partition magic was still great.
Re: (Score:2)
yep, march 2001
had my abitur exams, my girlfriend just dumped me, i finally gave up on os/2 and started to become a fatty i am now.
and about your partitioning problems: back then partition magic was still great.
Ye gods, you're right! I've stayed away from that program like the plague for years now, and hey, GParted does everything Partition Magic did but more reliably than even those old versions were . . . but yes, Partition Magic used to get the job done like nothing else at the time could. Wow, it's been ages since I thought of that. PM went downhill while this bug sat unfixed? Yikes.
Actually, for the fun of it I remember exploiting this bug back when I lived in University Residence. I remember, among ot
Re: (Score:2, Funny)
None, none, none, none, none, none, none.
I guess I should get out more...
Re: (Score:2)
Re: (Score:2)
Think so. I have a patched XP client with an unpatched NT4 server and both are able to communicate over SMB.