Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

[es] :: Advocacy :: Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

[ Pregleda: 2397 | Odgovora: 3 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

Marko_R
Marko Ranđelović
Programer
Niš

Član broj: 3737
Poruke: 575



+4 Profil

icon Why did Microsoft wait 7 years to fix SMBRelay attack flaw?15.11.2008. u 21:14 - pre 187 meseci
Citat:
One of the code execution vulnerabilities fixed in this month’s Microsoft Patch Tuesday release dates back to 2001 when it was first disclosed by Cult of the Dead Cow hacker Sir Dystic (pictured left).

If that wasn’t cause for worry, get this: An exploit for the bug — in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials — has been part of the Metasploit hacking tool since July 2007.

So, why did it take Microsoft seven years to fix something that could lead to full system takeover?

Microsoft’s Christopher Budd explains:

When this issue was first raised back in 2001, we said that we could not make changes to address this issue without negatively impacting network-based applications. And to be clear, the impact would have been to render many (or nearly all) customers’ network-based applications then inoperable. For instance, an Outlook 2000 client wouldn’t have been able to communicate with an Exchange 2000 server. We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation, but, the reality was that there were similar constraints that made it infeasible for customers to implement SMB signing.


http://blogs.zdnet.com/security/?p=2165&tag=nl.e539
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16683
*.dip.t-dialin.net.



+7169 Profil

icon Re: Why did Microsoft wait 7 years to fix SMBRelay attack flaw?15.11.2008. u 21:41 - pre 187 meseci
Pa lepo pise - nisu mogli to da rese zbog samog dizajna SMB-a (koji je ocajan, da se razumemo)

Opet, problem nije toliko strasan ako se radi o SMB-u, jer mrezni sharing obicno radi unutar interne mreze (a sam Windows Firewall jos od XP SP2 ne pusta SMB po defaultu na javnim mrezama) + da bi ovo radilo morate naterati korisnika da pokusa da se sa SMB-om konektuje (da "exploruje") maliciozni komp...

Sto znaci da bi hacker morao da:

a) se nalazi u internoj privatnoj mrezi na kojoj je korisnik (ili da korisnik ima razdesen firewall)
b) da natera korisnika da pokusa da inicijalizuje SMB sesiju do njegovog racunara

Opet, bag jeste smrdljiv - i samo je jos jedan dokaz koliko je Microsoftov SMB protokol los. SMB je kancer Windowsa - ogromna vecina sigurnosnih problema su bili vezani za NetBIOS komponente i njihove portove.

Tacno se vidi da je SMB dizajnirao tim ljudi bez ama bas ikakvog znanja o sigurnosti javnih mreza - sto i ne cudi, u vreme kada je SMB nastao, Internet kao masovni medijum nije ni postojao a deljenje diskova je radjeno iskljucivo u zatvorenim mrezama.
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

icobh
Igor Pejašinović
Network Admin
Navigo SC d.o.o.
Banja Luka

Član broj: 18738
Poruke: 1319
*.opera-mini.net.

Sajt: www.nsc.ba


+4 Profil

icon Re: Why did Microsoft wait 7 years to fix SMBRelay attack flaw?15.11.2008. u 22:05 - pre 187 meseci
E moj Dimkovicu, dzabe ti to pricas, to je pojedinima spansko selo. Moci ces jedino dobiti odgovor na Bosanskom - A!?
I ♥ ♀

Ovaj post je zlata vrijedan!
 
Odgovor na temu

nemysis

Član broj: 2273
Poruke: 729
*.pureserver.info.

Jabber: nemysis)ata(deshalbfrei)dota(org
Sajt: https://duckduckgo.com


+4 Profil

icon Re: Why did Microsoft wait 7 years to fix SMBRelay attack flaw?20.11.2008. u 00:41 - pre 186 meseci
Ma Digimon je i onako šupalj kao švajcarski sir. Pa nema veze što i sami ponekad priznaju svoje greške. Bolji neće biti zbog toga.
 
Odgovor na temu

[es] :: Advocacy :: Why did Microsoft wait 7 years to fix SMBRelay attack flaw?

[ Pregleda: 2397 | Odgovora: 3 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.