SMB Security Hole

Thangorodrim writes "First saw this at SecurityFocus, but it seems as if someone at COTDC finally got around to coding a nice SMB session hijacker for NT/2000. I've tested this on some machines...its pretty brutal. And just in time to coincide with the release of l0phtcrack 3.0... The story linked doesn't have a link to the actual utility, but you can grab it here." *cough* For testing purposes only, of course.

Re:Downward Spiral?

[IntlHarvester]

Great karma score for saying nothing.

As the article points out, Microsoft long ago fixed this with NTLMv2. What the article didn't point out, was that this "new" exploit has been known about for at least 5 years, if not 10 or 15 years. The short answer is that most SMB networks are safely firewalled away, and the admins could give a crap about the authentication security.

The reason people are still vulnerable is that Microsoft loathes to break backwards compatibility. Switching authentication protocols also "breaks" Samba, I believe, which I'm sure many slashdot readers would ascribe to malice. Contrary to your assumption, as older products go away, Microsoft's products will become more secure.

Anyway, just another reason not to hire paper MCSEs...
--

Re:Downward Spiral?

[IntlHarvester]

Actually, a Index Server hole was found between RTM and launch. Thus, when Windows 2000 was released, there was already a hotfix waiting for it.

Time definately makes holes more obvious, but product quality has a much more significant impact. For example, consider IE, Netscape 4.x, IIS, and wu-ftp. All of the above products have had a very poor security history, and holes are still being discovered. My guess is that holes will continually be discovered until the products are sigificantly rewritten or audited. On the other hand, look at Apache or QMail: Time has not brought out a significant increase in security fixes.
--