Slashdot Mirror


Microsoft's "Dead Cow" Patch Was 7 Years In the Making

narramissic writes "Back in March 2001, a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how an attack on a flaw in Microsoft's SMB (Server Message Block) service worked. Or maybe the flaw was first disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog). It was so long ago, memory is dim. Either way, it has taken Microsoft an unusually long time to fix. Now, a mere seven and a half years later, Microsoft has released a patch. 'I've been holding my breath since 2001 for this patch,' said Shavlik Technologies CTO Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, 'showed how easy it was to take control of a remote machine without knowing the password,' he said."

13 of 203 comments (clear)

  1. Now I get it by Maniacal · · Score: 5, Funny

    So that's how they came up with the name 'Windows 7'

    --
    MG
    1. Re:Now I get it by thewils · · Score: 5, Funny

      Things look a bit bleak for Windows 2008 then :(

      --
      Once I was a four stone apology. Now I am two separate gorillas.
    2. Re:Now I get it by mfh · · Score: 4, Funny

      So that's how they came up with the name 'Windows 7'

      No, they needed to get some luck for Windows, so they added the lucky number 7 to it. This bug fix was introduced to confuse us all.

      --
      The dangers of knowledge trigger emotional distress in human beings.
    3. Re:Now I get it by Yvan256 · · Score: 4, Funny

      George Costanza works for Microsoft?

  2. 'been holding my breath since 2001 for this patch' by Anonymous Coward · · Score: 5, Funny

    ...and boy are my arms tired.

    P.S. I'm dead.

  3. my prayers are answered! by Trepidity · · Score: 5, Funny

    Seven years ago, The Register devastated me with this terrible news:

    It's backward compatibility that has MS in a trap now. "NTLMv2 was created to address many of these issues, and if Windows came configured to use only NTLMv2 these would not be issues, unless the user knowingly opened himself up to allow communication with older operating systems," Sir Dystic noted.
    [...]
    However, if for some reason it's necessary for you to use the many thrilling features of Windows networking without NTLMv2, then there is absolutely nothing you can do but pray.

    Finally, I can use my favorite thrilling NTLM features without giving in and using NTLMv2!

  4. port 139 by heffrey · · Score: 5, Funny

    Oh well, I guess I'd better block incoming public Internet traffic on port 139 then. That's a shame because it's been so very useful to have an Internet facing SMB share.

  5. Windows Server Admin? On Slashdot? Are you kidding by drachenfyre · · Score: 5, Funny

    Like any windows server admin reads slashdot.... And the ones that do aren't going to stick their hands up and say "Oh, pick me" so we can all berate them for their choice in closed source server operating systems.

  6. Re:SMB? by Anonymous Coward · · Score: 5, Funny
    It took me a while, but apparently Sir Dystic was(is?) a member of The Cult Of The Dead Cow (reference).

    What a crappy headline. I hate teasers like that.

  7. Re:Does anyone use this OS any more? by heffrey · · Score: 5, Funny

    Hardly anybody still uses Windows, it's dying out.

  8. Re:Windows Server Admin? On Slashdot? Are you kidd by 0racle · · Score: 4, Funny

    I do.

    You can make fun of me :)

    That said, if you have a Linksys firewall

    Now you deserve to be made fun of.

    --
    "I use a Mac because I'm just better than you are."
  9. Re:Easter egg for Windows 7? by dkleinsc · · Score: 5, Funny

    That would make it harder to get to than the Secret Cow Level in Diablo II, because in Diablo II all you have to do is go through Hell, whereas with Windows 7 you have to install it successfully.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  10. Re:Does anyone use this OS any more? by Sponge+Bath · · Score: 5, Funny

    ...stop telling suits that all they need to administer Windows is someone with one finger

    Damn skippy! Alt-Ctrl-Del takes three fingers.