Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's "Dead Cow" Patch Was 7 Years In the Making

Posted by timothy on from the were-they-lean-years-or-fat-years? dept.

narramissic writes "Back in March 2001, a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how an attack on a flaw in Microsoft's SMB (Server Message Block) service worked. Or maybe the flaw was first disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog). It was so long ago, memory is dim. Either way, it has taken Microsoft an unusually long time to fix. Now, a mere seven and a half years later, Microsoft has released a patch. 'I've been holding my breath since 2001 for this patch,' said Shavlik Technologies CTO Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, 'showed how easy it was to take control of a remote machine without knowing the password,' he said."

10 of 203 comments (clear)

  1. Does anyone use this OS any more? by WillAffleckUW · · Score: 5, Interesting

    I mean, seriously, most of us have written it off, and it makes bad business sense too.

    At work we've cancelled plans to use Win7 and WinVista and are moving to all Linux where we can, just from a staffing level perspective.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Does anyone use this OS any more? by HerculesMO · · Score: 5, Interesting

      Yes, lots of people still do.

      Makes little business sense right now to go to Win7/Vista, but XP is still a smart move for most people.

      It's too bad Slashdotters here are so entranced with the platform, they forget what it's supposed to delivery. I don't really care what OS is on the desktop, so long as it allows us to achieve what we are trying to do. Usually, it's the software that does that, not the OS.

      --
      The price is always right if someone else is paying.
    2. Re:Does anyone use this OS any more? by WillAffleckUW · · Score: 2, Interesting

      Market cap is a reference to net revenue multiplied by copies.

      If we were to do a simple math exercise, we would see that if they (as they did) double the price of Windows (WinVista and Win7) but only lose 40 percent of the customers, then they end up with INCREASING MARKET SHARE.

      Even if the number of people actually losing it decreases.

      Even if many copies of WinVista are rebuilt as either WinXP or Linux (or BSD).

      Simple math exercise any first year economist could do.

      --
      -- Tigger warning: This post may contain tiggers! --
    3. Re:Does anyone use this OS any more? by conlaw · · Score: 4, Interesting

      Windows is GUI based to be sure, but there are behind the scenes things (registry, hosts files, policies, clustering, etc) that is not as intuitive as people think it may be. That's also where a LOT of problems occur, and cause the BSODs and other things that the *nix fans love to jump at.

      Yes, my penultimate reason for leaving Windows was all of those hidden problems like "why is xxx.dll using 92% of my capacity? and WTF is xxx.dll anyway?" MS would never tell anyone the answers so you had to go to all of the forums where people volunteer to help you, but first you have to download and run a spy seeker, an ad finder, a virus detector and "Hijack this." BTW, I have great respect for these volunteers but they shouldn't be needed in a system that I paid for.

      Just to forestall questions, my ultimate reason for leaving was when I read what Microsoft Genuine Advantage was going to do, rather than blindly pushing the download key so that I could get this "advantage."

  2. C2MyAzz by Anonymous Coward · · Score: 5, Interesting

    Hmm - there was an attack called C2MyAzz that was even simpler than the man in the middle attack. It would just spoof the handshake between client and server. The attacking workstation would watch for client->server message requesting authentication. The attacking workstation would send a packet back to the client before the server, asking the client to send back a clear-text password. Much easier than a man-in-the-middle attack, and it worked well. When it was released, Microsoft's official response was "most organizations use switches and routers, so this is not a problem". Originally released in 2001, IIRC.

  3. Re:I forget... by burris · · Score: 2, Interesting

    I believe that's "*Hobbit*" ...

    (jan '97)

  4. Re:SMB? by QuantumRiff · · Score: 3, Interesting

    Okay Mr. Quick with the link.. Where does the "dead cow" Reference come from?

    --

    What are we going to do tonight Brain?
  5. What will the patch break? by Anonymous Coward · · Score: 1, Interesting

    So, if I patch my XP workstations, will I still be able to talk SMB to Win98?

    (Stop laughing you bastards, I was being serious...)

  6. Re:SMB? by TuxThePenguin2205 · · Score: 3, Interesting

    When I ran some benchmarks on NT4 back in the day file transfer speeds over 10baseT was half that of FTP .. I haven't found a use for SMB outside homogeneous Windows set-ups that can't be beaten by alternate solutions.

  7. A Good Windows Security Guide (online) by Anonymous Coward · · Score: 1, Interesting

    Whoever modded you funny must think they are clever. It appeared to me that you asked an honest question. Here is the best answer I can give you (2 hrs. of your time, tops, for years of stable and faster uptime for years into the distance, by following a guide, an automated tool for security of PC/Server evaluation from a free and reputable security audit tool, some registry hacks (automated via .reg files that are fully internally documented no less with sources), and instructions on how to use layered security in detail, with tools/tips/tricks/techniques that really work, if you can follow/take direction, use common-sense, & adhere to some simple rules (and, of course, it depends on if you can read english or not))

    A good overall security guide is here:

    HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA, + make it "fun-to-do", via CIS Tool Guidance (& beyond):

    http://www.tcmagazine.com/forums/index.php?showtopic=2662 [tcmagazine.com]

    It shows you how to config NTLMv2 for instance to be 'proofed' vs. this form of attack this thread on this website is noting today, and the techniques been known for the better part of a decade.

    If you are a standalone machine (single machine not on a LAN at home or LAN/WAN on the job for instance on a network there) it goes into far more that is effective vs. this, and other attacks possible on a Windows NT-based OS.

    By following both the CIS Tool and this guide's points, You also go faster online as a bonus ontop of being far more secure (91/100 on Windows XP, and 86/100 on Windows Server 2003 scores are quantified for viewers from CIS Tool evaluation (a multiplatform benchmark of security based on industry best practices for securing PC's and Servers that was well noted by sources such as COMPUTERWORLD)).