Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's "Dead Cow" Patch Was 7 Years In the Making

Posted by timothy on from the were-they-lean-years-or-fat-years? dept.

narramissic writes "Back in March 2001, a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how an attack on a flaw in Microsoft's SMB (Server Message Block) service worked. Or maybe the flaw was first disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog). It was so long ago, memory is dim. Either way, it has taken Microsoft an unusually long time to fix. Now, a mere seven and a half years later, Microsoft has released a patch. 'I've been holding my breath since 2001 for this patch,' said Shavlik Technologies CTO Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, 'showed how easy it was to take control of a remote machine without knowing the password,' he said."

8 of 203 comments (clear)

  1. Does anyone use this OS any more? by WillAffleckUW · · Score: 5, Interesting

    I mean, seriously, most of us have written it off, and it makes bad business sense too.

    At work we've cancelled plans to use Win7 and WinVista and are moving to all Linux where we can, just from a staffing level perspective.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Does anyone use this OS any more? by HerculesMO · · Score: 5, Interesting

      Yes, lots of people still do.

      Makes little business sense right now to go to Win7/Vista, but XP is still a smart move for most people.

      It's too bad Slashdotters here are so entranced with the platform, they forget what it's supposed to delivery. I don't really care what OS is on the desktop, so long as it allows us to achieve what we are trying to do. Usually, it's the software that does that, not the OS.

      --
      The price is always right if someone else is paying.
    2. Re:Does anyone use this OS any more? by WillAffleckUW · · Score: 2, Interesting

      Market cap is a reference to net revenue multiplied by copies.

      If we were to do a simple math exercise, we would see that if they (as they did) double the price of Windows (WinVista and Win7) but only lose 40 percent of the customers, then they end up with INCREASING MARKET SHARE.

      Even if the number of people actually losing it decreases.

      Even if many copies of WinVista are rebuilt as either WinXP or Linux (or BSD).

      Simple math exercise any first year economist could do.

      --
      -- Tigger warning: This post may contain tiggers! --
    3. Re:Does anyone use this OS any more? by conlaw · · Score: 4, Interesting

      Windows is GUI based to be sure, but there are behind the scenes things (registry, hosts files, policies, clustering, etc) that is not as intuitive as people think it may be. That's also where a LOT of problems occur, and cause the BSODs and other things that the *nix fans love to jump at.

      Yes, my penultimate reason for leaving Windows was all of those hidden problems like "why is xxx.dll using 92% of my capacity? and WTF is xxx.dll anyway?" MS would never tell anyone the answers so you had to go to all of the forums where people volunteer to help you, but first you have to download and run a spy seeker, an ad finder, a virus detector and "Hijack this." BTW, I have great respect for these volunteers but they shouldn't be needed in a system that I paid for.

      Just to forestall questions, my ultimate reason for leaving was when I read what Microsoft Genuine Advantage was going to do, rather than blindly pushing the download key so that I could get this "advantage."

  2. C2MyAzz by Anonymous Coward · · Score: 5, Interesting

    Hmm - there was an attack called C2MyAzz that was even simpler than the man in the middle attack. It would just spoof the handshake between client and server. The attacking workstation would watch for client->server message requesting authentication. The attacking workstation would send a packet back to the client before the server, asking the client to send back a clear-text password. Much easier than a man-in-the-middle attack, and it worked well. When it was released, Microsoft's official response was "most organizations use switches and routers, so this is not a problem". Originally released in 2001, IIRC.

  3. Re:I forget... by burris · · Score: 2, Interesting

    I believe that's "*Hobbit*" ...

    (jan '97)

  4. Re:SMB? by QuantumRiff · · Score: 3, Interesting

    Okay Mr. Quick with the link.. Where does the "dead cow" Reference come from?

    --

    What are we going to do tonight Brain?
  5. Re:SMB? by TuxThePenguin2205 · · Score: 3, Interesting

    When I ran some benchmarks on NT4 back in the day file transfer speeds over 10baseT was half that of FTP .. I haven't found a use for SMB outside homogeneous Windows set-ups that can't be beaten by alternate solutions.