Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's "Dead Cow" Patch Was 7 Years In the Making

Posted by timothy on from the were-they-lean-years-or-fat-years? dept.

narramissic writes "Back in March 2001, a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how an attack on a flaw in Microsoft's SMB (Server Message Block) service worked. Or maybe the flaw was first disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog). It was so long ago, memory is dim. Either way, it has taken Microsoft an unusually long time to fix. Now, a mere seven and a half years later, Microsoft has released a patch. 'I've been holding my breath since 2001 for this patch,' said Shavlik Technologies CTO Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, 'showed how easy it was to take control of a remote machine without knowing the password,' he said."

3 of 203 comments (clear)

  1. Does anyone use this OS any more? by WillAffleckUW · · Score: 5, Interesting

    I mean, seriously, most of us have written it off, and it makes bad business sense too.

    At work we've cancelled plans to use Win7 and WinVista and are moving to all Linux where we can, just from a staffing level perspective.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Does anyone use this OS any more? by HerculesMO · · Score: 5, Interesting

      Yes, lots of people still do.

      Makes little business sense right now to go to Win7/Vista, but XP is still a smart move for most people.

      It's too bad Slashdotters here are so entranced with the platform, they forget what it's supposed to delivery. I don't really care what OS is on the desktop, so long as it allows us to achieve what we are trying to do. Usually, it's the software that does that, not the OS.

      --
      The price is always right if someone else is paying.
  2. C2MyAzz by Anonymous Coward · · Score: 5, Interesting

    Hmm - there was an attack called C2MyAzz that was even simpler than the man in the middle attack. It would just spoof the handshake between client and server. The attacking workstation would watch for client->server message requesting authentication. The attacking workstation would send a packet back to the client before the server, asking the client to send back a clear-text password. Much easier than a man-in-the-middle attack, and it worked well. When it was released, Microsoft's official response was "most organizations use switches and routers, so this is not a problem". Originally released in 2001, IIRC.