My father is, and was a plumber for as long as I can remember. I started out helping him on jobs before I was ten. I've been shit on, dug ditches, been under houses, etc. It was the _hardest_ work I have ever done in my life. I left it when I was 18, and because of several life decisions which had nothing to do with college...
I work for Microsoft now.
And for the first time in years, I've logged on to tell you one more thing: You're a fucking idiot, and have no idea what you're talking about.
Bzzt. SFU is no longer a seperate product. It's part of Windows now, in Windows Server 2003 R2 and above - which includes Vista, Windows Server 2008, and Windows 7.
What a load of crap. There are many multilevel systems that hook to multiple classification networks at the same time. One box, connected to both SIPR, and NIPR, for example.
But, hey. Truth doesn't sell magazines, does it? Ironically, the technology that allows more than one classified network to hook to another is pretty freaking awesome. PopMech should take a look at that, instead.
I don't post much anymore. Hell, I hardly ever post at all. I read the site every day, though. Every day.
I still remember CnD, and the heady days when Slashdot didn't have a "working" moderation system. It didn't seem like *that* long ago when trolls like TheGloriousMeept and OGG_THE_CAVEMAN roamed the Slashdot wilderness...and then there were the people that ended up on K5, like Signal 11 and Shoeboy. I went there for like, five minutes. Just like everywhere else. I always keep coming back here. I never even gave Digg a fair shot. Call me loyal or call me stupid. Your choice.
Ironically, there's a large Microsoft development center in Fargo, North Dakota. It's the former home of Great Plains Software, which MS acquired to bolster their portfolio in accounting software.
What's even more funny is that MS also has their corporate finance department there. When you expense something and the finance guys need an original reciept, you either send it through inter office mail, or snail mail it to ND.
Fortunately, most finance related stuff is done online, so you only have to mail originals there.
You got it because someone deliberately sent it to you.
Somebody had to go to the SoaP website and make the message, which could either be sent to a mobile phone, or email.
Too bad you didn't listen to it more closely, you might have been able to tell who sent it. Each message could be customized, for example, to have Samuel L. Jackson say something like: "You and your girlfriend Rebecca are on a plane, full of snakes! Listen to me and you'll survive!"
All in all, it was pretty nifty, motherfuckin' snakes and all.
LOL. Only when an ERD is done...and how many NT admins do THAT on a regular basis?:)
And when SYSKEY is enabled, it's STILL encrypted...even on the ERD and the repair directory. Plus, you still have to have PHYSICAL access to an ERD or the machine to do it.
I didn't SAY the SAM wasn't easy to get. But I said you gotta have PHYSICAL access to do it. I don't know about YOU, but that's why I lock my servers (and the ERD in a safe therein) in a room.
Let's get this straight. MS Does NOT pass clear text passwords over the network. There are basically three types of authentication on MS networks:
1. LAN Manager hashes: This is where the password is simply 'hashed' (weak obfuscation) and not encrypted. Used by LAN Manager, Win 3.x, DOS, and 9x clients authenticating to NT and Win2k DC's. Also used by NT in a non-trust same username/password on both sides situation. Easily snooped, and when fed into L0phtcrack, can be broken. ie: if two users' passwords were "luser", they'd have the same hash representing them.
2. NTLM (NT LAN Manager): Used by WinNT against all DC's and Win2k boxes authenticating against NT DC's. Totally encrypted. The client does a secure, encrypted RPC "trust" with the domain controller, and then passes the name/password combo to the DC, which then passes back an access token. CANNOT BE SNOOPED OR BROKEN. Two versions: NTLM v1 and NTLM v2.
3. Kerberos: Used by Win2k clients against Win2k DC's. Even more secure ticket-passing scheme. 'Nuff said.
Now. You see what I said that NT passwords can't be snooped or broken? I'm serious. It's impossible. LAN Manager hashes, however...Easy. So, you asked how in the hell does L0phtcrack break NT passwords?
Here's the funny part: it doesn't.
On every NT box, the passwords are stored in the SAM (equivalent of/etc/passwd) in two formats: the encrypted NTLM passwords, and the LAN Manager hashes. Since the LAN Manager hashes = NT passwords, that's how L0phtcrack gets your pwd's. But, NT has to be SHUT DOWN (when installed on an NTFS part) to get the SAM file to feed it into L0phtcrack. That's where physical security comes in. And, since NT can't protect the passwords when it's shut down, since SP3 there's a utility called SYSKEY which encrypts the SAM when NT is shut down. L0phtCrack can't touch the hashes then. BTW, SYSKEY is not on by default on NT. It is on Win2k boxes with SAM's (Pro and non-DC member servers). Go figure.
On Win2k DC's, everything is stored in the AD database. Try and crack that. I'm sure it'll eventually be done...but it'll take a long while.
So, in short: Don't use downlevel (non NT) clients, turn on SYSKEY, and the LAN Manager hash scourge will all but be eliminated.
However, there is a Directory Services Client for 9x/NT that allows it to use NTLM v2 in a Win2k network. I still wouldn't use 9x.
In other words...don't talk about which you do not know.
Here's the deal...although the interface now may look clunky (which I admit it does), the.NET strategem includes XML. And what does this mean to you? It means that the whole damn interface will be extensible through just some simple (or not-so-simple, depending on your preferences) editing of XML configuration file(s). This means that your entire GUI, not just the window hangings, not just the widgets...the WHOLE thing, will be extensible to any document format that's supported under XML. I know Apple has got XML configuration down in Mac OS X, but I don't think it's as widespread throughout the OS, as in Microsoft's case. And since ALL MS products are moving to the XML base, theoretically you should be able to click on a link, see your most commonly used Office documents, and then have one of them "materialize" on your desktop, workspace, whatever, SEAMLESSLY. Imagine having several programs/documents open at the same time and be able to seamlessly operate between them, as if they were one program.
And you think Enlightenment is customizable? Heh. MS isn't playing here. This is gonna be a BIG thing.
And think of this...once the.NET frameworks get ported to other OSes (think Linux), this same extensibility will be there in all.NET platforms, with the same commonality features. No more Windows, Linux, or Mac specific GUI's. One person's interface on a Linux box will be able to be used on any other platform. Just copy the XML config files (and the appropriate extensions) and you're done. No porting necessary.
They're going for COMMONALITY here people. They realize the money's not in the OS any more, it's in the applications. As long as you have the.NET frameworks on your platform, the app will work.
Period.
Imagine going to the store and buying Microsoft Office.NET and just having it run on your Linux box...no modifications needed.
What happens to STB's former manufacturing and fabrication facilities? STB wasn't a small player, you know. Stands to reason 3Dfx could make some liquid assets by selling what's left of STB to some other company, or spinning it off as an idependent entity while still retaining control, like ATT did with Lucent.
IE 2 was a completely different beast than IE3. Install an old copy of Win95 OSR1 or any copy of WinNT 4. Then you'll see IE 2. IE 2, in a word, sucked. IE 3 was MUCH better. It had the integrated Mail/News app that eventually became Outlook Express.
Actually there's an interesting tidbit about IE 3 that most people don't know. Remember Microsoft Bob? Well, around 1996, the Bob programming team were hard at work for Bob 2.0 for Windows 95 (why? I have no idea), and NS 3.0 had just come out. Microsoft needed a capable browser, and they needed one FAST, because they were pretty much taken by surprise by the explosion of the Internet. Well, ol' Billy G himself walked into the offices where the Bob programmers were and basically said "Stop what you're doing right now. We're scrapping Bob 2.0. Your new job is IE 3.0."
Six months later... IE3 was born.
It amazed me how much power he had within the company when I read that.
I have a Lombard 400 Mhz G3 PowerBook. I know it only has a 66 Mhz system bus, but the only thing that has kept me from upgrading is the fact that the new 2K PB's killed SCSI in place of FireWire. I'd rather have SCSI, and I can get a FireWire PCMCIA card. What really kills me though, is the fact that the new PB's have AirPort antennas built in...
Anyway, I'd like to see somebody make an upgrade for Lombards...the only thing holding 'em back is the ROM issue.
Hopefully, we'll see some Wallstreet/Lombard upgrades soon...
Kevin, MCSE+I/MCT (I'm no bigot, waiting for MacOS X, hehe)
Did you have IP forwarding off? Proxy Server is just that...a proxy sever...and an okay firewall.
But it is NOT a NAT.
Turning IP Forwarding on on a box with PS 2.0 is not a good idea...basically you're leaving yourself open to attack...even with Dynamic Packet Filtering turned on.
I just know that PS, when used correctly, is pretty damn well secure.
You know, with all this talk about certifications, I see that the SAIR GNU/Linux certification is conspicuously absent from this thread. The company I was working for (New Horizons) was looking at SAIR to augment the normal MCSE/CNE stuff we're always pushing. We got a welcome package from them...inside was a sample course (I think it was Linux Administration or something like that) and they gave you like 6 CD's (One Red Hat, one Debian, one Caldera, etc. etc.) for the course. Since the courseware was non vendor-specific, the student could use any one of those CD's to isntall his/her classroom machine with.
Pretty cool, in my opinion. I would rate the quailty of the courseware right up there with Microsoft's (Exchange 5.5 Implementaion and Design, not NT Admin:)).
Sun became a company in 1982 (when Bill Joy left Berkeley for Sun). BSD was there Waaaaay before that.
SunOS 4.1.x and before (Solaris 1.x) descended from BSD. SunOS 5.x and above (Solaris 2.x) is SVR4, which was developed mainly by Sun and AT&T by merging the best of both codebases (BSD and SVR3).
This is not a flame. I am a Microsoft Certified Systems Engineer/Microsoft Certified Trainer. I am not an OS bigot (I also run Linux, MacOS, AmigaDOS, and OPENSTEP), so no flames, please...:) I just have to say one thing: NetBEUI sucks. I mean, for Chrissakes, it's a BROADCAST based protocol. Even with MS machines, the stack has to pull EVERY packet all the way up to the Application Layer of the OSI model to check whether or not the machine name matches it's own! I mean, we already have a fast, well desgined protocol to run our networks on (TCP/IP) and a way to make it almost zero-administration (DHCP/BOOTP).
I preach in my classes that unmitigated broadcasts (i.e. anything but ARP or DHCP initialization) are EVIL. They suck your most precious resource - bandwidth - like a hungry vampire.
NetBEUI is even more evil because you have a choice NOT to use it and use TCP/IP.
The only reason to use it is for MS-DOS clients...and I would segment them away from my network using a dual homed machine with TCP/IP bound to one adapter card (to the main network) and NetBEUI bound to the other (to the DOS machines).
NetBEUI's dead, folks. Don't pollute the efficiency of *NIX with this crap.
Slashdot Mirror
My father is, and was a plumber for as long as I can remember. I started out helping him on jobs before I was ten. I've been shit on, dug ditches, been under houses, etc. It was the _hardest_ work I have ever done in my life. I left it when I was 18, and because of several life decisions which had nothing to do with college...
I work for Microsoft now.
And for the first time in years, I've logged on to tell you one more thing: You're a fucking idiot, and have no idea what you're talking about.
That is all.
He's not the only one. I've been here for a long, long while.
Bzzt. SFU is no longer a seperate product. It's part of Windows now, in Windows Server 2003 R2 and above - which includes Vista, Windows Server 2008, and Windows 7.
It's called the Subsystem for UNIX-based Applications (SUA). Relevant TechNet link: http://technet.microsoft.com/en-us/library/cc786798(WS.10).aspx
Here's a good Wikipedia article on the product, showing the history from Interix, to SFU, to SUA: http://en.wikipedia.org/wiki/Interix
There's even a Debian port for it: http://debian-interix.net/
The only problem there is that "7" is a marketing term only. The kernel version is 6.1. Here it is from a CMD window, pasted right into Slashdot:
Microsoft Windows [Version 6.1.7000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
I, myself, can't stand the "7" moniker. It's misleading, and no better than the year-themed marketing names. Well, okay. Marginally.
Why can't we just call it what it is? 6.1, for chrissakes.
What a load of crap. There are many multilevel systems that hook to multiple classification networks at the same time. One box, connected to both SIPR, and NIPR, for example.
Here's one of them, Radiant Mercury: http://www.globalsecurity.org/intell/systems/radiant_mercury.htm
Here's another. DTW, the DoDIIS Trusted Workstation. It has the capabilty to hook up to many networks at the same time, from NIPR to SCI: http://www.sun.com/solutions/documents/business-cases/go_DTW_cc.pdf
But, hey. Truth doesn't sell magazines, does it? Ironically, the technology that allows more than one classified network to hook to another is pretty freaking awesome. PopMech should take a look at that, instead.
I don't post much anymore. Hell, I hardly ever post at all. I read the site every day, though. Every day.
I still remember CnD, and the heady days when Slashdot didn't have a "working" moderation system. It didn't seem like *that* long ago when trolls like TheGloriousMeept and OGG_THE_CAVEMAN roamed the Slashdot wilderness...and then there were the people that ended up on K5, like Signal 11 and Shoeboy. I went there for like, five minutes. Just like everywhere else. I always keep coming back here. I never even gave Digg a fair shot. Call me loyal or call me stupid. Your choice.
Ironically, there's a large Microsoft development center in Fargo, North Dakota. It's the former home of Great Plains Software, which MS acquired to bolster their portfolio in accounting software.
What's even more funny is that MS also has their corporate finance department there. When you expense something and the finance guys need an original reciept, you either send it through inter office mail, or snail mail it to ND.
Fortunately, most finance related stuff is done online, so you only have to mail originals there.
No, he means "de jure", as in the opposite of "de facto".
...fatality!
Not only that, he's using it correctly.
Check out this "link du jour": http://en.wikipedia.org/wiki/De_jure
Yes. It wasn't spam.
You got it because someone deliberately sent it to you.
Somebody had to go to the SoaP website and make the message, which could either be sent to a mobile phone, or email.
Too bad you didn't listen to it more closely, you might have been able to tell who sent it. Each message could be customized, for example, to have Samuel L. Jackson say something like: "You and your girlfriend Rebecca are on a plane, full of snakes! Listen to me and you'll survive!"
All in all, it was pretty nifty, motherfuckin' snakes and all.
Pot. Meet Kettle. :)
It isn't.
It's called "The X Window System."
Or simply "X".
"X Windows" is a misnomer.
Reread the readme.
:)
You gotta be an Administrator to run pwdump2.
Normal users don't have that right. And since I'd be an Admin...I could just change the password myself in User Manager.
Cheers.
-Kevin, MCSE+I/MCT
LOL. Only when an ERD is done...and how many NT admins do THAT on a regular basis? :)
And when SYSKEY is enabled, it's STILL encrypted...even on the ERD and the repair directory. Plus, you still have to have PHYSICAL access to an ERD or the machine to do it.
I didn't SAY the SAM wasn't easy to get. But I said you gotta have PHYSICAL access to do it. I don't know about YOU, but that's why I lock my servers (and the ERD in a safe therein) in a room.
Listen next time.
-Kevin, MCSE/MCT
Okay. Enough of this shit. FUD killing time.
/etc/passwd) in two formats: the encrypted NTLM passwords, and the LAN Manager hashes. Since the LAN Manager hashes = NT passwords, that's how L0phtcrack gets your pwd's. But, NT has to be SHUT DOWN (when installed on an NTFS part) to get the SAM file to feed it into L0phtcrack. That's where physical security comes in. And, since NT can't protect the passwords when it's shut down, since SP3 there's a utility called SYSKEY which encrypts the SAM when NT is shut down. L0phtCrack can't touch the hashes then. BTW, SYSKEY is not on by default on NT. It is on Win2k boxes with SAM's (Pro and non-DC member servers). Go figure.
Let's get this straight. MS Does NOT pass clear text passwords over the network. There are basically three types of authentication on MS networks:
1. LAN Manager hashes: This is where the password is simply 'hashed' (weak obfuscation) and not encrypted. Used by LAN Manager, Win 3.x, DOS, and 9x clients authenticating to NT and Win2k DC's. Also used by NT in a non-trust same username/password on both sides situation. Easily snooped, and when fed into L0phtcrack, can be broken. ie: if two users' passwords were "luser", they'd have the same hash representing them.
2. NTLM (NT LAN Manager): Used by WinNT against all DC's and Win2k boxes authenticating against NT DC's. Totally encrypted. The client does a secure, encrypted RPC "trust" with the domain controller, and then passes the name/password combo to the DC, which then passes back an access token. CANNOT BE SNOOPED OR BROKEN. Two versions: NTLM v1 and NTLM v2.
3. Kerberos: Used by Win2k clients against Win2k DC's. Even more secure ticket-passing scheme. 'Nuff said.
Now. You see what I said that NT passwords can't be snooped or broken? I'm serious. It's impossible. LAN Manager hashes, however...Easy. So, you asked how in the hell does L0phtcrack break NT passwords?
Here's the funny part: it doesn't.
On every NT box, the passwords are stored in the SAM (equivalent of
On Win2k DC's, everything is stored in the AD database. Try and crack that. I'm sure it'll eventually be done...but it'll take a long while.
So, in short: Don't use downlevel (non NT) clients, turn on SYSKEY, and the LAN Manager hash scourge will all but be eliminated.
However, there is a Directory Services Client for 9x/NT that allows it to use NTLM v2 in a Win2k network. I still wouldn't use 9x.
In other words...don't talk about which you do not know.
Cheers,
-Kevin, MCSE+I/MCT
Here's the deal...although the interface now may look clunky (which I admit it does), the .NET strategem includes XML. And what does this mean to you? It means that the whole damn interface will be extensible through just some simple (or not-so-simple, depending on your preferences) editing of XML configuration file(s). This means that your entire GUI, not just the window hangings, not just the widgets...the WHOLE thing, will be extensible to any document format that's supported under XML. I know Apple has got XML configuration down in Mac OS X, but I don't think it's as widespread throughout the OS, as in Microsoft's case. And since ALL MS products are moving to the XML base, theoretically you should be able to click on a link, see your most commonly used Office documents, and then have one of them "materialize" on your desktop, workspace, whatever, SEAMLESSLY. Imagine having several programs/documents open at the same time and be able to seamlessly operate between them, as if they were one program.
.NET frameworks get ported to other OSes (think Linux), this same extensibility will be there in all .NET platforms, with the same commonality features. No more Windows, Linux, or Mac specific GUI's. One person's interface on a Linux box will be able to be used on any other platform. Just copy the XML config files (and the appropriate extensions) and you're done. No porting necessary.
.NET frameworks on your platform, the app will work.
.NET and just having it run on your Linux box...no modifications needed.
And you think Enlightenment is customizable? Heh. MS isn't playing here. This is gonna be a BIG thing.
And think of this...once the
They're going for COMMONALITY here people. They realize the money's not in the OS any more, it's in the applications. As long as you have the
Period.
Imagine going to the store and buying Microsoft Office
This, I think will be a very exciting thing.
-Kevin, MSCE+I, MCT
What happens to STB's former manufacturing and fabrication facilities? STB wasn't a small player, you know. Stands to reason 3Dfx could make some liquid assets by selling what's left of STB to some other company, or spinning it off as an idependent entity while still retaining control, like ATT did with Lucent.
-Kevin
IE 2 was a completely different beast than IE3. Install an old copy of Win95 OSR1 or any copy of WinNT 4. Then you'll see IE 2. IE 2, in a word, sucked. IE 3 was MUCH better. It had the integrated Mail/News app that eventually became Outlook Express.
Actually there's an interesting tidbit about IE 3 that most people don't know. Remember Microsoft Bob? Well, around 1996, the Bob programming team were hard at work for Bob 2.0 for Windows 95 (why? I have no idea), and NS 3.0 had just come out. Microsoft needed a capable browser, and they needed one FAST, because they were pretty much taken by surprise by the explosion of the Internet. Well, ol' Billy G himself walked into the offices where the Bob programmers were and basically said "Stop what you're doing right now. We're scrapping Bob 2.0. Your new job is IE 3.0."
Six months later... IE3 was born.
It amazed me how much power he had within the company when I read that.
Later,
-Kevin, MCSE+I/MCT
They do.
It's called Windows Terminal Services, included with Win2k...but if you want to get away from that crappy MS RDP protocol, use MetaFrame.
www.citrix.com
Costs a lot of money, but it rocks.
And they have clients for all sorts of *NIX boxen.
-Kevin, MCSE/MCT
I have a Lombard 400 Mhz G3 PowerBook. I know it only has a 66 Mhz system bus, but the only thing that has kept me from upgrading is the fact that the new 2K PB's killed SCSI in place of FireWire. I'd rather have SCSI, and I can get a FireWire PCMCIA card. What really kills me though, is the fact that the new PB's have AirPort antennas built in...
Anyway, I'd like to see somebody make an upgrade for Lombards...the only thing holding 'em back is the ROM issue.
Hopefully, we'll see some Wallstreet/Lombard upgrades soon...
Kevin, MCSE+I/MCT (I'm no bigot, waiting for MacOS X, hehe)
Did you have IP forwarding off?
Proxy Server is just that...a proxy sever...and an okay firewall.
But it is NOT a NAT.
Turning IP Forwarding on on a box with PS 2.0 is not a good idea...basically you're leaving yourself open to attack...even with Dynamic Packet Filtering turned on.
I just know that PS, when used correctly, is pretty damn well secure.
-Kevin, MCSE+I, MCT
You know, with all this talk about certifications, I see that the SAIR GNU/Linux certification is conspicuously absent from this thread. The company I was working for (New Horizons) was looking at SAIR to augment the normal MCSE/CNE stuff we're always pushing. We got a welcome package from them...inside was a sample course (I think it was Linux Administration or something like that) and they gave you like 6 CD's (One Red Hat, one Debian, one Caldera, etc. etc.) for the course. Since the courseware was non vendor-specific, the student could use any one of those CD's to isntall his/her classroom machine with.
:)).
Pretty cool, in my opinion. I would rate the quailty of the courseware right up there with Microsoft's (Exchange 5.5 Implementaion and Design, not NT Admin
Check 'em out at www.linuxcertification.com
-Kevin, MCSE+I,MCT
Sun became a company in 1982 (when Bill Joy left Berkeley for Sun). BSD was there Waaaaay before that.
SunOS 4.1.x and before (Solaris 1.x) descended from BSD. SunOS 5.x and above (Solaris 2.x) is SVR4, which was developed mainly by Sun and AT&T by merging the best of both codebases (BSD and SVR3).
Get your facts straight before posting, please.
-Kevin
You are right. Completely on target.
I had my head up my ass there in my clamor to denounce NetBEUI.
Replace "Bandwidth" with "Efficiency."
:)
-Kevin
This is not a flame. I am a Microsoft Certified Systems Engineer/Microsoft Certified Trainer. I am not an OS bigot (I also run Linux, MacOS, AmigaDOS, and OPENSTEP), so no flames, please...:) I just have to say one thing: NetBEUI sucks. I mean, for Chrissakes, it's a BROADCAST based protocol. Even with MS machines, the stack has to pull EVERY packet all the way up to the Application Layer of the OSI model to check whether or not the machine name matches it's own! I mean, we already have a fast, well desgined protocol to run our networks on (TCP/IP) and a way to make it almost zero-administration (DHCP/BOOTP).
I preach in my classes that unmitigated broadcasts (i.e. anything but ARP or DHCP initialization) are EVIL. They suck your most precious resource - bandwidth - like a hungry vampire.
NetBEUI is even more evil because you have a choice NOT to use it and use TCP/IP.
The only reason to use it is for MS-DOS clients...and I would segment them away from my network using a dual homed machine with TCP/IP bound to one adapter card (to the main network) and NetBEUI bound to the other (to the DOS machines).
NetBEUI's dead, folks. Don't pollute the efficiency of *NIX with this crap.
Kevin W. Bunn, MCSE/MCT
MCP ID # 1198191
Well, you just might make a good Anakin, but the Darth Vader costume is just ALL WRONG for you...:)
How ya doin' buddy?
-Kevin