The summary says "McFeters was brought in with co-worker Rob Carter to talk about some vulnerabilities they had discovered with a few product security teams in attendence" - that makes it sounds like Nate and Rob found vulnerabilities in Microsoft products. If you actually read the guest blog entry, it says: "Microsoft had Rob Carter [...] and I come in to discuss some recent vulnerabilities that we've discovered with a few third-party vendors with whom Microsoft has tight relationships"
Probably this is referring to Adobe - Nate and Rob have previously reported vulns to them and had them patched.
How'd they get username/passwords?
on
Microsoft Cracked
·
· Score: 2
I'm interested to hear how the trojan got access to the usernames/passwords - these were sent back to the crackers periodically via email.
Simply sniffing keystrokes in usermode wouldn't have allowed the login keys to be captured (because the logon process runs under a different session), however passwords used for "net use" connections (i.e. connecting to file shares) could be visible (I'm not sure, though)
Sniffing the network requires admin rights (like Unix) and would only give you acces to encypted Kerberos tickets...
Any other ideas on how they did it ?
Re:See what happens when you rely on NT
on
Microsoft Cracked
·
· Score: 1
Think about it... It makes it kind of hard to have thousand of developers working on a project if "there is no wire" linking the dev's machine to the source repository.
Sneaker.net went out of fashion quite a while ago.
aka earth crust displacement ?
(http://www.habtheory.com/100.htm)
Of course, global warming and the melting of the polar caps may make this less likely to occur, but still a nice extra posibility to worry about !;-)
Slashdot Mirror
Blue is a reference to the blue ID badges that Microsoft employees have.
The summary says "McFeters was brought in with co-worker Rob Carter to talk about some vulnerabilities they had discovered with a few product security teams in attendence" - that makes it sounds like Nate and Rob found vulnerabilities in Microsoft products. If you actually read the guest blog entry, it says:
"Microsoft had Rob Carter [...] and I come in to discuss some recent vulnerabilities that we've discovered with a few third-party vendors with whom Microsoft has tight relationships"
Probably this is referring to Adobe - Nate and Rob have previously reported vulns to them and had them patched.
I'm interested to hear how the trojan got access to the usernames/passwords - these were sent back to the crackers periodically via email.
Simply sniffing keystrokes in usermode wouldn't have allowed the login keys to be captured (because the logon process runs under a different session), however passwords used for "net use" connections (i.e. connecting to file shares) could be visible (I'm not sure, though)
Sniffing the network requires admin rights (like Unix) and would only give you acces to encypted Kerberos tickets...
Any other ideas on how they did it ?
Think about it... It makes it kind of hard to have thousand of developers working on a project if "there is no wire" linking the dev's machine to the source repository.
Sneaker.net went out of fashion quite a while ago.
aka earth crust displacement ? (http://www.habtheory.com/100.htm) Of course, global warming and the melting of the polar caps may make this less likely to occur, but still a nice extra posibility to worry about ! ;-)