Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft takes 7 years to 'solve' a problem?!

From: Paul Schmehl <pschmehl_lists () tx rr com>
Date: Wed, 26 Nov 2008 00:27:08 -0600
--On November 25, 2008 4:25:57 AM -0600 Eric Rachner <eric () rachner us> wrote: 


Hey, kid -

If you've got any better ideas about how to fix NTLM, the industry is
ready & waiting to hear them.

The fact is, NTLM is an old & busted protocol that happens to be used
everywhere, and there's no way to fix it without breaking compatibility
with, oh, just the entire installed base.  I was happy to see MS08-068
because the technique it implements is better than nothing - it offers a
nice, clever way to reduce the exploitability of the issue without
breaking anything important.

Don't bother telling us all how M$ should just bite the incompatibility
bullet and turn NTLM off - that's been an option for users,
theoretically speaking, since about the time Windows Kerberos support
became mature, and practically speaking, nobody seems to be turning NTLM
off here in the real world.
Don't be silly. The answer is staring you in the face, right? Just rip out your entire infrastructure and replace it with Linux and it's all good. A few training courses to get your lusers up to speed and you racing down the information superhighway without all the evil badness clogging up your arteries. 

Paul Schmehl, If it isn't already
obvious, my opinions are my own
and not those of my employer.
******************************************
WARNING: Check the headers before replying

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: