Re: This sounds like a security disaster just waiting to happen...

[Jason Ross <algorythm () gmail com>]

On Wed, Apr 29, 2009 at 15:27, Steve Pirk <orion () pirk com> wrote:
> On Wed, 29 Apr 2009, Larry Seltzer wrote:
>
> ...
> > When IT enables BranchCache, a copy of
> > data accessed from an intranet web site or a file server is cached
> > locally within the branch office. When another user on the same network
> > requests the file, the user gets access to the content almost
> > immediately as it is downloaded from the local cache rather than over a
> > limited bandwidth connection back to headquarters.
> > Flexible Architecture
> ...
>
> So, Microsoft has implemented a squid like server as part of their gateway
> solution for office connections to the net. If done correctly, sould be
> safe enough, no?


Not exactly squid like. The more interesting bit is further down:

"In the second mode, called Distributed Cache, a branch server is not
required, as copies of files are directly cached on PCs in the branch
and sent to other Windows 7 clients as needed"

P2P squid. Now what happens when a user decides to inject malicious
code into the cached files...

It'd be interesting to see what steps were taken to prevent that from
occurring.

--
jason
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.