Thanks to rarestia for the ping!!
Posted on 03/23/2016 5:58:26 AM PDT by rarestia
Ping to the list!
Ping to the Apple list
Ping to the list
“he says it will be patched on that day next month.”
So what the hysteria for?
Company behind the Badlock disclosure says pre-patch hype is good for business
Prepare to patch a critical flaw in Windows and Samba file sharing in 3 weeks
The patch will be available. That doesn’t mean it’s miraculously fixed.
Samba/SMB is how files are shared in Linux/Apple/Windows environments. A flaw in that functionality means every last platform is susceptible.
Word is that a successful exploit means that they have admin rights in the entire environment. For a flat network, that’s exceptionally bad.
Some people crave their 15 minutes of fame.
“Clear April 12: Windows, Samba to splat curious ‘crucial’ Badlock bug”
Translation please?
Thanks to rarestia for the ping!!
That's an ignorant remark. Network security should be more about prevention than disaster recovery.
Is a soldier standing guard outside a barracks, watching and carefully reacting to perceived danger, "craving his 15 minutes of fame"?
You might learn something about network administration and perhaps you won't sound so foolish.
Sounds like great timing, just before tax deadline!
Given current world events you might not want to cause panic for no good reason.
And this was originally posted to Breaking News.
CIFS (Common Internet File System) is the backbone to file services across most modern operating platforms (e.g. Windows, Linux, Apple). Windows uses SMB (Server Message Block) for CIFS, Linux and Apple use Samba to connect to Windows-based storage/shares.
Any vulnerability in Samba means the ability to transfer files securely or to parse ACLs (Access Control Lists) on file systems is at risk. This particular vulnerability is supposed to allow the attacker to take full administrative control of an enterprise through the Samba vulnerability, but details are not available yet.
For anyone who administers a network environment or file system, this is need-to-know and belongs in breaking news. This was announced late yesterday. Not sure anything else could qualify more for “breaking news” than this.
So Apple computers are vulnerable to hacking?
Oy.
That’s unclear at this time. If it’s a Samba vulnerability, it means that Apple and Linux machines are potentially vulnerable. I’m sure Apple will have updates out that day.
Releasing this info now has nothing to do with "prevention". You can't "prevent" it because no details about the problem have been released - unless of course you want to shut down SMB entirely until April 12, which I would guess that most businesses could not feasibly do.
My view is that *sometimes* these early hyped releases of "danger" without any details are to get the discoverer's name, or security consulting company's name, in the press, and hence their resume or marketing material.
Is a soldier standing guard outside a barracks, watching and carefully reacting to perceived danger, "craving his 15 minutes of fame"?
No. And he's not creating a web site and issuing press releases saying that "I, Private John Smith, guard of the barracks, heard a noise, and I'll take care of it in about an hour".
You might learn something about network administration and perhaps you won't sound so foolish.
Sorry dude, don't tell me what I need to learn. I wouldn't be running my 20+ year old software company if I needed to "learn" what I see going on with these things. Releasing that tidbit of information gives network administrators nothing to go on to prevent anything, but may give hackers enough information to pull up the Samba source code and scrutinize the "lock" code and come up with an exploit. And it gets this guy's name in the media. Otherwise, why do it 3 weeks out from an update being available?
The issue with what he found has apparently been in the SMB protocol or its implementations for quite some time. No one has found it or exploited it yet. But an update is coming in 3 weeks - so why not keep it to himself until closer to that time? If an exploit shows up before then, I blame him.
And why should we take his word for it that it is so egregious that every network admin needs to bring their world to a halt? We don't know who this guy is and what is credibility is. Sorry, disagree with what he did.
Yesterday I called the person who has helped me with computers since he is in the business and I have had good luck with his suggestions and work in the past.
Bottom line - He is going to upgrade me from Win 7 to Win 10 in May.
He told me another update to Win 10 would be made in April and to wait until it was out, and then he would come over and update my computer.
I wonder if that delay in upgrading me, has to do with this bug and /or some others Microsoft is working on? -tom
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.