[1267] in linux-security and linux-alert archive
Re: [linux-security] WinNT security?
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Oct 25 08:53:56 1996
From: Alan Cox <alan@cymru.net>
To: mhw@wittsend.com (Michael H. Warfield)
Date: Sun, 20 Oct 1996 18:43:21 +0100 (BST)
Cc: volobuev@t1.chem.umn.edu, meskes@Informatik.RWTH-Aachen.DE,
linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0vEd1q-0001TZC@wittsend.com> from "Michael H. Warfield" at Oct 19, 96 11:09:30 am
> NO! This has NOTHING to do with NT. This was a Windows 95 stupidity,
> pure and simple. Windows NT has NEVER been subject to the same type of
> password vulnerability that the anal retentive Windows 95 was. Windows
> NT stores passwords in it's registry and is at least as secure as Linux with
Wrong.
1. Windows NT can be tricked into sending out unencrypted passwords
2. Windows NT registries tend to be a bit easy to read over the network
The former is discussed in the draft specification for the CIFS protocol.
Its the common backward compatibility type attack when an NT box mounts
a share off another machine. You beat the other machine to the response and
swap it for a 'Don't understand that command option'. At which point NT
goes 'oh dumb computer.. no problem - send plaintext'. You can trick the
other SMB clients into this too as its a generic SMB flaw.
Novell sort of got this right as you can tell Novell IPX clients to refuse
to do weaker authentication if asked to.
> Windows 95 had a problem commonly refered to as a "dot...dot" bug
> where someone could request a file ../../../foo.bar and walk past the root
> of a share. This made your entire hard drive (including those lovely
Windows NT has a feature whereby it tends to export whole disks in a handy
erasable format
> floppy drive and only on 3 particular models of PC! Real useful. But the
You have to evaluate on specific hardware - take for example the 486 FPU
memory scribble hardware bug - you code either has to use chips without the
bug and guarantee it OR work aroun dit
Alan