Leaked NSA Malware Is Helping Hijack Computers Around the World

The U.S. software weapon would have allowed the spy agency’s hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain versions of Windows implemented a network protocol commonly used to share files and to print.

Source: Leaked NSA Malware Is Helping Hijack Computers Around the World

From:  Security Update for Microsoft Windows SMB Server (4013389)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

NTLM Challenge Response is 100% Broken (Yes, this is still relevant)

According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses! While these lists leave out server OSs, 2003 Server still sends NTLM responses by default. Yes, every MS OS since NT 4.0 SP4 has supported NTLMv2, but NTLM and LM were not excluded by default until Vista.

via Mark Gamache’s Random Blog: NTLM Challenge Response is 100% Broken (Yes, this is still relevant).

Well, here it is: I’VE BROKEN NTLM.

From the wiki definition of NTLM:

Microsoft no longer recommends NTLM in applications:[6]

“Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM.”

While Kerberos has replaced NTLM as the default authentication protocol in an Active Directory (AD) based single sign-on scheme, NTLM is still widely used in situations where a domain controller is not available or is unreachable. For example, NTLM would be used if a client is not Kerberos capable, the server is not joined to a domain, or the user is remotely authenticating over the web.[1][3]

Samba – opening windows to a wider world

As the culmination of ten years’ work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations.

via Samba – opening windows to a wider world.

Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments.

Server Message Block

In computer networking, Server Message Block (SMB), also known as Common Internet File System (CIFS, /ˈsɪfs/) operates as an application-layer network protocol[1] mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as “Microsoft Windows Network” before the subsequent introduction of Active Directory. Corresponding Windows services have names “server” (for a server part) and “workstation” (for a client part).

via Server Message Block – Wikipedia, the free encyclopedia.