Jump to content
Not connected, Your IP: 3.16.82.208
serenacat

Penguins survive weaponised contagion

Recommended Posts

Thanks again Linux. Being immune to this bullshit is such a blessing. Wonder why this is such a clusterfuck? How did M$ fix this? Lets see...

 

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

And what does the "fix" of disabling SMB do? Lets see again...

 

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

 

In Windows 7 and Windows Server 2008 R2, disabling SMBv2 deactivates the following functionality:

  • Request compounding - allows for sending multiple SMB 2 requests as a single network request
  • Larger reads and writes - better use of faster networks
  • Caching of folder and file properties - clients keep local copies of folders and files
  • Durable handles - allow for connection to transparently reconnect to the server if there is a temporary disconnection
  • Improved message signing - HMAC SHA-256 replaces MD5 as hashing algorithm
  • Improved scalability for file sharing - number of users, shares, and open files per server greatly increased
  • Support for symbolic links
  • Client oplock leasing model - limits the data transferred between the client and server, improving performance on high-latency networks and increasing SMB server scalability
  • Large MTU support - for full use of 10-gigabye (GB) Ethernet
  • Improved energy efficiency - clients that have open files to a server can sleep

In Windows 8, Windows 8.1, Windows 10, Windows Server 2012, and Windows Server 2016, disabling SMBv3 deactivates the following functionality (and also the SMBv2 functionality that's described in the previous list):

  • Transparent Failover - clients reconnect without interruption to cluster nodes during maintenance or failover
  • Scale Out – concurrent access to shared data on all file cluster nodes 
  • Multichannel - aggregation of network bandwidth and fault tolerance if multiple paths are available between client and server
  • SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU utilization
  • Encryption – Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks
  • Directory Leasing - Improves application response times in branch offices through caching
  • Performance Optimizations - optimizations for small random read/write I/O

 

Yep. Basically half the networking fails to work. Symlinks die, instead of using HMAC SHA 256, you will be stuck with MD5 again at best, and plenty more bullshit. And on top of that, if you have a really fast connection, even locally, well, it will just plainly not work due to MTU being back to the 1500 cap from decades ago. Thanks M$...


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post
Guest

1434714482628.jpg

 

Slowly transitioning...

Share this post


Link to post

Exposing dangerous services to the internet is a risky thing. Not only on Windows.

Lots of old *nix platforms were also included in that leak, although not that common these days, but it's not an OS specific issue.

Most of IoT devices are on Linux these days and are still getting hacked when they are poorly isolated.

 

C_xt3qYUwAAET_W.jpg

 


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...