[Info-vax] SAMBA and Ransomeware

[already5chosen at yahoo.com]

On Monday, July 17, 2017 at 8:22:58 PM UTC+3, Scott Dorsey wrote:
> <already5chosen at yahoo.com> wrote:
> >I really don't like this blog post.
> >If Microsoft knew long ago that SMB1 is bad then why didn't they provided a better variant of SMB with original WinXP? Or with WS2003? Or with one of the  winXp service packs or with one of several service packs and releases of WS2003?
> 
> Because Microsoft has traditionally not thought about security in any way,
> until they have been forced to think about security.

XP is released in 2001. They were well aware of security problems by then. At least the "system" side of the company should have been aware.
And XPSP3 is 2008, By then even tools and Office sides of Microsoft knew that security can't be ignored.

> 
> And, because the security profile has changed... systems that were designed
> for use on a small local network somehow got connected to the public internet
> and all of a sudden design decisions that seemed reasonable turned out to be
> incredibly stupid.
> 
> >Telling people to stop using WinXp is *not* a solution. Telling people to stop using Ws2003 is somewhat more bearable, but also problematic.
> 
> That's what Microsoft has done, yes.  You can take that up with them.

SMB2 is ported to dozen or so of OSes. I have hard time understanding what exactly prevents it's porting to WinXP. Esp. if port doesn't aim for performance parity with newer OSes.


> 
> >For reference, WinXP SP3 is at least two years newer than the first implementations of SMB2, so my suggestions are not anachronistic.
> 
> SMB1 was a terribly designed protocol.  SMB2 is a terribly designed protocol
> but one with security features that SMB1 did not have.  I have not looked
> under the covers of SMB3 but I suspect it's also terribly designed but with
> additional security bags on the side.  I predict soon we will have SMB4 to
> deal with whatever is gone wrong in SMB3.
> 
> If I had a choice, I wouldn't deal with SMB at all because it is just so
> horrible. 

I had never even look at the SMB protocols.
>From what I read today it sounds that in presence of sophisticated  man-in-the-middle adversary SMB1 is as insecure as classic DECNET. Does it, at least, require higher level of sophistication from the attacker?

Is it designed more or less terribly than NFS?
Somehow I heard much more horror stories about NFS than about SMB, but may be it's unrelated to the protocol.

> It's like hanging a KICK ME sign on your computer.  But we live
> in the world where Microsoft compatibility is critical, so we have to talk
> SMB.
> 
> Our question, then, becomes this: How do we, knowing we have an inherently
> untrustworthy protocol, manage to implement it in the safest possible way?
> Because we have to implement it.  And we have to do it as safely as we can.
> --scott
> -- 
> "C'est un Nagra. C'est suisse, et tres, tres precis."