[Info-vax] SAMBA and Ransomeware

David Wade g4ugm at dave.invalid
Tue Jul 18 04:13:18 EDT 2017 

On 17/07/2017 23:02, already5chosen at yahoo.com wrote:
> On Monday, July 17, 2017 at 8:22:58 PM UTC+3, Scott Dorsey wrote:
>> <already5chosen at yahoo.com> wrote:
>>> I really don't like this blog post.
>>> If Microsoft knew long ago that SMB1 is bad then why didn't they provided a better variant of SMB with original WinXP? Or with WS2003? Or with one of the  winXp service packs or with one of several service packs and releases of WS2003?
>>
>> Because Microsoft has traditionally not thought about security in any way,
>> until they have been forced to think about security.
> 
> XP is released in 2001. They were well aware of security problems by then. At least the "system" side of the company should have been aware.
> And XPSP3 is 2008, By then even tools and Office sides of Microsoft knew that security can't be ignored.
> 
>>
>> And, because the security profile has changed... systems that were designed
>> for use on a small local network somehow got connected to the public internet
>> and all of a sudden design decisions that seemed reasonable turned out to be
>> incredibly stupid.
>>
>>> Telling people to stop using WinXp is *not* a solution. Telling people to stop using Ws2003 is somewhat more bearable, but also problematic.
>>
>> That's what Microsoft has done, yes.  You can take that up with them.
> 
> SMB2 is ported to dozen or so of OSes. I have hard time understanding what exactly prevents it's porting to WinXP. Esp. if port doesn't aim for performance parity with newer OSes.
> 
> 
>>
>>> For reference, WinXP SP3 is at least two years newer than the first implementations of SMB2, so my suggestions are not anachronistic.
>>
>> SMB1 was a terribly designed protocol.  SMB2 is a terribly designed protocol
>> but one with security features that SMB1 did not have.  I have not looked
>> under the covers of SMB3 but I suspect it's also terribly designed but with
>> additional security bags on the side.  I predict soon we will have SMB4 to
>> deal with whatever is gone wrong in SMB3.
>>
>> If I had a choice, I wouldn't deal with SMB at all because it is just so
>> horrible.
> 
> I had never even look at the SMB protocols.
>  From what I read today it sounds that in presence of sophisticated  man-in-the-middle adversary SMB1 is as insecure as classic DECNET. Does it, at least, require higher level of sophistication from the attacker?
> 
> Is it designed more or less terribly than NFS?
> Somehow I heard much more horror stories about NFS than about SMB, but may be it's unrelated to the protocol.

Whilst I can't find any links Digital did produce a version of NT (so 
before Windows/2000 and XP) with the encryption used in SMB1 replaced by 
more secure algorithms. They also produced a whole disk encryption 
system (Kilgetty)

https://www.ia.nato.int/niapc/Product/KILGETTY-2K_47



> 
>> It's like hanging a KICK ME sign on your computer.  But we live
>> in the world where Microsoft compatibility is critical, so we have to talk
>> SMB.
>>
>> Our question, then, becomes this: How do we, knowing we have an inherently
>> untrustworthy protocol, manage to implement it in the safest possible way?
>> Because we have to implement it.  And we have to do it as safely as we can.
>> --scott
>> -- 
>> "C'est un Nagra. C'est suisse, et tres, tres precis."
>

More information about the Info-vax mailing list