Adam Bower wrote:
On Fri, 13 Apr 2001, Adam Bower wrote:
Neill Newman wrote:
Samba, although used by MS, was designed with the authentication stage in the server, thus getting around this problem.. Between NFS and SMB, SMB is more secure (not to mention faster!)...
It appears that the worry I had about the security of the SMB protocol now has a severe exploit against it The Register is reporting it here http://www.theregister.co.uk/content/8/18370.html
very interesting.... I guess this means that samba is affected ;(...
since our last emails I have done some digging..It seems as if some people are using samba over SSL with windows 98/NT and stunnel..hhmmm interesting I might have to investigate this further... (check the samba archives for details.)
I liked this quote though ;) "Do not assume that because you have a firewall you are safe, because as soon as a host inside that firewall is compromised, even a UNIX or Win9x box, this method can be used to compromise any host that is within broadcast range, on the same LAN,"
food for thought, things are never as secure as you would like ;).. Sz
Adam
Adam Bower, abower@zeus.com Tel: +44 1223 525000 System Administrator Fax: +44 1223 525100 Zeus Technology Ltd http://www.zeus.com Zeus House, Cowley Road Cambridge CB4 0ZT England