Skip to comments.
'Devastating' flaw found in Windows' authentication system (Uh-oh, a major Kerberos vulnerability)
The Register ^
| Dec 15, 2015
| Kieren McCarthy
Posted on 12/15/2015 1:41:21 PM PST by dayglored
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-33 next last
Looks pretty bad.
1
posted on
12/15/2015 1:41:21 PM PST
by
dayglored
To: dayglored; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; Alas Babylon!; amigatec; ...
2
posted on
12/15/2015 1:46:32 PM PST
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
To: dayglored
Kerberos, or Cerberus, is a mythical three-headed dog that guarded the underworld.
He was named by Hades.
Kerberos means “spotted”.
So yeah:
The god of the Greek underworld named his three-headed guardian dog “Spot”.
3
posted on
12/15/2015 1:51:15 PM PST
by
ctdonath2
(History does not long entrust the care of freedom to the week or the timid. - Ike)
To: dayglored
Is this just on servers or is it something all users have to worry about?
4
posted on
12/15/2015 1:51:50 PM PST
by
Lurkina.n.Learnin
(It's a shame enobama truly doesn't care about any of this. Our country, our future, he doesn't care)
To: Lurkina.n.Learnin
>
Is this just on servers or is it something all users have to worry about? I assume it's mainly a problem for servers in business network settings (Active Directory authentication for example), and not as much of a problem for your typical home user.
5
posted on
12/15/2015 1:59:57 PM PST
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
6
posted on
12/15/2015 2:07:40 PM PST
by
freds6girlies
(many that are first shall be last; and the last shall be first. Mt. 19:30. R.I.P. G & J)
To: dayglored
7
posted on
12/15/2015 2:08:42 PM PST
by
deoetdoctrinae
(Donate monthly and end FReepathons.)
To: dayglored
Until you read the last line.
8
posted on
12/15/2015 2:32:30 PM PST
by
SunTzuWu
To: dayglored
It is important to be aware that only organizations that already have a fully compromised domain controller are vulnerable to this technique.If they already own your DC you're screwed anyway.
9
posted on
12/15/2015 2:38:55 PM PST
by
tacticalogic
("Oh bother!" said Pooh, as he chambered his last round.)
To: SunTzuWu
Yeah, so this is only a problem if your DC is already hijacked lol... well by that point you’ve got a ton shit to be worried about!
To: dayglored
I just had the fun surprise of Windows 10 after about 2 months. One of the updates wiped out the installations of my CAD FEA and CNC software. GREAT!!! And it’s too late to roll it back and the only solution is to upgrade my software...To the tune of $8500. Luckily it’s only one laptop and my old one still works fine.
Back to Windows 7
This admin vulnerability sounds bad. But it sounds to me something Obama is very interested in.
To: Organic Panic
One of the updates wiped out the installations of my CAD FEA and CNC software. Is it a FLEXLM license issue? I'm kinda worried about that myself.
12
posted on
12/15/2015 2:51:01 PM PST
by
SeeSharp
To: dayglored
The flaw cannot be fixed and the only solution is to introduce and use Microsoft's Credential Guard program
Must be running Windows 10 enterprise edition.
To: dayglored
Taking a peek at the wayback archive shows that MS has known about this since 2014 at least.
14
posted on
12/15/2015 3:02:35 PM PST
by
Ray76
To: dayglored
Microsoft crud is just to complex to comprehend. It has gotten well away from its authors. Even USB mice don’t work correctly any longer ... I suppose contact bounce isn’t being taught in Microsoft Land any longer.
15
posted on
12/15/2015 3:12:17 PM PST
by
GingisK
To: GingisK
I get that too. Thought it was just me.
To: dayglored
As I understand it Kerberos authentication is only used in enterprise environments.
17
posted on
12/15/2015 4:23:00 PM PST
by
Company Man
(I say we take off and Trump the site from orbit. It's the only way to be sure.)
To: tacticalogic; SunTzuWu
>
If they already own your DC you're screwed anyway. I think the point is that no vulnerability should be "excused away". Flaws -- regardless of where and what they are -- should get identified, analyzed, and fixed.
I'm sure you're not actually saying that there's no value to fixing the vuln, right?
18
posted on
12/15/2015 5:07:40 PM PST
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
To: Company Man
>
As I understand it Kerberos authentication is only used in enterprise environments. Depends on your definition of "enterprise". You only need an Active Directory server (domain controller) and half a dozen Windows client machines to consider using Kerberos auth, if you think it makes sense in your network. You don't have to be one of the big guys.
19
posted on
12/15/2015 5:14:06 PM PST
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
To: GingisK
“to complex to comprehend”
I turned on my virus-free pretty clean home W10 and ran a netstat... got 4 or 5 pages of active connections. Half of them don’t make a lick of sense and there’s no info on the web. I just have to go along on faith...
20
posted on
12/15/2015 5:22:50 PM PST
by
mrsmith
(Dumb sluts: Lifeblood of the Media, Backbone of the Democrat/RINO Party!)
Navigation: use the links below to view more comments.
first 1-20, 21-33 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson