Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 24 Oct 2017 13:46:11 +0200
From: Solar Designer <solar@...nwall.com>
To: Juan Diego <diego@...ux.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO

Juan, all -

On Mon, Oct 23, 2017 at 04:47:46PM -0700, Juan Diego wrote:
> I want to share some information with the people on the list.
> On May 24, I found a problem with NTLM auth on Windows.

This is interesting, but it's mostly off-topic for oss-security, so as a
moderator I ask that further discussion please be handled on other lists
(once Juan's message probably gets through moderation in there).

Our only poor excuse for having this on oss-security at all is the use
of Open Source tools to demonstrate the attack - Metasploit, JtR, Samba -
but I think it's not enough of a reason to have postings like this on
oss-security.  If others feel differently, please let me know.

Juan, please re-read the oss-security list content guidelines, and note
that we not only require relevance to Open Source (lacking here), but
also discourage cross-postings:

http://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

"Please keep discussions relevant to Open Source software.  This is not a
list to discuss the behavior or problems with closed source software or
companies."

"Please don't cross-post messages to oss-security and other mailing
lists at once, especially not to high-volume lists such as LKML and
netdev, as this tends to result in threads that wander partially or
fully off-topic (e.g., Linux kernel coding style detail may end up being
discussed in comments to a patch posted to LKML, but it would be
off-topic for oss-security).  If you feel that something needs to be
posted to oss-security and to another list, please make separate
postings.  You may mention the other posting(s) in your oss-security
posting, and even link to other lists' archives."

No reply to this message is expected, unless there's relevant detail to
add (e.g., the same issue also present in certain Open Source software).

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.