Comments for Extended Subset

Comment on Trivial forwarding attack on NTLMv2 authentication by ROLAND

ROLAND — Mon, 06 Sep 2010 21:57:42 +0000

CheapTabletsOnline.Com. Canadian Health&Care.Best quality drugs.No prescription online pharmacy.Special Internet Prices. Low price drugs. Order pills online…

Buy:Prevacid.Accutane.Lumigan.Zyban.Actos.Petcam (Metacam) Oral Suspension.Nexium.Synthroid.Retin-A.Arimidex.100% Pure Okinawan Coral Calcium.Human Growth Hormone.Zovirax.Valtrex.Prednisolone.Mega Hoodia….

Comment on Trivial forwarding attack on NTLMv2 authentication by TERRANCE

TERRANCE — Mon, 06 Sep 2010 03:02:59 +0000

CheapTabletsOnline.com. Canadian Health&Care.No prescription online pharmacy.Best quality drugs.Special Internet Prices. Online Pharmacy. Order drugs online…

Buy:Cialis Super Active+.VPXL.Levitra.Viagra Soft Tabs.Cialis Soft Tabs.Super Active ED Pack.Viagra Super Force.Viagra.Tramadol.Cialis Professional.Soma.Viagra Super Active+.Viagra Professional.Maxaman.Cialis.Zithromax.Propecia….

Comment on Trivial forwarding attack on NTLMv2 authentication by JACKIE

JACKIE — Sun, 05 Sep 2010 06:41:52 +0000

CheapTabletsOnline.Com. Canadian Health&Care.Best quality drugs.No prescription online pharmacy.Special Internet Prices. High quality pills. Order pills online…

Buy:Arimidex.Petcam (Metacam) Oral Suspension.Zovirax.Prednisolone.Prevacid.Retin-A.Lumigan.Mega Hoodia.Actos.Accutane.Human Growth Hormone.Zyban.Synthroid.Valtrex.100% Pure Okinawan Coral Calcium.Nexium….

Comment on Dear Dr. McGinley by fan

fan — Mon, 30 Aug 2010 12:47:25 +0000

glass http://ifj3ad.03GMCPARTS.US/tag/glass+Parts+fan/ : fan…

fan…

Comment on McAfee Power by Duplicator

Duplicator — Mon, 30 Aug 2010 03:08:51 +0000

Kits http://umicroboardb-z.02JEEPPARTS.US/tag/DVD+Duplicator+Kits+Microboards+microboard/ : Duplicator…

Duplicator…

Comment on Trivial forwarding attack on NTLMv2 authentication by Authentication under Windows: A smouldering security problem

Authentication under Windows: A smouldering security problem — Mon, 16 Aug 2010 23:29:47 +0000

[...] problem Speaking at the USENIX conference, which ended last week, developer Marsh Ray highlighted an old and known flaw that continues to be underestimated in the Windows world: authentication [...]

Comment on Trivial forwarding attack on NTLMv2 authentication by marsh

marsh — Fri, 13 Aug 2010 19:14:25 +0000

I do remember seeing that, but you’re right, I missed it in the list. I’ll add it.

So you enable reflection protection, now there’s only 99 systems on the domain that will accept the stolen credentials. The EAP thing is similar, it only works in very narrow cases and even then at the option of the attacker until you break back-compat.

Has anyone tried turning on the restricted mode in the registry? How much stuff does it break?

Comment on Trivial forwarding attack on NTLMv2 authentication by Mark

Mark — Fri, 13 Aug 2010 18:58:35 +0000

Cross-protocol NTLM relay attacks are not a new thing. You seem to have missed Andres Tarasco’s research on this: http://www.tarasco.org/security/smbrelay/index.html

Microsoft have blocked NTLM reflection attacks (at least against SMB), and Extended Protection for Authentication (or encryption/signing) is the way to fix this attack. The server can be hardened to require the client to use Extended Protection…

Comment on SSL/TLS fixed! by Phocean.net » SSL/TLS RFC updated against CVE-2009-3555

Phocean.net » SSL/TLS RFC updated against CVE-2009-3555 — Tue, 25 May 2010 17:20:36 +0000

[...] least, the IETF agreed on a fix as Marsh Ray informs us, though it will still take some weeks for the whole validation process to [...]

Comment on Authentication Gap in TLS Renegotiation by SSL Renegotiation Vulnerability :Architecting Security

SSL Renegotiation Vulnerability :Architecting Security — Sun, 23 May 2010 19:41:11 +0000

[...] at 9:41 pm In November 2009, the renegotiation vulnerability over SSL/TLS based protocols was published. SSL renegotiation is a new SSL handshake over an already established SSL [...]