Hey, kid - If you've got any better ideas about how to fix NTLM, the industry is ready & waiting to hear them. The fact is, NTLM is an old & busted protocol that happens to be used everywhere, and there's no way to fix it without breaking compatibility with, oh, just the entire installed base. I was happy to see MS08-068 because the technique it implements is better than nothing - it offers a nice, clever way to reduce the exploitability of the issue without breaking anything important. Don't bother telling us all how M$ should just bite the incompatibility bullet and turn NTLM off - that's been an option for users, theoretically speaking, since about the time Windows Kerberos support became mature, and practically speaking, nobody seems to be turning NTLM off here in the real world.
Don't be silly. The answer is staring you in the face, right? Just rip out your entire infrastructure and replace it with Linux and it's all good. A few training courses to get your lusers up to speed and you racing down the information superhighway without all the evil badness clogging up your arteries.
Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying
Attachment:
p7sRRQ8pmUMZf.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/