Submission + - SambaXP 2022 talk videos posted
https://www.youtube.com/playli...
No, you can't downgrade SMB3.1.1 to any lower protocol with a MITM attack. That was one of the fixes in SMB3.1.1.
Google "Pre-authentication integrity in SMB 3.1.1"
SMB3 can't be downgraded or compromised by dictionary attack.
SMB3 actually *is* safer, due to the cryptographic protection meaning you can't MITM downgrade it.
No, Synology and QNAP are active bug reporters to the Samba project. I fix bugs for them both on a regular basis. Funnily enough, the Apple client engineers are also very active Samba bug reporters
Have you actually *read* the GPLv2 ? I'm assuming not based on your statement. The GPLv2 text is here:
https://www.gnu.org/licenses/o...
Please note the following statement copied *DIRECTLY FROM THE TEXT ABOVE*:
"The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
Please note the last sentence containing the words: "plus the scripts used to control compilation and installation of the executable."
Thanks for your reading comprehension.
I didn't have these handy when I posted this originally.
PDF of the full legal complaint. It's really nicely written (IMHO) and IANAL of course
https://sfconservancy.org/docs...
Press kit:
https://shoestring.agency/wp-c...
Really nice non-technical write up from sjvn (yeah I know
SMB3 is usually encrypted by default. The "locks" on it are very well designed these days.
Microsoft considers SMB3 with transport encryption secure enough that it's used as an ingress point for their Azure cloud.
There are no known vulnerabilities in the SMB3 protocol. Implementations however, of course, can and do contain bugs.
"companies still stuck with samba clients"
You mean running Windows
New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman