Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Badlock Vulnerability Falls Flat Against Hype (threatpost.com)

msm1267 writes: Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud.

Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients.

As it turns out, Badlock was hardly the remote code execution monster many anticipated. Instead, it’s a man-in-the-middle and denial-of-service bug, allowing an attacker to elevate privileges or crash a Windows machine running Samba services.

SerNet, a German consultancy behind the discovery of Badlock, fueled the hype at the outset with a number of since-deleted tweets that said any marketing boost as a result of its branding and private disclosure of the bug to Microsoft was a bonus for its business.

For its part, Microsoft refused to join the hype machine and today in MS16-047 issued a security update it rated “Important” for the Windows Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD). The bulletin patches one vulnerability (CVE-2016-0128), an elevation of privilege bug in both SAM and LSAD that could be exploited in a man-in-the-middle attack, forcing a downgrade of the authentication level of both channels, Microsoft said. An attacker could then impersonate an authenticated user.

Comment Re:That guy just wasted his time (Score 2) 314

By what strange theory does Slackware support systemd? And how is the conversation being "held back"? At least on LQ, I think it's been discussed to death to the point where there's really nothing new to say about it.

I can say one thing for certain: you do not know that anything concerning systemd in Slackware is likely or not. Hell, *I* don't.

Comment Correlation does not imply causation (Score 2, Insightful) 211

More pseudoscience. They say that they're not sure whether this means that porn shrinks your brain, or if the shrunken brain causes porn viewing. But, this leaves out the very real possibility that this correlation means nothing whatsoever. The site below collects correlations that look pretty convincing in the graphs, but quite obviously are unlikely to be cases of causation in either direction:

http://www.tylervigen.com/

Slashdot Top Deals

When all else fails, read the instructions.

Working...