TFW you ponder whether describing a slightly-new attack technique makes the world a better place, or a more dangerous place.
-
Show this thread
-
-
"slightly-new" --> "incremental improvement" --> "probably" I sympathize with Will's dilemma, though - incremental changes may still catch multitudes of people/organizations unprepared
1 reply 0 retweets 0 likes -
Replying to @SushiDude @kyhwana
In my mind, it's quite trivial and obvious, and barely a step beyond what's already publicly discussed. And a best-practice protects people against it. Q: Is it worth giving people more evidence why a best practice exists, if disclosing that info gives attackers more ammo?
1 reply 0 retweets 1 like -
Replying to @wdormann @SushiDude
I think so, though maybe you should say "current practice", where your new attack updates said practice.. ppl will always be "behind", so..
1 reply 0 retweets 0 likes -
Replying to @kyhwana @SushiDude
OK. I'll share the mitigation now, and maybe the attack later. Block outbound SMB connections wherever you are. If you're on a network at home or at work or wherever that allows outbound SMB connections, and you use Microsoft products, you're going to be in a world of hurt.
1 reply 1 retweet 1 like -
Replying to @wdormann @SushiDude
Oh, the thing where you can steal NTLM hashes just by having the client initiate an outbound connection attempt (through various means)?
1 reply 0 retweets 0 likes -
Replying to @kyhwana @SushiDude
Basically. It's the "various mean" that's perhaps not well-known.
1 reply 0 retweets 0 likes -
Replying to @wdormann @SushiDude
Ah, how easy is the new way to do? Can you mass-deploy it, what user interaction is required?
1 reply 0 retweets 0 likes
"Trivial" / "Yes" / "None of your business"
-
-
Replying to @wdormann @SushiDude
XD FSR I hadn't blocked SMB outgoing on our USG at home *does that now*
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.