[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Michael Mortimore wrote: > On Wed, 25 Nov 2009 15:04:26 -0000, Paul Sutton <zleap@xxxxxxxxx> wrote: >> how exactly can there be a problem with they way that MS inplements a >> standard, if you follow the standard properly there should not be issues >> surely. > Depends on how well defined the standard is. First SMB isn't a standard in any formal sense, the original networking implementation from IBM included items that were standardised, but that isn't anything to do with the reality of Microsoft networking. SMB2 is a Microsoft proprietary networking protocol, which they have chosen to publish. SMB2 is a version implemented and supported in Vista and Windows 7. But this isn't about the standard. Standards can contain vulnerabilities, the recent SSL issue is a good example, but standards bodies do consider these things and are generally quite good on such issues. This is about poor quality code. You can write bad code implementing any standard. Compare sendmail and Postfix for example, both implement the Internet mail standard SMTP and ESMTP (and probably a few others), one has a poor security record the other an excellent one. It looks like Microsoft's implementation of SMB2 is more sendmail than Postfix. Probably unfair, as sendmail tends not to crash and take the whole system with it, and certainly not due to one packet. Obviously SMB2 is a lot more complex than SMTP or ESMTP, but it seems here that Microsoft have just screwed up big time with the implementation. It would be funny except in a couple of years this will be how most office networks "work". -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html