http://matasanochargen.disqus.com/enWed, 27 Feb 2008 11:42:42 -0000http://www.matasano.com/log/1023/thank-you-europe-and-um-microsoft/#comment-2323654Thanks for the updates on M$ OpenNESS, but ...inserted every bad thought anyone ever had about M$ ...<br>Seriously though, this is a trojan, if you do commercial interoperability with M$, and getting docs sure opens up a can of worms with lawsuits, and '...a paycheck.' &lt; Master plan ahead, let the suckers eat my legal lead. I won't even download their documents. <br>The tea tax is long over, but now its the code tax that really sucks.<br>Interesting how all this postive spin on microsoft is released, 'it made me cry...' GRR, smart people know when to save their jobs, cuts are coming sometime.<br>When google releases a client OS integrated well with the internet, watch out M$, you been thrown into the bay.<br><br>On a positive note, I enjoy your blog and work, sometime good in this crazy business.requiredWed, 27 Feb 2008 11:42:42 -0000http://www.matasano.com/log/1023/thank-you-europe-and-um-microsoft/#comment-2323653Unless I'm horrendously mistaken, Kerberos only lets a domain member server confirm with a DC that a particular user has already authenticated itself to the domain. <br><br>It doesn't make NTLM go away, it just reduces the number of NTLM transactions that happen - the user still has to use NTLM to get authenticated to the DC in the first place, right?<br><br>In principle, that initial NTLM auth could be replaced with something sensible, like a plain old password over an SSL pipe; it just hasn't been.dragonfrogMon, 25 Feb 2008 19:01:43 -0000http://www.matasano.com/log/1023/thank-you-europe-and-um-microsoft/#comment-2323652James,<br><br>Don't mean to wave my hands about NTLM, though I can see how it might seem that way. Just remarking that it is good to actually see the full spec from Microsoft along with so many other things on that site.<br><br>I agree it would be great to see it just go away. But I doubt it'll happen. Matter of fact, part of why I zoned in on NTLM is that I'm *once again* staring down implementing it in a security testing project. <br><br>Old protocols don't die, they just smell that way.Eric MontiSat, 23 Feb 2008 14:13:32 -0000http://www.matasano.com/log/1023/thank-you-europe-and-um-microsoft/#comment-2323651I agree this is quite a bit to be excited about, but why so much hand-waving about NTLM? I thought everyone agreed that NTLM was horribly broken and Kerberos was the future of MS authentication. I'd rather they kept the details of NTLM to themselves in the hope that it might go away sooner. We've already been suffering it for 7 years.James LandisFri, 22 Feb 2008 22:25:07 -0000http://www.matasano.com/log/1023/thank-you-europe-and-um-microsoft/#comment-2323650I wonder if the information provided by MS here, will contribute to a rise in exploits?? Or is this already a certainty?sumdum guyFri, 22 Feb 2008 19:28:56 -0000http://www.matasano.com/log/1023/thank-you-europe-and-um-microsoft/#comment-2323649This is pretty amazing. <br><br>On top of bookmarking the page, people should download the zip files that contain all this data in PDF... Just in case it disappears some day. <br><br><a href="http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/Windows_Server_Protocols.zip" rel="nofollow">http://download.microsoft.com/download/a/e/6/ae...</a><br><a href="http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/Windows_Communication_Protocols.zip" rel="nofollow">http://download.microsoft.com/download/9/5/E/95...</a>Tyler RegulyFri, 22 Feb 2008 18:04:27 -0000