Just moments ago, the following video showed up in YouTube. Do have a quick look.
We've made a copy of it (Ogg Theora-encoded), just in case the video gets pulled. It could take some time and effort to check whether the crack is real, but whatever the truth is, there's the possibility that we shall find out very soon. If it's a serious problem, we'll remove the video.
The only reason to be showing this is not encouragement of cracking. As the chap writes, Novell ignored him. It's vanity. It's a dangerous attitude. If you choose to be a client of Novell, then you ought to be warned about this behaviour. The last such warning (about Novell not being responsive) is just 3 days old. ⬆
Comments
Uncle_Sam
2008-06-01 15:59:04
Only thing MS has done is write software/technology/specifications that works only on their platform. Milk it all you can.
patenttrollssuck.exe
2008-06-01 16:15:46
roy, any word on #boycottnovell @ freenode IRC? =)
Roy Schestowitz
2008-06-01 16:48:37
Now talking on #boycottnovell
* heinlein.freenode.net sets mode +n #boycottnovell
* heinlein.freenode.net sets mode +s #boycottnovell
* #boycottnovell :[freenode-info] if you need to send private messages, please register: http://freenode.net/faq.shtml#privmsg
Dan O'Brian
2008-06-01 22:57:36
sounds more like a WindowsXP exploit to me...
Jose_X
2008-11-23 20:48:36
>> sounds more like a WindowsXP exploit to me…
If it's accurate, I don't see how that could be anything but a network auth issue. Kerberos (to take an example and assuming it's configured properly) won't allow you to use any services if you can't authenticate with each server providing the service. You can't get the initial auth tickets if you never provided the correct password in the beginning. So Kerberos, short of bugs or some other failure, would not have this problem no matter what the client did... a....
OK, I take that back partially. If the client is compromised with inside information from the server (ie, a server breach happened already, possibly due to leaked information from insiders), then that client can compromise the system as described if so programmed. Essentially, this means whoever compromised the client knows the admin passwords (or whatever info is needed) so that the client at login can work on your behalf to pull off this "trick".
Of course, the method described can't happen if the auth server info is secure no matter what a rogue client does.. unless the protocol or the implementation are faulty, which is, I think, what is being suggested is the case here for Netware.
Comments
Uncle_Sam
2008-06-01 15:59:04
patenttrollssuck.exe
2008-06-01 16:15:46
Roy Schestowitz
2008-06-01 16:48:37
Dan O'Brian
2008-06-01 22:57:36
Jose_X
2008-11-23 20:48:36
If it's accurate, I don't see how that could be anything but a network auth issue. Kerberos (to take an example and assuming it's configured properly) won't allow you to use any services if you can't authenticate with each server providing the service. You can't get the initial auth tickets if you never provided the correct password in the beginning. So Kerberos, short of bugs or some other failure, would not have this problem no matter what the client did... a....
OK, I take that back partially. If the client is compromised with inside information from the server (ie, a server breach happened already, possibly due to leaked information from insiders), then that client can compromise the system as described if so programmed. Essentially, this means whoever compromised the client knows the admin passwords (or whatever info is needed) so that the client at login can work on your behalf to pull off this "trick".
Of course, the method described can't happen if the auth server info is secure no matter what a rogue client does.. unless the protocol or the implementation are faulty, which is, I think, what is being suggested is the case here for Netware.
Roy Schestowitz
2008-11-23 23:23:25
Ah. The blame game again.