Results 1 to 7 of 7
  1. #1
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    More ammunition against turning off password protected sharing

    From Bleeping Computer: Hackers Can Steal Windows Login Credentials Without User Interaction

    To summarise, configuring SMB sharing without the use of a password opens a vulnerability that has been patched only in Windows 10 that allows a malicious agent to steal Windows credentials by use of a specially crafted file.

    I've been on the record here for not turning off password protected sharing, so I wanted to make sure that techs who have put unprotected shares in customer environments to know that this may be an issue.

  2. #2
    Service Manager 1,000+ Posts
    More ammunition against turning off password protected sharing

    habik's Avatar
    Join Date
    Apr 2010
    Posts
    2,015
    Rep Power
    59

    Re: More ammunition against turning off password protected sharing

    Quote Originally Posted by rthonpm View Post
    From Bleeping Computer: Hackers Can Steal Windows Login Credentials Without User Interaction

    To summarise, configuring SMB sharing without the use of a password opens a vulnerability that has been patched only in Windows 10 that allows a malicious agent to steal Windows credentials by use of a specially crafted file.

    I've been on the record here for not turning off password protected sharing, so I wanted to make sure that techs who have put unprotected shares in customer environments to know that this may be an issue.
    Is like having a fire alarm without batteries in it or having safe with combination on post stick note sat on top.

    Sent from my Mi A1 using Tapatalk
    .OK Google! ... will I need Berrocca this morning?
    Firmwares HERE

  3. #3
    IT Manager 10,000+ Posts bsm2's Avatar
    Join Date
    Feb 2008
    Location
    Biden 2024
    Posts
    25,768
    Rep Power
    333

    Re: More ammunition against turning off password protected sharing

    If there all ready in the customers network they have MUCH more to worry about then SMB Scanning

  4. #4
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,790
    Rep Power
    108

    Re: More ammunition against turning off password protected sharing

    While it's true that if an attacker is already in your network unprotected shares aren't at the top of your issues, having them at all is just inviting trouble. Good security is all about defence in depth: even if someone manages to get network access, there are steps to take to slow them down or prevent them from gaining access to more important systems. An unsecured FTP or SMB share is just an easy target to eliminate. Even better is to use Access Based Enumeration along with SMB sharing (only available on servers) since that can even limit the amount of data that's visible inside of a specific share depending on the account used.

    We're often asked to get a feature on a MFP working, sometimes taking shortcuts like turning off password protected sharing work against the best interests of the customer. Sometimes, it's better to protect the customer from their own ignorance: a complaint about not using a function beats out a lawsuit from the customer over a breach of information.

  5. #5
    Geek Extraordinaire 2,500+ Posts KenB's Avatar
    Join Date
    Dec 2007
    Location
    Cleveland, Ohio
    Posts
    3,949
    Rep Power
    126

    Re: More ammunition against turning off password protected sharing

    Quote Originally Posted by rthonpm View Post
    While it's true that if an attacker is already in your network unprotected shares aren't at the top of your issues, having them at all is just inviting trouble. Good security is all about defence in depth: even if someone manages to get network access, there are steps to take to slow them down or prevent them from gaining access to more important systems. An unsecured FTP or SMB share is just an easy target to eliminate. Even better is to use Access Based Enumeration along with SMB sharing (only available on servers) since that can even limit the amount of data that's visible inside of a specific share depending on the account used.

    We're often asked to get a feature on a MFP working, sometimes taking shortcuts like turning off password protected sharing work against the best interests of the customer. Sometimes, it's better to protect the customer from their own ignorance: a complaint about not using a function beats out a lawsuit from the customer over a breach of information.
    Another little tidbit: If the customer ultimately does get hacked, that will absolutely get escalated to the top person in their IT department. That person, who normally carries quite a bit of weight in the company, will NOT care to hear that there was an unprotected share in the interest of getting MFP scanning working. At that point, YOU become the bad guy, regardless of circumstances.
    “I think you should treat good friends like a fine wine. That’s why I keep mine locked up in the basement.” - Tim Hawkins

  6. #6
    Senior Tech 100+ Posts peter42's Avatar
    Join Date
    Jan 2012
    Location
    hda/dev/nul
    Posts
    110
    Rep Power
    26

    Re: More ammunition against turning off password protected sharing

    Have an focus at our most important clients, small business,
    1 or two businesschiefs, 3 to 8 workers, no IT-Staff,
    all IT-hardware bought from Wallmart.

    An example, most of NAS-devices have a "public" share.

    In most of my customers installations they use this unprotected share for anything, they dont wont to store on their own protected devices.
    Its nice, to create in "public" subfolders, like
    Incoming, Outgoing, Important.....

    Three of them got in the last year the full protection service of malware, all files in NAS/Public/* had been crypted, letters and emails, production plans and so on.

    This has nothing to do with our intention, to help these people, to scan with our products to a designatet folder.
    But, if i found out, they use this devices without protection, i told them, have an IT-Spec.

    Shure, its easy for me, to make scan working fast at the moment, but if that client is
    malworked over night in its IT, we look hard forward for the next leasing and service money.

    We are not at all perfect IT-gurus, but we can see some things, that is not healthy
    for our clients and when something strage happens, we loose that client.

    As the Movie titel said, "Open Eyes wide shut" and a little smalltalk is welcome
    at every custumer instead makes scan work and thats it.
    It needs only 10 min.
    We are not teacher, we are moving HelpDesks on the road.
    But talking to custumer is important, nice daytalk can enjoy your own satisfactory,
    telling customer, hey, here you have a risk, that can save lives. ;-)

    Greetings Peter

  7. #7
    Senior Tech 100+ Posts peter42's Avatar
    Join Date
    Jan 2012
    Location
    hda/dev/nul
    Posts
    110
    Rep Power
    26

    Re: More ammunition against turning off password protected sharing

    Have an focus at our most important clients, small business,
    1 or two businesschiefs, 3 to 8 workers, no IT-Staff,
    all IT-hardware bought from Wallmart.

    An example, most of NAS-devices have a "public" share.

    In most of my customers installations they use this unprotected share for anything, they dont wont to store on their own protected devices.
    Its nice, to create in "public" subfolders, like
    Incoming, Outgoing, Important.....

    Three of them got in the last year the full protection service of malware, all files in NAS/Public/* had been crypted, letters and emails, production plans and so on.

    This has nothing to do with our intention, to help these people, to scan with our products to a designatet folder.
    But, if i found out, they use this devices without protection, i told them, have an IT-Spec.

    Shure, its easy for me, to make scan working fast at the moment, but if that client is
    malworked over night in its IT, we look hard forward for the next leasing and service money.

    We are not at all perfect IT-gurus, but we can see some things, that is not healthy
    for our clients and when something strage happens, we loose that client.

    As the Movie titel said, "Open Eyes wide shut" and a little smalltalk is welcome
    at every custumer instead makes scan work and thats it.
    It needs only 10 min.
    We are not teacher, we are moving HelpDesks on the road.
    But talking to custumer is important, nice daytalk can enjoy your own satisfactory,
    telling customer, hey, here you have a risk, that can save lives. ;-)

    Greetings Peter

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here