Here it comes...

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mrwho
    Major Asshole!

    Site Contributor
    2,500+ Posts
    • Apr 2009
    • 4302

    Here it comes...

    Brace yourselves - I predict a world of pain for us who have customers using scan to smb once this windows update comes along.
    ' "But the salesman said . . ." The salesman's an asshole!'
    Mascan42

    'You will always find some Eskimo ready to instruct the Congolese on how to cope with heat waves.'

    Ibid

    I'm just an ex-tech lurking around and spreading disinformation!
  • Tonerbomb
    AutoMajical Resolutionist

    Site Contributor
    2,500+ Posts
    • Feb 2005
    • 2589

    #2
    Well uncle Sam decided to f@!# with the camel jockeys via windows, and now the whole world will sufer the consequences!!! mrwho Thanks for the headsup!!
    Last edited by Tonerbomb; 07-13-2012, 12:50 AM.
    Mystic Crystal Revelations

    Comment

    • AyJayAreDii
      Technician

      50+ Posts
      • Jul 2010
      • 99

      #3
      Re: Here it comes...

      How would this affect us? as in which aspects of a mfd would it cause issues with?

      Comment

      • mrwho
        Major Asshole!

        Site Contributor
        2,500+ Posts
        • Apr 2009
        • 4302

        #4
        Re: Here it comes...

        Originally posted by AyJayAreDii
        How would this affect us? as in which aspects of a mfd would it cause issues with?
        SMB scanning.
        ' "But the salesman said . . ." The salesman's an asshole!'
        Mascan42

        'You will always find some Eskimo ready to instruct the Congolese on how to cope with heat waves.'

        Ibid

        I'm just an ex-tech lurking around and spreading disinformation!

        Comment

        • aodtech
          Trusted Tech

          100+ Posts
          • Nov 2007
          • 194

          #5
          Re: Here it comes...

          Could you explain how this will affect SMB scanning? I know the basics of how SMB scanning works, but I guess I don't know much about keys, certificates or anything like that.

          Comment

          • AyJayAreDii
            Technician

            50+ Posts
            • Jul 2010
            • 99

            #6
            Re: Here it comes...

            Originally posted by aodtech
            Could you explain how this will affect SMB scanning? I know the basics of how SMB scanning works, but I guess I don't know much about keys, certificates or anything like that.
            That is what I asking, like, will it lock lock out smb, or cause login/connectivity errors, just stall the machine? is it only for win7 or vista and xp too?

            Comment

            • rthonpm
              Field Supervisor

              2,500+ Posts
              • Aug 2007
              • 2831

              #7
              Re: Here it comes...

              This shouldn't have any effect on SMB scanning at all: SMB/CIFS doesn't use encryption. As a security measure SMB uses packet signing which just digitally signs the packets to ensure that they aren't being intercepted and altered on the way to the end device. The types of issues that are being addressed by this patch are way up the chain from SMB: SSL, Terminal Server signing and Active X are quite different. Flame worked by having the NSA or Mossad or what-have-you impersonate a root Microsoft certificate so that Flame appeared to come from Microsoft directly. All packet signing does is create an electronic signature for a device from a pre-installed random private key tied with a public key that gets transmitted to the end recipient that can be read and verified back to the private key.

              Comment

              • mrwho
                Major Asshole!

                Site Contributor
                2,500+ Posts
                • Apr 2009
                • 4302

                #8
                Re: Here it comes...

                Well, I'll admit I'm quite green when talking about SMB, but I'd assume that, once you use a login to access any SMB share, it would become encrypted, and thus, affected by this update. Burned as I am (and, I believe, others) from MS updates breaking SMB scanning from MFPs, I guess this will be no different.
                ' "But the salesman said . . ." The salesman's an asshole!'
                Mascan42

                'You will always find some Eskimo ready to instruct the Congolese on how to cope with heat waves.'

                Ibid

                I'm just an ex-tech lurking around and spreading disinformation!

                Comment

                • rthonpm
                  Field Supervisor

                  2,500+ Posts
                  • Aug 2007
                  • 2831

                  #9
                  Re: Here it comes...

                  Authentication to an SMB carries one of two methods of encryption and security: for domains Kerberos is used while workgroups use NTLM (and in newer machines and operating systems NTLMv2). Changes to these protocols definitely have broken SMB scanning, most recently the use of NTLMv2 in Windows Vista and above. Keep in mind, that for the copier to reach a Windows share it's using the Unix/Linux feature Samba. Any changes made to Windows root certificates and other higher level Windows-exclusive authentication methods won't affect a 'Nix machine unless it is explicitly trying to use that certificate. Apache servers with older style SSL certs and other application level servers will be affected more than the lowly copier will be.

                  Comment

                  Working...