| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6171c6010811250815w7fd3bd32jd1fd827e6ccd354f@mail.gmail.com>
Date: Tue, 25 Nov 2008 11:15:43 -0500
From: "Charles Morris" <cmorris@...odu.edu>
To: "Memisyazici, Aras" <arasm@...edu>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsoft takes 7 years to 'solve' a problem?!
<snip>
On Tue, Nov 25, 2008 at 10:51 AM, Memisyazici, Aras <arasm@...edu> wrote:
> <snip>
> M$ should just bite the incompatibility bullet and turn NTLM off - that's been an option for users, theoretically speaking, since about the time Windows Kerberos support became mature, and practically speaking, nobody seems to be turning NTLM off here in the real world.
> </snip>
>
> Err... Have ya' ever attended 'any' sec. conf. in the past 6 years?? If so, you'd see recommendation #1 has always been:
>
> *) refuse LM & NTLM, accept NTLMv2 only
>
</snip>
In reality, every machine I've ever built here at ODU (production
included) has had NTLM turned off.
No complaints yet.
--
Charles Morris
cmorris@...odu.edu,
cmorris@...s.odu.edu
Network Security Administrator,
Software Developer
Office of Computing and Communications Services,
CS Systems Group Old Dominion University
http://www.cs.odu.edu/~cmorris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists