Windows 10 News and info | Forum
August 17, 2017, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot and Botscout | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website Windows 8 Forum Help Login Register  
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Google reacts to pressure with updated Android Samba client with SMB v1 disabl  (Read 35 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 26917


I Do Windows


WWW Email
« on: July 20, 2017, 10:21:37 PM »
ReplyReply

Two weeks ago we posted that Microsoft was removing SMBv1 file sharing from future versions of Windows.  The vulnerable file sharing protocol was instrumental in making the recent WannaCry and Petya attacks so successful by allowing lateral spread on a Windows network to other Windows users without them even needing to open any attachments.

Microsoft has been deprecating the SMBv1 protocol since 2014, as it is inherently less secure than more recent versions of the file sharing protocol.

Google, with impeccable timing, has now released an SMB client for Android which is full featured, but only supports SMBv1, as confirmed by Android Police.

If widely adopted by enterprises it would make it more difficult for administrators to deactivate SMBv1 support on their network, and therefore place the Windows machines on the network at risk.

Microsoft’s Ned Pyle, who owns SMB, also reports that SMBv1 is vulnerable to Man in the Middle attacks, meaning even Linux and Android users who use a clean room implementation of SMB would be exposing users to being exploited.

“Linux users are not perfectly safe using this client, as the SMB1 client does not provide sufficient MitM protections unless carefully configured with UNC hardening (a feature likely not available or possible here, since this phone likely cannot use Kerberos, join active directory domains, and there isn’t an obvious way I see to configure signing). I would not recommend using any SMB client from any vendor that only supports SMB1,” he noted.

Google has been hitting Microsoft recently with a steady stream of security disclosures, making the ill-thought release of the Android Samba Client by Marketing @ Google not just odd but suspicious.

Hopefully, Google will do the right thing for their customers and follow Microsoft’s lead in deprecating SMBv1, for the safety of all concerned.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page August 15, 2017, 09:33:44 AM