
Badlock Bug - pxdr
http://badlock.org/
======
mintplant
> Please get yourself ready to patch all systems on this day. We are pretty
> sure that there will be exploits soon after we publish all relevant
> information [on April 12].

I predict there will be exploits within a week from now, now that they've told
people where to look and given a clue with the name "Badlock".

------
wnevets
is it just me or a lot more exploits are getting dedicated websites, names and
press releases these days? It reminds me of the weather channel naming snow
storms like hurricanes.

~~~
thecosas
Not a bad thing IMO. It brings more attention to security issues which is good
for public awareness.

Also makes it easier for IT to pitch the downtime to execs if it's something
the execs have heard of or can visit a website for with a simple description
of the threat.

~~~
raesene9
The problem is that it can generate vulerability fatigue, especially when some
of the named vulns turn out not to actually be that serious.

After the first 10 or 20 people will see it as de rigeur and stop paying
attention again...

------
ar0b
Can anyone explain to me the need to release the exploit information the same
day as the patches?

~~~
Retr0spectrum
People would be able to reverse engineer the patches anyway.

~~~
kittiepryde
Some people even managed to figure it out before the patches; doesn't mean we
should expedite the release of exploits. Its gonna take more than a day for
everyone to get patched.

~~~
eadz
"Bad Lock" \- maybe there's a clue

~~~
daveloyall
Yep, sounds like a clue to me.

"windows and samba" is a bigger clue. (See
[https://news.ycombinator.com/item?id=11337626](https://news.ycombinator.com/item?id=11337626)
and/or the badlock website itself, first sentence...)

As I see it, there are a couple options here...

One: the bug is in the SMB protocol itself.

Two: the bug is in some library code that is common to both Windows and Samba.

(One and two could be the same thing, but they need not be.)

Either way, coupled with the 'badlock' hint, I will be watching for some
bright/lucky soul to find it _before_ 20160412.

------
shdon
Ok, that is scary enough. If Windows and Samba are both affected, it might be
something to do with the SMB protocol itself. But is it also a critical issue
if SMB is not accessible from the outside world (i.e. LAN only)?

~~~
matheweis
According to a deleted tweet by someone in the know; everyone on the LAN would
be able to get admin rights.

[http://www.csoonline.com/article/3047221/techology-
business/...](http://www.csoonline.com/article/3047221/techology-
business/company-behind-the-badlock-disclosure-says-pre-patch-hype-is-good-
for-business.html)

~~~
DCtn
That entire article's full of incorrect information.

They've also posted screenshots of literally every other tweet but that one...

~~~
matheweis
It's about halfway down... Obviously could be faked, but why?

------
mey
Is a CVE published yet?

~~~
mhendrickx
No, although I'm sure they reserved a CVE number, although with a website and
all - I think they're more riding on the hype rather than a CVE number.

------
stonogo
Use the time you spend patching to ask yourself why you're using SMB/CIFS in
2016. Be really, really sure that's something you want to continue.

Once you've arrived at a decision, use the remaining time to write an angry
letter to the IT community, demanding they stop using security disclosures as
PR fodder.

~~~
Someone1234
Windows' enterprise infrastructure relies heavily on CIFS. It isn't practical
to operate a AD environment without it.

So the real question isn't even about CIFS, it is about AD and why that is so
popular, and that boils down to maturity, vendor support, staff knowledge, and
few alternatives (with Windows clients). Even Samba uses CIFS.

So if you have a working alternative to CIFS I'd like to read about it.

~~~
negrit
What does AD means?

~~~
jeffasinger
Active Directory
[https://en.wikipedia.org/wiki/Active_Directory](https://en.wikipedia.org/wiki/Active_Directory)

------
0x0
Is OSX affected?

~~~
hamstergene
Very well may be, at least for some people. SMB protocol (which "Samba" is
named for) is the second standard option for file sharing in OS X after
Apple's AFP.

I'm not sure if smb daemons are on all the time or not, but any Mac that has
served files to a Windows machine may be affected.

~~~
spilk
SMB is the standard on recent versions of OSX, AFP is deprecated.

~~~
matheweis
Apple did a ground up rewrite of their SMB services after SAMBA changed to
GPLv3... so their code base is completely separate. Depending on the exact
nature of the vulnerability, it's possible that OS X isn't vulnerable even
though Windows and SAMBA (oddly) both are. Or it's possible that Apple didn't
want to be part of the PR move ...

