Netware? Nah.
I stuck with BSD on my servers ... 40+ years on: So far, so good.
Maybe you should've stuck with NetWare: Hijackers can bypass Active Directory controls
Two infosec bods have demonstrated an attack on Microsoft's Active Directory software that lets them insert their own domain controller into an existing enterprise setup. France-based duo Benjamin Delpy – the Mimikatz creator – and Vincent Le Toux presented their technique, dubbed DCShadow, to the Windows Giant's Blue Hat …
-
Tuesday 30th January 2018 05:46 GMT Anonymous Coward
OS vs. Directory Service
Maybe the headline should've suggested eDirectory rather than NetWare - that way it's an apples-to-apples comparison. Comparing an OS to a directory service in this way is a little weird.
That said, I kinda miss my old NetWare servers. Bloody rock solid as long as you used them for what they were intended to do instead of trying to turn them into application servers.
-
-
-
Tuesday 30th January 2018 18:26 GMT hendersj
Re: OS vs. Directory Service
Ah, the memories. -xk2'ing servers and such. Just had a virtual eDirectory 8.8 server eat its own face last weekend (not the directory's fault - a disk error led to OS issues). One of my fondest memories of NDS was documenting all the error codes because Novell wouldn't. That was tons of fun - NetWare's kernel debugger was very interesting to tinker in.
Lots of fond memories teaching troubleshooting and eDir internals over the years. I've seen all sorts of weird issues over the years - even communications errors causing stuck INHIBIT_MOVE obits in single-server trees (which I still haven't managed to understand how that happened - had to be database corruption of some sort).
-
-
-
Friday 2nd February 2018 02:02 GMT MauriceS
Re: OS vs. Directory Service
NetWare / NDS had a way different philosophy for rights assignment than Windows... When you set file rights on a Windows volume, it has to walk down the whole tree to assign them separately. (hence it takes a lot of time to do that on complex trees). This could be slightly faster to evaluate them at run-time, but more risky that subordinate stuff gets corrupted.
NetWare however, did the file right assignments at the level you set it. While evaluating the rights to a sub directory of that the only thing the code had to do is walk up to the level where the rights were assigned (which is a simple algorithm). Possibly slightly slower than Windows, but more precise, and also faster when assigning the rights. Less risks of corruption in sub-trees, as long as the tree structure is correct...
-
-
-
-
Tuesday 30th January 2018 08:57 GMT Lee D
Re: I'm missing...
If someone can figure out how to turn it into a viable attack before Microsoft can fix it, it doesn't really matter whether they privately disclose it first or not. Someone, somewhere will have found it and be attacking it, or will be paying VERY close attention to the CVE entries etc. the second they are registered and poking around anything they think related.
A whitehat holding onto a critical exploit is no better than a blackhat doing the same, the risk is just the same, and there's no way to tell which they are (or indeed whether they are both... taking the glory for discovering/fixing it while secretly being the guy selling it to the baddies and profiting both ways).
Fact is, you need admin rights anyway. Already game over.
-
-
Tuesday 30th January 2018 08:45 GMT Anonymous South African Coward
OS/2 Warp LAN server any better? :p
Netware 3.12 was an absolute joy to admin and run, rock-solid and reliable until somebody get admin rights and allow a pesky DOS virus to overwrite all the DOS Netware apps and files :)
And ncsnipes! (it is an android app btw)
A file and printering server should be just that - file and printering server... not an application server, which should be something totally different and on different hardware.
But beancountery things want less servers in the server room, so it means one big, beefy PC to host multiple VM's, all with their own quirks and Spectre vulns...
Biting the hand that feeds IT
