Banyan Vines
That I even remember the name "Banyan Vines" - god I'm old!
Microsoft’s launched a new bug bounty program, this time for identity services. “Microsoft has invested heavily in the security and privacy of both our consumer (Microsoft Account) and enterprise (Azure Active Directory) identity solutions,” wrote principal security group manager Phillip Misner. But Redmond’s not just paying …
yeah I remember being told that Vines ran on a version of UNIX ported to a 386 box, and if I remember correctly, the DOS drivers for it were nearly 200k... [that was HUGE back in those days]. Some DOS programs wouldn't even run with the network drivers loaded. As I recall that problem was "fixed" by running windows 3.0 though, using 386 'enchanted' mode to run DOS programs.
Ah, windows 3.0! And, the 3D Skeuomorphic interface that made people WANT to run it! not like Win-10-nic. *diig* *dig* *dig* (obligatory digs at Win-10-nic)
From what I understand AAD was a ground up clean sheet modern directory written specifically for multi-tenant web scale identity requirements. Compatibility with Windows AD obhects was added afterwards, and AD services have been slowly bolted on, but again are clean room implementations. I doubt there's much if any code in AAD taken from Windows AD.
"Why does Microsoft even have that many different sites for login & authentication services."
I'm glad SOMEBODY already said it, 'cause I was sure THINKING it!
Here's another thing: If I attempt to crack M-shaft security, in order to perform vulnerability tests, and the captain DOES notice, will I _STILL_ get arrested by some idiotic law that prevents "regular people" from doing such tests for research purposes? You know, like some of the DMCA crap passed a while back? The same kind of "law" that says penetration testing is ILLEGAL, regardless of the reason for it? (like the arguments for making GUNS illegal because SOME people shoot other people with guns for criminal reasons, so 'they' wanna BAN THEM ALL)
DMCA did what it did because there's no 2nd Amendment for HACKING. worth pointing out.
/me NOT grabbing my coat. SOMEONE has to say this kind of stuff. watching out for black helicopters, though...
I don't think there's much of anything like Banyan Vines left in AD, Samba would have found it by now if there was, I should imagine. Whether in inter-compatibility testing, or legacy protocols that they try to support, or anything else.
And given that Samba can be a full AD domain controller, I reckon they've had stumbled across / recommended against any such code.
Hell, to be honest, SMBv1 and v2 are already dead BECAUSE they're so insecure. That's how those worms of a few years ago propagated and even that was seen as "Why the hell does the NHS have that option enabled any more anyway?"
We're about to abandon on-prem ADFS for 1,000s users in favour of syncing password hashes to Azure AD and re-associating the SSaS trust relationships from ADFS to Azure AD.
Far simpler to let MSFT handle all this than run on-prem ADFS and try to achieve all the nines up-time.
The bad news is in the small print- it's actually $500 to $100,000 worth of Zune hardware and subscriptions to Groove Music, though Microsoft helpfully point out that you can use to treat yourself to as many Groove Music subscriptions as you like before they close the service down in December!
(Mmm.... brown Zune. Also- no, not really).