| ▲ | observationist 7 hours ago |
| This empowers script kiddies, but not significantly moreso than they already were. Of all the places this is still in use, they've been exposed for years, so this isn't likely to result in a a bunch of new exploitations. However, it's most likely to be used by governments, with legacy servers that are finicky, with filesharing set up that's impacted other computers configured for compatibility, or legacy ancient network gear or printers. I wonder who they're pushing around, and what the motivation is? |
|
| ▲ | bigfatkitten 6 hours ago | parent | next [-] |
| Mandiant is Google's incident response consulting business. Having worked for many years in that field myself (though not for Mandiant), they're probably sick of going to the same old engagements where companies have been getting owned the same way over and over again for the last 15 years. What releases like this do is give IT ops people the ammunition they need to convince their leadership to actually spend some money on fixing systemic security problems. |
| |
| ▲ | alfiedotwtf 3 hours ago | parent [-] | | > Mandiant is Google's incident response consulting business Consulting business? I was under the impression (from Google Reader) that if users aren’t in the millions, then they’ll kill the project. How could they also run a high-touch consultancy?! > they're probably sick of going to the same old engagements Hmm… consultancies love this type of recurring revenue - it’s easy money | | |
| ▲ | wolpoli 3 hours ago | parent | next [-] | | > Consulting business? I was under the impression (from Google Reader) that if users aren’t in the millions, then they’ll kill the project. How could they also run a high-touch consultancy?! Google also has the Project Zero which doesn't fit into Google business culture either. I wonder if Mandiant is paying for their payroll. | | |
| ▲ | bri3d 3 hours ago | parent [-] | | Project Zero has been around for 8 years before the Mandiant acquisition. | | |
| |
| ▲ | hiddencost an hour ago | parent | prev [-] | | Google is a quarter million person company (if you count full time, temps, vendors and contractors). Google Cloud is basically an entirely different company than Search or Maps. Cloud will happily sell you $10m in compute a year and a value add $400k of security consulting. |
|
|
|
| ▲ | freedomben 5 hours ago | parent | prev | next [-] |
| It also empowers IT depts and cybersecurity people to be able to easily build a PoC to show why moving on from the deprecated protocol is important. In many white-hat jobs you can't just grab rainbow tables from a torrent, so a resource like this is helpful. For the grays and black hats, they've had access to rainbow tables like this for a very long time, so no change there. |
| |
| ▲ | stackskipton 2 hours ago | parent | next [-] | | Any business that needs convincing to move on from anything labeled NTLM does not care what "nerds" have to say. They are either one of those "I'm not spending money on something that works" or stuck with such legacy technical debt that at this point, removing it from environment is too costly to even consider so executives kick it down the road. | |
| ▲ | Xirdus 4 hours ago | parent | prev [-] | | Out of curiosity, why can't white hats grab rainbow tables from torrents? Is it about seeding? | | |
| ▲ | sethhochberg 4 hours ago | parent [-] | | Its less about torrents being the delivery mechanism and more about bringing data from a potentially unknown source, under potentially unknown licensing, and distributed for a potentially unknown reason into the corporate computing environment. Torrents would be a perfectly valid way for Google to distribute this dataset, but the key difference would be that Google is providing it for this purpose and presumably didn't do anything underhanded to collect or generate it, and tells you explicitly how you're allowed to use it via the license. That sort of legal and compliance homework is good practice for any business to some extent (don't use random p2p discoveries for sensitive business purposes), but is probably critical to remain employed in the sorts of giant enterprises where an internal security engineer needs to build a compelling case for spending money to upgrade an outdated protocol. |
|
|
|
| ▲ | Retr0id 6 hours ago | parent | prev | next [-] |
| I suspect Mandiant hears a lot of "this is impractical to exploit so we don't care" from their clients. Now they have a compelling rebuttal to that. |
|
| ▲ | reincarnate0x14 4 hours ago | parent | prev [-] |
| You've been able to find these for years. In fact it's entirely possible they just grabbed some or all of them out of an existing torrent originally. It would completely not surprise me if there are automagic attacks on net-ntlmv1 at this point against some cloud hosted storage. This has been doable by anyone since like 2016 if you had the space and weren't prevented from using that protocol version. |
