Recent Mac/Win interop threads

From: Brad Judy (judy@colorado.edu)
Date: 12/27/01


From: "Brad Judy" <judy@colorado.edu>
To: <focus-ms@securityfocus.com>
Date: Thu, 27 Dec 2001 09:48:30 -0700

The most disturbing items I see on this list are unresolved security
problems. Recently there have been two threads regarding security problems
involving Macintosh clients and MS Services for Macintosh that have gone
unresolved.

I need to do some testing on these issues and another potential security
problem in Macintosh/Windows interop that we have stumbled upon here (more
on that when we have more information). I will probably also submit some
info to http://www.macwindows.com - a great resource for interop.

As a potential answer to the password change question, check out this MS KB
article: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306485

I should note that the UAM linked to by Laura is not the current one, 5.09
is the current Mac OS 8.x-9.x version and there is now a 1.0 version for Mac
OS X. Both of these add NTLMv2 support (over the previous LM only support)
and are thus important for security.

I feel Mac/Win interop security is largely overlooked probably due to the
rift between the Windows and Macintosh communities. There are many people
working to remedy this situation, but it requires the efforts of both
communities.

Brad Judy

Information Technology Services
University of Colorado at Boulder