[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ANNOUNCE: Windows 95 .PWL Security "Functionality Enhancement"
-----BEGIN PGP SIGNED MESSAGE-----
I have been instructed that it is not a bug fix; it is a "Functionality
Enhancement." Please note headers before replying -- you're probably in a
Bcc field.
The patch for the problem we started discussing on November 1st is dated
yesterday, but no one outside Microsoft appears to have seen it until
today. pr/password.htm started forwarding to the patch distribution page
some time between 2PM and 7:30PM Pacific Time today (yes, I had hit
"reload").
http://www.microsoft.com/windows/software/mspwlupd.htm
http://www.windows.microsoft.com/software/mspwlupd.htm
Anyone who uses passwords for just about anything -- network servers,
dialup networking, remote registry services -- should get this patch.
For a rough start at a technical discussion of the problem that this
patch is supposed to solve, see http://www.c2.org/hackmsoft/ or the
gopher list archive below.
The Web page says it uses a 128-bit key. Intriguing. Anyone seen the CJR,
or is Microsoft exempt?
Microsoft had told various people that the new security algorithm would be
published in advance and reviewed by outside security experts, but I have
not been able to verify this.
This was supposed to affect Windows for Workgroups as well; anyone know
anything about that?
- -rich
[email protected]
ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
gopher://quixote.stanford.edu/1m/win95netbugs
http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMNENt43DXUbM57SdAQG4xwP9EqXu5wXBOfpThtEUikqngrQNpe7RGKSv
FqNSlZnh6GKJff6zQnZ3GyH0lYU8Mg+ApJVmSeSxq3ApA5Oc+jTUW6B4RNm+bxfT
YBSThGmGbNNt948E/7oyXJdYVtWhuAleQtU7LxKNJfXoQlO/R05cc8O0zj7EiBR+
777AbiM201s=
=K2IQ
-----END PGP SIGNATURE-----