On Jan 3, 2026, at 5:31 AM, Mike Simpson <[email protected]> wrote: > “My stuff needs smbv1 and I’ve known about it being deprecated for over a > decade with the person i/c it at MSFT was begging folk not to use it in 2016 > and I haven’t worked out a technical solution for my limited domain and > because of my limited experience with a 50 year old file protocol I want to > keep all the obvious footguns still enabled by default for all to use.”
People still use NTLM, which is not much newer than SMBv1. Why? Because MSFT, in their infinite wisdom has deemed it to be the only way to get certain information from Active Directory. i.e. it's deemed to be more secure to (essentially) send clear-text equivalent passwords over the wire, instead of wrapping them in TLS, and restricting access to authenticated accounts with the correct authorization. There are hundreds of millions of people whose network access depends on NTLM. The admins would be deliriously happy to move to something better. But decades of complaints have gone nowhere. So yes, we've known that things have been deprecated for decades. I don't want to keep using a 40 year-old footgun around. But until I have a replacement, it's the only tool which works. Alan DeKok.
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Int-area mailing list -- [email protected] To unsubscribe send an email to [email protected]
