Hey there! Can you guys tell me about what's the status of docs of NTLM/NTLMv2 provided by Microsoft?
Let me explain why I need that: we had here a discussion on a local college about "free x proprietary software", and the Microsoft guy (always them, right?) told us about a case where he claimed that Firefox sent one user username and password through the network without encription. On the next day I asked the Microsoft guy for some reference about the case he talked about. He sent me this URL: http://blogs.technet.com/dbordini/archive/2008/09/03/browser-navega-o-e-seguran-a-estudo-de-caso.aspx I translated it with Google and seems that make some sense: http://translate.google.com.br/translate?u=http%3A%2F%2Fblogs.technet.com%2Fdbordini%2Farchive%2F2008%2F09%2F03%2Fbrowser-navega-o-e-seguran-a-estudo-de-caso.aspx&sl=pt&tl=en&hl=pt-BR&ie=UTF-8 Trying to resume all the whole stuff, he's complaining that Firefox automatically decreased the safety level to NTLM (not using NTLMv2), when used with Windows Vista, without warning the user about that, sending the username and password as plain text, and for that reason Firefox is "junk", not IE (oh,boy), who worked on the expected way. I'll write a post on my blog (http://eustaquiorangel.com, it's Portuguese but I'm wondering on this case would not be a good idea to make an English version also) about all this and we'll continue the discussion on the college on the next, but first I'd like to ask you about that. Seems you Samba guys made some reverse engineering over time to deal with NTLM and after some years Microsoft released some docs, but I don't know it they are with enough quality to use and if you are still making reverse engineering and perhaps living with some patent risk, as I could not find information enough about the "copyright" of this protocol, which is the first point I'm planning to talk about on the discussion. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
