Lanman's challenge/response-based and it can cave when bruteforced. There was a patch released some time ago because of a potential Lophtcrack brute-force between IIs & clients w/ WEC (ME & anything with Office2000). WEC didn't play nice with IE zone settings. Ditto a 2k telnet client/ntlm problem (the client is 'optional' but enabled by default I think). Ditto Netbios/ntlm. Windows sends the auths without telling users, another example of 'transparency' I guess? ;) My favorite ntlm-for-dummies: http://www.innovation.ch/java/ntlm.html Missy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 13:04:36 PDT