From: Rich Graves <llurch@networking.stanford.edu>
To: win95netbugs@lists.Stanford.EDU
Message Hash: 2a9220c4ca8fcdcf150dbe8c8c8386d4da24e009c4466940091d7c6d2f5d8df3
Message ID: <Pine.ULT.3.91.951214212331.10286D-100000@Networking.Stanford.EDU>
Reply To: N/A
UTC Datetime: 1995-12-20 06:04:14 UTC
Raw Date: Wed, 20 Dec 1995 14:04:14 +0800
From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 20 Dec 1995 14:04:14 +0800
To: win95netbugs@lists.Stanford.EDU
Subject: ANNOUNCE: Windows 95 .PWL Security "Functionality Enhancement"
Message-ID: <Pine.ULT.3.91.951214212331.10286D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
I have been instructed that it is not a bug fix; it is a "Functionality
Enhancement." Please note headers before replying -- you're probably in a
Bcc field.
The patch for the problem we started discussing on November 1st is dated
yesterday, but no one outside Microsoft appears to have seen it until
today. pr/password.htm started forwarding to the patch distribution page
some time between 2PM and 7:30PM Pacific Time today (yes, I had hit
"reload").
http://www.microsoft.com/windows/software/mspwlupd.htm
http://www.windows.microsoft.com/software/mspwlupd.htm
Anyone who uses passwords for just about anything -- network servers,
dialup networking, remote registry services -- should get this patch.
For a rough start at a technical discussion of the problem that this
patch is supposed to solve, see http://www.c2.org/hackmsoft/ or the
gopher list archive below.
The Web page says it uses a 128-bit key. Intriguing. Anyone seen the CJR,
or is Microsoft exempt?
Microsoft had told various people that the new security algorithm would be
published in advance and reviewed by outside security experts, but I have
not been able to verify this.
This was supposed to affect Windows for Workgroups as well; anyone know
anything about that?
- -rich
owner-win95netbugs@lists.stanford.edu
ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
gopher://quixote.stanford.edu/1m/win95netbugs
http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMNENt43DXUbM57SdAQG4xwP9EqXu5wXBOfpThtEUikqngrQNpe7RGKSv
FqNSlZnh6GKJff6zQnZ3GyH0lYU8Mg+ApJVmSeSxq3ApA5Oc+jTUW6B4RNm+bxfT
YBSThGmGbNNt948E/7oyXJdYVtWhuAleQtU7LxKNJfXoQlO/R05cc8O0zj7EiBR+
777AbiM201s=
=K2IQ
-----END PGP SIGNATURE-----
Return to December 1995
Return to “Rich Graves <llurch@networking.stanford.edu>”
1995-12-20 (Wed, 20 Dec 1995 14:04:14 +0800) - ANNOUNCE: Windows 95 .PWL Security “Functionality Enhancement” - Rich Graves <llurch@networking.stanford.edu>