Kerberos, an ancient network authentication protocol from the 1980s that is commonly used to this day, can get you into some serious trouble.
The Kerberos setup used by your organization may not be all it’s cracked up to be.
Some myths run deep in the IT industry. It turns out, such is the case with Kerberos. The truth about security implications of using vanilla Kerberos is buried deep within its documentation.
Never mind, the esteemed MIT (Massachusetts Institute of Technology) keeps pushing new releases of their implementation of Kerberos. Their latest update was published less than two weeks ago. Their official project website treats you to this statement:
The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to “sniff” passwords off of the network are in common use by malicious hackers. (…)
As if they were trying to say “You are safe when using Kerberos”. But is that really so?
Not likely, at least not without further ado.
Brian H₂O’s (@int10h) had this to say via Twitter after diving into Kerberos:
@CloudInsidr yeah, because krb by itself only auths the client/server at the moment of handshake. there is not tunnel after, like ssl/ssh
— Brian H₂O’s (@int10h) March 7, 2016
Wow. Talk about surprises.
This looks like a serious case of IT “malpractice” and disinformation on the part of organizations advocating the use of Kerberos.
What if… what if this architectural flaw is somehow not an oversight, not a bug but a so-called “feature”?
@CloudInsidr not really. it wasn’t designed for tunneling. you can still do it, though. ssh w/ krb auth via gssapi does this.
— Brian H₂O’s (@int10h) March 7, 2016
Good to know. Is it worth the effort, then? (You decide.)
Thanks to Brian H₂O’s (@int10h) for this enlightening exchange!
Hi there would you mind stating which blog platform
you’re working with? I’m looking to start my own blog soon but I’m having a difficult time selecting between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique.
P.S Apologies for getting off-topic but I had to ask!
It’s a pity you don’t have a donate button! I’d certainly donate to this outstanding blog! I suppose for now i’ll settle for bookmarking and adding your RSS feed to my Google account. I look forward to new updates and will share this website with my Facebook group. Chat soon!
I have been surfing on-line more than 3 hours as of late, yet I by no means found any interesting article like yours. It is lovely worth sufficient for me. Personally, if all webmasters and bloggers made just right content as you probably did, the net will probably be much more helpful than ever before.
I am thankful that I found this web site, just the right information that I was searching for!
Hey! I just wanted to ask if you ever have any trouble with hackers? My last blog (wordpress) was hacked and I ended up losing months of hard work due to no back up. Do you have any solutions to protect against hackers?
Hi,
Yes, of course you have trouble with hackers! You don’t use HTTPS at all… everything goes as plain text, i.e. unencrypted! :-(
https://www.ssllabs.com/ssltest/analyze.html?d=www.naturalwayblog.com
You should switch to HTTP/2 (HTTPS with TLS v 1.2). Here is how to do it:
https://www.cloudinsidr.com/content/how-to-activate-http2-with-ssltls-encryption-in-nginx-for-secure-connections/
Hope it helps!
I’m truly enjoying the design and layout of your site. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a developer to create your theme? Great work!
It’s really a cool and helpful piece of info. I am happy that you shared this helpful information with us. Please keep us up to date like this. Thank you for sharing.
Some genuinely wonderful information, glad I discovered this. Keep it up!
Very good info. Lucky me I ran across your blog by chance (stumbleupon).
I’ve book-marked it for later!