People are idiots. IT people even more so. Wait what, you say you need proof?
Well a talk was presented at Blackhat 2015, presented by Jonathan Brossard and Hormazd Billamoria that they managed to abuse the SMB relay attack using a malicious website.
To be totally honest, I kind of wonder how a talk like that made it to Blackhat because SMB attacks have been abusing SMB for a long time now. Hell, even a noob like I did it by writing 2 Metapsloit modules that allowed inserting of UNC paths in MS Word documents to steal SMB credentials.
However, what makes me think IT people are more idiots than normal people is the comments to an article on Tweakers.net, the most popular Dutch speaking websites that report about IT related subjects. You can find the original Dutch article here. What pisses me off is that the discussion ends up having comments that are not unlike you would expect on youtube, not a site visited by mainly technical savvy people.
The author gets called out by various people that say he is fearmongering, because providers block outgoing netbios. Yeah, lets depend on ISP’s, because when it goes about your credentials you want to depend on a third party that might, or might not, block outgoing SMB.
Another person doesn’t even bother reading the article and just goes on about how if people have a firewall, it should get blocked even on windows 10 (hint: it doesn’t).
Even more amusing is someone who claims that NAT will protect them from this attack (hint: it doesn’t, numnuts).
Also the claim that this can’t be an issue because people don’t have the same credentials that they use to access SMB internally made me cringe, because password re-use has been a major issue for years.
And most of the people who attack the article or author seem to forget one thing; small corporate networks. While bigger companies usually do block outgoing SMB, I hope at least, usually ISP’s do less filtering for small and medium business users than they do for home users. And how many small companies have good firewall management? Yeah, that’s also an issue.
So yeah, idiots. And please don’t forget that a lot of these people are probably working in companies where they are responsible for security the networks and systems, lets not even get started by the fact that they have to support their extended 50+ people family and their windows systems.
tl;dr: IT people on tweakers.net are as bad as youtube commenters.