This is indeed a fascinating feature.  And, while I applaud Microsoft's desire to "test an alternate distribution mechanism for our utilities," I'm very concerned about the security issues this opens up.

First off, by typing \\[machine]\[share] at a cmd.exe, you are causing your machine to make an SMB session with Microsoft, across the Internet.  Theoretically, Microsoft thus could capture the challenge/response interaction (LM Challenge/Response, NTLMv1, or NTLMv2, depending on how you are configured), and crack your passwords, a la the Cain tool.  However, you might think that's not a big deal, because, well, Microsoft already owns you, since the first time you installed Windows 3.1.

But the issue goes beyond that.  In essence, Microsoft, in distributing tools this way, is teaching people that doing LM C/R, NTLMv1, or NTLMv2 exchanges with people across the Internet is ok.  Even if users don't think of it in those terms, this action by Microsoft will lull people into complacency regarding such interactions. 

Furthermore, someone on the network between the machine running the commands and Microsoft could intercept the traffic and crack the credentials.  Or, bad guys could merely observe the traffic to determine who allows outbound SMB access from a target environment (it's a good idea to block such outbound traffic on TCP ports 135-139 and 445). Such leaked info is very useful for bad guys.  And, what's to say that Microsoft itself won't be compromised, with attackers capturing and cracking the challenge/response.  And, finally, with DNS cache poisoning, the bad guy could become  live.sysinternals.com, at least as far as your network is concerned.  Thus, you'd be sending credentials to the evil cache-poisoning dude, and then running executables he sends back to you.

Neat idea... terrifying security ramifications.  IMHO.

--Ed Skoudis.

Nicely said, Don.  There's much to chew on in the challenge, and I think people will have fun with it.  We try to write these challenges so that people learn new things while working on them.  Don't be intimidated, even if you aren't a Linux command-line person.  Just start working on it, and see where it leads.  You've got a little over a week to send in your answers.  I'd love to see what you guys come up with.

--Ed Skoudis.

Hey guys... diligent reader Andy tried Mike Poor's recipe for cooking turkey on a MacBook Pro, and kindly suggested some updates.  Apparently, the original recipe, which does make a tasty turkey, slimes the MacBook Pro.  Doh!  Who would have guessed that?  Happily, Andy amended the recipe to make it safer for the laptop as follows:

"Oh yeah, Mr. Poor's recipe is crap.  I'm sitting here with a weird
gelatinous goo dripping between my legs, the bottom of my MacBook Pro
is almost too slippery for me to type, AND I'm only trying this with a
10lb turkey, well below the specified 20lb limit.  As my momma always
said, turkeys are suppose to be cooked in a bag...or deep fried but
that's off topic.  Please Mr. Poor, do not be offended but I would
recommend changing the recipe to include a cooking bag.  If you are
concerned about not getting that nice, crispy, artery-clogging skin,
may I also recommend removing the bag for the last quarter of the
remaining battery charging time and start a Vista image in Fusion..."

Thanks, Andy, for the helpful suggestion.  Oh, and pass on the thanks from the whole Ethical Hacking community to your Momma.

--Ed.