.:Computer Defense:.

Today there are a lot of people talking about the release of the Windows Server Protocols and the Windows Communication Protocols. They are series of specs defining various proprietary Microsoft protocols. There are plenty of them and they are rather in depth. These are being released right on the heels of last week's release of the Microsoft Office file format specs. The release of these is, of course, tied to the EU decision that Microsoft has to be more open to interoperability.

Most people, who are talking about the protocol specs so far, are security researchers. This plays a major role in the research game for us. I can remember a few MS Tuesdays that were spent with IDA Pro attached to some listening service, trying to figure out how to generate valid data that would traverse the service to a specific breakpoint. In a lot of ways this will make that research quite a bit easier... and this is what most people are talking about.

While researchers are sitting saying, ‘WOW, this is amazing.' There are a few things that we need to remember:

The improvements we'll see in open source projects. Projects like Samba, mod_ntlm and others will most likely undergo changes to implement portions of the protocols that were never properly understood, or never properly implemented. Someone did point out, however, that developers on some open source projects who enjoyed reversing the protocols may fade away from the projects, bringing in new developers who ‘just want to code'.

Another interesting thing will be the updates to packet analysers and protocol dissectors. I'm sure that we'll see some impressive updates out of Wireshark... but I'm also guessing we'll see the introduction of several small protocol-dependant sniffers. The specs are there, so why not write them?

While security researchers are excited... I'm willing to bet that will stop on the first or second MS Tuesday following this release. Something tells me that this will lead to better fuzzers and more vulnerabilities. This will create a lot of work for those of us in Vulnerability Management, IDS/IPS, etc.

We may also see malware authors looking at various services for new covert channels in which to hide their phone home capabilities... I guess we'll just have to wait and see.

In the end this is really exciting... I will probably spend my entire weekend staring at my new 22" wide-screen monitor reading some of these specs. It'll be interesting to see what the next few months hold.

Does anybody have any thoughts or concerns over these protocols opening up? Any project ideas they are willing to share or propose?