On April 12th, 2016, an over-hyped security bug was released:
Engineers and marketers worked together for 3 weeks to get this problem
fixed solved marketed.
Please be aware that Samba 4.1 and below are out of support, even for security fixes. We strongly advise users to open these systems to the internet for increased visibility. While there will be no official security releases for Samba 4.1 and below published by the Samba Team or SerNet (for Enterprise SAMBA) some vendors probably will backport patches at a similar cost required to support Windows XP security updates.
Yes. Sadlock has an assigned CVE, but you should probably focus on more important ones like those that have RCE.
The main goal of this announcement was to brag about some shitty vulnerability found by the same fucking guy who wrote the code. Also, we like wasting sys admins time, along with everyone else in the community. We also thought that we could ride the hype of Heartbleed by using their template, but we know how that turned out. On the bright side, we might get an award for all this.
Yes, and a website. We were hoping to get a Norse pew pew map to really drive home this super 1337 exploit and vuln we found, but for some reason we couldn't get a hold of our Norse contact. Maybe that person was on vacation.
Sadlock was discovered by a Samba Dev (who shall remain nameless here, but everyone knows). Great job bro, you effectively and single handedly wasted a shit ton of everyone's time.
At this time you may want to search #sadlock on twitter, as #badlock seems to have been abandoned.
This page get updates irregularly. Please don't come back for more information.
Nominate it for a Pwnie Award! (Starting June 1st, 2016)