Re: Who's fault is it?
Using "smb:" instead of "file:" won't change anything, simply the malicious redirector would use the former instead of the latter. SMB, just like NFS, was designed to access files on shared resources, using the file interface - while with NFS usually you mount the share somewhere, in Windows you can "mount" to a letter (there are more sophisticated ways, anyway), or simply access it with the UNC syntax - which is what makes the trick work. The issue is that once SMB is requested to access a server, it could naively present user credentials in attempt to get access - if this works depends on how the Windows system is configured, which authentication is used, and which type of password hashes it is allowed to use. And especially, unless the rogue server is in your LAN, if SMB "out" is allowed by the firewall on an unsecure network. It may be a risk on standalone machine, because AFAIK int the default Windows FW SMB out is enabled with the only scope limitation "local subnet" - but in some environments (i.e. free wi-fi), the local subnet may span several machines outside your control...
Biting the hand that feeds IT
