homepage Welcome to WebmasterWorld Guest from 107.22.70.215
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Visit PubCon.com
Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)
Forum Library, Charter, Moderators: bill

(deprecated) Microsoft Windows OS (XP/NT/Vista) Forum

    
WiFi Security Flaw
engine




msg:1569432
 11:37 pm on Jan 17, 2006 (gmt 0)

A Microsoft Windows feature that allows PCs to automatically search for Wi-Fi connections could be exploited by hackers. The Wi-Fi feature in question is part of both Windows XP and 2000 and the flaw was reported at a hacker conference over the weekend.

WiFi security flaw [computerweekly.com]

 

Hanu




msg:1569433
 12:41 am on Jan 18, 2006 (gmt 0)

Does anybody know at which hacker conference this was reported? I find the article too general. I want to understand the implications and would like to read more about it.

Leosghost




msg:1569434
 1:05 am on Jan 18, 2006 (gmt 0)

One site in the hacker world is linking to this article [computerweekly.com]..presumably this link and site is what they are referring to ;)

The site ( which I do not link to due to possible issues with the TOS ) is not a "hacker conference" heh heh "panic stations everyone" ~~:0"dive ..dive! " ..but is a clearing house for various things ..specialising in security and vulnerabilities reporting ..

if you want sticky me ..for the URL ..Hanu read your
mail .)

one cannot be aware of what is said at all the meetings( there aren't many though ) ..there was one ( security meeting )this last weekend ( maybe )in Korea ..maybe someone from the area was there and maybe can say if this was discussed? ..then again the Korean meeting may not have happened yet ..

Setek




msg:1569435
 9:11 am on Jan 18, 2006 (gmt 0)

Does anybody know if Microsoft has released a Security Update yet?

If so, anybody know if there have been any confliction issues with those Intel M chips (the ones with the inbuilt wireless cards?)

I've only recently been having connection issues with my laptop and my AP... only when WPA or WEP is enabled on the AP though - been trying to discover whether a Windows Update was to blame.

If anybody has experienced similar problems and knows of a way to fix it, that would be great :)

madmatt69




msg:1569436
 9:29 am on Jan 18, 2006 (gmt 0)

The article says at the bottom:

"As a result of the flaw, security experts have warned companies to make sure their staff use personal firewalls or are using Windows XP Service Pack 2, both of which prevents attacks."

henry0




msg:1569437
 12:08 pm on Jan 18, 2006 (gmt 0)

I did too read about SP2
So what's the big deal?
If SP2 is known as stopping the attack
And knowing that a vast majority of users run conscientiously or not SP2

MamaDawg




msg:1569438
 1:26 pm on Jan 18, 2006 (gmt 0)

More about this (including links to the article with more detailed information and workarounds) on the securityfocus site...

henry0




msg:1569439
 1:38 pm on Jan 18, 2006 (gmt 0)

Hmmmm :)
?

Easy_Coder




msg:1569440
 3:18 pm on Jan 18, 2006 (gmt 0)

I read the MS Security Response Center Blog daily and those guys haven't made mention of this at all yet.

aleksl




msg:1569441
 4:50 pm on Jan 18, 2006 (gmt 0)

henry0: So what's the big deal? If SP2 is known as stopping the attack

because MS does not allow to upgrade to SP2 for anyone who has invalid key - and that includes many, many PCs that came with volume licensed XP, OEM installations, partner keys that were on the internet and were invalidated by MS, etc. etc. i.e. in a world outside "US businesses" it is pretty much anyone who didn't purchase XP directly from MS.

Tapolyai




msg:1569442
 8:21 pm on Jan 18, 2006 (gmt 0)

The first widely public presentation of this flaw was at ShmooCon.

The flaw is that a WiFi networking in Windows will "remember" the last WiFi network it connected to.

Next time when there is no WiFi network to connect to, it will use the previous WiFi network name, and starts broadcasting it.
(Technically not exact, but trying to keep it simple.)

With that knowledge, and knowing some default settings, an other machine can connect to the target WiFi machine.

Fix? Turn off by default your WiFi network card when not in use.

henry0




msg:1569443
 8:36 pm on Jan 18, 2006 (gmt 0)

aleksl
Thanks for the input; understood

rogerd




msg:1569444
 1:26 pm on Jan 19, 2006 (gmt 0)

>>volume licensed XP, OEM installations, partner keys that were on the internet

Any proper OEM furnishes a valid license key. I've bought many personal PCs and never had a problem. The only people with a bogus license key either bought their PC from a sketchy vendor or knowingly installed bogus Windows. If someone's illegal Windows blows up because of a virus, I don't have a lot of sympathy. The problem, I suppose, is that some worms and trojans might use the large number of illegal installations to spread and/or attack other machines; this would create untold havoc and bad PR for Microsoft, since the vulnerability would be presented in the press as a "Windows flaw", not a "flaw affecting illegal Windows copies".

The guy on the street corner with an overcoat full of watches isn't selling genuine Rolexes, and the spammer who emails you offering to download Windows for $50 isn't selling the real thing either.

J_RaD




msg:1569445
 9:17 pm on Feb 3, 2006 (gmt 0)

seems like this is an easy fix as already stated.

disable your WiFi card if your not using it.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved