Welcome to WebmasterWorld Guest from 54.145.13.215

Forum Moderators: bill

Message Too Old, No Replies

WiFi Security Flaw

     
11:37 pm on Jan 17, 2006 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22315
votes: 239


A Microsoft Windows feature that allows PCs to automatically search for Wi-Fi connections could be exploited by hackers. The Wi-Fi feature in question is part of both Windows XP and 2000 and the flaw was reported at a hacker conference over the weekend.

WiFi security flaw [computerweekly.com]
12:41 am on Jan 18, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 8, 2003
posts:548
votes: 0


Does anybody know at which hacker conference this was reported? I find the article too general. I want to understand the implications and would like to read more about it.
1:05 am on Jan 18, 2006 (gmt 0)

Senior Member from FR 

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 15, 2004
posts:6717
votes: 230


One site in the hacker world is linking to this article [computerweekly.com]..presumably this link and site is what they are referring to ;)

The site ( which I do not link to due to possible issues with the TOS ) is not a "hacker conference" heh heh "panic stations everyone" ~~:0"dive ..dive! " ..but is a clearing house for various things ..specialising in security and vulnerabilities reporting ..

if you want sticky me ..for the URL ..Hanu read your
mail .)

one cannot be aware of what is said at all the meetings( there aren't many though ) ..there was one ( security meeting )this last weekend ( maybe )in Korea ..maybe someone from the area was there and maybe can say if this was discussed? ..then again the Korean meeting may not have happened yet ..

9:11 am on Jan 18, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 28, 2005
posts:646
votes: 0


Does anybody know if Microsoft has released a Security Update yet?

If so, anybody know if there have been any confliction issues with those Intel M chips (the ones with the inbuilt wireless cards?)

I've only recently been having connection issues with my laptop and my AP... only when WPA or WEP is enabled on the AP though - been trying to discover whether a Windows Update was to blame.

If anybody has experienced similar problems and knows of a way to fix it, that would be great :)

9:29 am on Jan 18, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 28, 2001
posts:779
votes: 0


The article says at the bottom:

"As a result of the flaw, security experts have warned companies to make sure their staff use personal firewalls or are using Windows XP Service Pack 2, both of which prevents attacks."

12:08 pm on Jan 18, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4388
votes: 2


I did too read about SP2
So what's the big deal?
If SP2 is known as stopping the attack
And knowing that a vast majority of users run conscientiously or not SP2
1:26 pm on Jan 18, 2006 (gmt 0)

Full Member

10+ Year Member

joined:June 16, 2004
posts:249
votes: 0


More about this (including links to the article with more detailed information and workarounds) on the securityfocus site...
1:38 pm on Jan 18, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4388
votes: 2


Hmmmm :)
?
3:18 pm on Jan 18, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 2, 2003
posts:1184
votes: 0


I read the MS Security Response Center Blog daily and those guys haven't made mention of this at all yet.
4:50 pm on Jan 18, 2006 (gmt 0)

Senior Member

joined:Jan 3, 2003
posts:1023
votes: 0


henry0: So what's the big deal? If SP2 is known as stopping the attack

because MS does not allow to upgrade to SP2 for anyone who has invalid key - and that includes many, many PCs that came with volume licensed XP, OEM installations, partner keys that were on the internet and were invalidated by MS, etc. etc. i.e. in a world outside "US businesses" it is pretty much anyone who didn't purchase XP directly from MS.

8:21 pm on Jan 18, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 10, 2001
posts:731
votes: 0


The first widely public presentation of this flaw was at ShmooCon.

The flaw is that a WiFi networking in Windows will "remember" the last WiFi network it connected to.

Next time when there is no WiFi network to connect to, it will use the previous WiFi network name, and starts broadcasting it.
(Technically not exact, but trying to keep it simple.)

With that knowledge, and knowing some default settings, an other machine can connect to the target WiFi machine.

Fix? Turn off by default your WiFi network card when not in use.

8:36 pm on Jan 18, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4388
votes: 2


aleksl
Thanks for the input; understood
1:26 pm on Jan 19, 2006 (gmt 0)

Administrator

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
posts:9685
votes: 0


>>volume licensed XP, OEM installations, partner keys that were on the internet

Any proper OEM furnishes a valid license key. I've bought many personal PCs and never had a problem. The only people with a bogus license key either bought their PC from a sketchy vendor or knowingly installed bogus Windows. If someone's illegal Windows blows up because of a virus, I don't have a lot of sympathy. The problem, I suppose, is that some worms and trojans might use the large number of illegal installations to spread and/or attack other machines; this would create untold havoc and bad PR for Microsoft, since the vulnerability would be presented in the press as a "Windows flaw", not a "flaw affecting illegal Windows copies".

The guy on the street corner with an overcoat full of watches isn't selling genuine Rolexes, and the spammer who emails you offering to download Windows for $50 isn't selling the real thing either.

9:17 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 30, 2006
posts:1599
votes: 1


seems like this is an easy fix as already stated.

disable your WiFi card if your not using it.