A dangerous wireless security problem has been exposed
Results 1 to 8 of 8

Thread: A dangerous wireless security problem has been exposed

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    Thumbs up A dangerous wireless security problem has been exposed

    A dangerous wireless security problem has been exposed in most laptops running a recent version of Windows at ShmooCon, the hacker conference held in Washington DC.
    The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.

    The flaw is based on how the operating system is configured to search for any available wireless connection when the laptop is started up. If no wireless link is found, Windows creates an ad-hoc "local link address", instead of a "private network".

    The address becomes associated with the name of the last wireless network that provided the user with a real web address. Windows then causes the laptop to broadcast that network name to other computers in close range of the machine.

    By creating a network connection on his laptop that matches the network name being broadcast by the target machine, the two laptops could communicate with each other on the same local link address. And the hacker effectively gets control of your laptop.
    Full story can be found here:

    http://cooltech.iafrica.com/technews/802484.htm

  2. #2
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    Thumbs up A dangerous wireless security problem has been exposed

    A dangerous wireless security problem has been exposed in most laptops running a recent version of Windows at ShmooCon, the hacker conference held in Washington DC.
    The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.

    The flaw is based on how the operating system is configured to search for any available wireless connection when the laptop is started up. If no wireless link is found, Windows creates an ad-hoc "local link address", instead of a "private network".

    The address becomes associated with the name of the last wireless network that provided the user with a real web address. Windows then causes the laptop to broadcast that network name to other computers in close range of the machine.

    By creating a network connection on his laptop that matches the network name being broadcast by the target machine, the two laptops could communicate with each other on the same local link address. And the hacker effectively gets control of your laptop.
    Full story can be found here:

    http://cooltech.iafrica.com/technews/802484.htm

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
    So XP SP2 is invulnerable in it's default config. Laptops without built in wireless is invulnerable - though I doubt that, if it has a wireless card in it, it's probably vulnerable pre XP SP2.

    I need to research it further but right now it's probably a bit more FUD.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
    So XP SP2 is invulnerable in it's default config. Laptops without built in wireless is invulnerable - though I doubt that, if it has a wireless card in it, it's probably vulnerable pre XP SP2.

    I need to research it further but right now it's probably a bit more FUD.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hey Guys,

    I know virtually nothing about wireless (even my radio has a hand crank, and that is true! ) so this is a genuine question from a different angle:

    The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
    Now that would sound like my idea of "wardriving kit", so, would wardrivers be vulnerable to this?

    As I said I know very little about this area.


  6. #6
    Banned
    Join Date
    Jul 2004
    Posts
    297
    Nihil, I beleive that wardrivers are less like to have a problem with this since the idea is find the networks and not so much as to actually connect to them. Most of the tools I use make it clear what type of network is availible. ad hoc or managed, open or encrypted, but doesnt actually establish a connection. The people using the public hot spots are the ones that should be worried the most.

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Originally posted here by Tiger Shark
    So XP SP2 is invulnerable in it's default config. Laptops without built in wireless is invulnerable - though I doubt that, if it has a wireless card in it, it's probably vulnerable pre XP SP2.

    I need to research it further but right now it's probably a bit more FUD.....
    I think you will find you are correct with the, "FUD", statement.

    Just working the way it should do. Have a read of this if you wish:http://it.slashdot.org/article.pl?sid=06/01/15/0815207
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    I would think that if you have ANY pc/laptop connected to the internet in any fashion without a firewall you will be vulnerable on several levels
    Work... Some days it's just not worth chewing through the restraints...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •