|
-
January 17th, 2006, 12:16 AM
#1
 A dangerous wireless security problem has been exposed
A dangerous wireless security problem has been exposed in most laptops running a recent version of Windows at ShmooCon, the hacker conference held in Washington DC.
The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
The flaw is based on how the operating system is configured to search for any available wireless connection when the laptop is started up. If no wireless link is found, Windows creates an ad-hoc "local link address", instead of a "private network".
The address becomes associated with the name of the last wireless network that provided the user with a real web address. Windows then causes the laptop to broadcast that network name to other computers in close range of the machine.
By creating a network connection on his laptop that matches the network name being broadcast by the target machine, the two laptops could communicate with each other on the same local link address. And the hacker effectively gets control of your laptop.
Full story can be found here:
http://cooltech.iafrica.com/technews/802484.htm
-
January 17th, 2006, 12:16 AM
#2
A dangerous wireless security problem has been exposed
A dangerous wireless security problem has been exposed in most laptops running a recent version of Windows at ShmooCon, the hacker conference held in Washington DC.
The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
The flaw is based on how the operating system is configured to search for any available wireless connection when the laptop is started up. If no wireless link is found, Windows creates an ad-hoc "local link address", instead of a "private network".
The address becomes associated with the name of the last wireless network that provided the user with a real web address. Windows then causes the laptop to broadcast that network name to other computers in close range of the machine.
By creating a network connection on his laptop that matches the network name being broadcast by the target machine, the two laptops could communicate with each other on the same local link address. And the hacker effectively gets control of your laptop.
Full story can be found here:
http://cooltech.iafrica.com/technews/802484.htm
-
January 17th, 2006, 12:53 AM
#3
The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
So XP SP2 is invulnerable in it's default config. Laptops without built in wireless is invulnerable - though I doubt that, if it has a wireless card in it, it's probably vulnerable pre XP SP2.
I need to research it further but right now it's probably a bit more FUD.....
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 17th, 2006, 12:53 AM
#4
The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
So XP SP2 is invulnerable in it's default config. Laptops without built in wireless is invulnerable - though I doubt that, if it has a wireless card in it, it's probably vulnerable pre XP SP2.
I need to research it further but right now it's probably a bit more FUD.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 17th, 2006, 01:28 AM
#5
Hey Guys,
I know virtually nothing about wireless (even my radio has a hand crank, and that is true!  ) so this is a genuine question from a different angle:
The laptop must be running Windows XP or 2000, have built-in wireless functionality and be unprotected by firewall software.
Now that would sound like my idea of "wardriving kit", so, would wardrivers be vulnerable to this?
As I said I know very little about this area.
-
January 17th, 2006, 01:53 AM
#6
Nihil, I beleive that wardrivers are less like to have a problem with this since the idea is find the networks and not so much as to actually connect to them. Most of the tools I use make it clear what type of network is availible. ad hoc or managed, open or encrypted, but doesnt actually establish a connection. The people using the public hot spots are the ones that should be worried the most.
-
January 17th, 2006, 03:54 AM
#7
Originally posted here by Tiger Shark
So XP SP2 is invulnerable in it's default config. Laptops without built in wireless is invulnerable - though I doubt that, if it has a wireless card in it, it's probably vulnerable pre XP SP2.
I need to research it further but right now it's probably a bit more FUD.....
I think you will find you are correct with the, "FUD", statement.
Just working the way it should do. Have a read of this if you wish:http://it.slashdot.org/article.pl?sid=06/01/15/0815207
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
January 17th, 2006, 05:22 PM
#8
I would think that if you have ANY pc/laptop connected to the internet in any fashion without a firewall you will be vulnerable on several levels
Work... Some days it's just not worth chewing through the restraints...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
