Slashdot Mirror
Windows Wireless Networking Flaw Identified
An anonymous reader writes "Washingtonpost.com is reporting from the 2nd annual Shmoocon hacker conference about the release of a previously undocumented vulnerability in Windows. The flaw takes advantage of a feature on Windows laptops that have wireless cards built-in. Security researcher Mark Loveless found that Windows laptops which cannot find a wireless connection are configured to broadcast the name of the last SSID they associated with. They assign themselves an ad-hoc 'link local' (think 169.254.x.x.) address, and an attacker can configure his machine to broadcast an SSID of the same name. Thus, the attacker associates with that 'network' and communicates directly with the victim's machine. The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."
Ever read the EULA? You hold microsoft not responsible by agreeing. So the answer would be no, no class action suits.
---- Booth was a patriot ----
You have to try to connect, and FAIL, to be assigned a 169.254.x.y address.
This is old info and has been known for a while. Anyone having used Kismet or some other sniffer at a public place has see this.
Loveless then created an ad hoc network with the same name, and told his computer to go ahead and connect to "hackme." Viola!
Violin! Cello!
Seriously, though, TFA doesn't seem to say quite the same thing as the summary. The demonstration the reporter saw involved him setting up an ad-hoc network, and then the security researcher was able to connect to it. Err... that's how it's supposed to work.
The article then goes on to assume that this will happen when you connect to access points and then leave them, but you don't usually set up an ad hoc network for that process. Has he just got something wrong? Missed a step out or something? Is there a URL for a technical level article on this flaw?
Should you at a later date happen to open up your laptop in the vicinity of another Windows user who also had recently gotten online at Starbucks, those two machines may connect to each other without any obvious notification to either user
You mean other than the big speech bubble thing popping up and saying "Wireless Network Connection now connected to T-MOBILE"?
I secure mine, my neighbor doesn't secure their's, my whole freakin neighborhood is practically unaware of this "security" business.
netstumbler + usb wifi (better reception) in any residential area will show you how little people know/care.
As for your PC connecting to a network other than the one you want, you can tell windows which networks are "preferred" and they can be placed in order of preference.
right-click on the network icon ---> status ---> properties ---> wireless networks ---> (the "use windows" box has to be checked) ---> preferred networks
[Fuck Beta]
o0t!
This question was posed during Simple Nomad's talk... he stated that when the laptop reverts from Infrastructure mode (wep or not) to the adhoc mode w/ link local, WEP is disabled. So, even if you were using WEP on your last network, if you're in an area that is void of wireless networks for you to auto-attach to, you'll be broadcasting your last network SSID in adhoc mode, using the link local addresses, unencrypted.
More than that - the Windows firewall opens many ports to those machines it considers to be on the local LAN - Netbios, etc. Since your blackhat machine *would* be on the same subnet then the Windows firewall would be essentially invisible - all that is required is to browse to the network share (assuming it's got passwordless shares, which is not unusual at all if the target is normally connected to a corporate LAN - in fact the last place I worked it was policy to do so so the management could see what you were working on).
Yes. Windows trusts the network. Think Active Directory. If you can trick a Windows machine into thinking you are on its network, it will happily let you be its partner (or maybe even its server) on that network. Though you probably can't trick it into being an AD client right off, you can find out all kinds of things about it, such as any shares it has open.
This vulnerability is an enabler, rather than a gaping hole.
What I hate is Windows' inability to route on multiple network cards. If a user is on a wireless link and they go somewhere where they plug in, Windows still thinks the wireless card is the active connection. It's been that way for years, going back to modem-PPP connections.
Also, if you have both a wired connection and a wireless (or modem) connection and leave the wired network (connecting over wireless (or modem)), Windows can't find IP addresses that are on the wired subnet. If you have a web server on a network at work, you can't connect there over the wireless/modem link. You have to disable the wired network connection, and then it works. What a design!Raise your children as if you were teaching them to raise your grandchildren, because you are.
Ever read the EULA?
By reading this you agree to stand on your head, cluck like a chicken and send me a Godzillion dollars.
EULAs are like newspapers. Just because you read something in one doesn't make it so. You cannot be legally bound to that which is not legally binding, no matter how many times you click "I Agree." EULAs are wet dreams, not contracts.
How do you find out if you are legally bound?
Well, you file a lawsuit to put the matter before a judge, that's how.
KFG
An EULA, however restricting, is not a legal document in many countries because it conflicts with the laws of that particular country.
For example the Microsoft EULA that ships with every Microsoft product is infact in violation of several laws in several EU countries but because no one has taken it to the court, it hasn't been deemed invalid.
Naturally such a decision (to rule that EULA is invalid and people are entitled to compensation) would have long lasting and massive reprocussions.
I'm not sure if this will help your exact situation, but you could try going to the network connections box, then the advanced menu, then click on advanced settings. In there, you can change the preferred order of your networks. I've used this at work, as the laptops are set by default to use the wireless connection first, but if the wireless connection is flakey, the computer gives many network errors. Setting the wired connection as a higher priority fixes a lot of problems. The only time I've had problems switching between is if it is in the middle of a file transfer during the switch.
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
- You are not running a firewall
- Your firewall doesn't block access to unsecured services
- Your firewall makes exceptions solely based on IP subnets
The no firewall design is great if your computer is on a secured wired network that uses IPv4 networking. However, secured networks should be defined as having:- No unsecured wireless access points
- No WEP secured wireless access points
- No internet-accessable computers
- No internet-exposed computers that may contract any form of malware
- A system that ensures that computers may only be used by the intended user
- No possibility of a disgruntled workers or pranksters
This effectively means that you should treat your local area network as you treat your internet connection unless you are only working on your personal home network consisting only of computers behind a network address translator, and exposing no services to the internet. With the coming of IPv6 network address translation should become less popular, and this method of securing your computers will become even more dangerous.Run a properly configured firewall on all your computers. Do not use services that do not require authentication or base their authentication off of IP subnets.
A private house with an unlocked door - Not free and open for use, stay the hell out.
An AP that is meant to be open is fine. Thats what the owners/administrators intended. A private AP in someones house is not necessarily open for all to use. It may be, if that is what the owner intends. But just because it is unsecured is not necessarily an invitation or permission to use it.
So what if your computer automatically sets up an IP that doesn't clash, and then sets up adhoc wireless networking with the previous SSID _if_ you have your wlan interface on?
How is that a flaw? That's a _feature_ in many cases. Especially if you really want to share files and you don't have a WAP.
From the article: "First of all, if you are running any kind of network firewall -- including the firewall that comes built in to Windows XP -- you won't have to worry about some stranger connecting to your laptop. In fact, I had to shut down my firewall for both of us to successfully conduct our test. "
Doh.
If you actually care about security you'd already know that wireless networking is a lot less secure than wired networking.
To "wise guys" trying to connect to other peoples stuff. You yourself could be exploited if you connect to any untrusted wireless LAN and try using the internet or connecting to "open" shares[1]. There's so much that can be done to _you_ that it's not funny.
What are you going to do if your computer gets "owned" or fubared after you open a share that's called "Do Not Open" or something like that?
People who think they are smart and connect to "open" wireless LANs run by "stupid" people should also assume the possibility that someone can sniff, hijack and fake their traffic.
If turns out those "stupid" people aren't that stupid and are evil, your usernames and passwords could be taken, or your data. Or you could be victim of a MITM attack. What you see may not be the real thing.
Even if they aren't actively hostile, they could log your activities too and I doubt they are under the same limitations/restrictions as ISPs.
The company I work for provides systems that make it _easy_ for people to get connected to the internet and do their stuff - they don't have to fool around with their internet or browser settings.
Malicious folk can do the sort of stuff we do and more for nefarious purposes.
[1] You're running windows and you think you're smart to open some "stupid" person's unsecured shared folder? Well you better make sure you've set your My Computer and Local Intranet security settings to something safe[2]. And it's probably best to turn off "view as a webpage" and all that junk...
Whatever O/S you are using, you better be fully patched when you expose yourself to an untrusted network. I believe many modern Linux distros have file managers that generate image previews, and there was an image library bug not so long ago.
[2] See: http://support.microsoft.com/?kbid=315933 and http://support.microsoft.com/?kbid=182569
I think you meant SMS. However, to exploit this flaw requires an aweful lot of work. I would have to know which network you've been trying to connect to, then change my set up to be that. Then your settings in Windows would have to allow me to connect to you (no firewall, some other exploit that would take considerable time). People would have to be specifically targetted for this to work (minus the handful of people that have unrestricted access to their root shares and last connected to "linksys")
Every computer can support halting of network traffic. Just right-click on the interface's monitor in the taskbar and hit "Disable" in Windows. In OS X, click on the wireless icon and select "Disable." In Linux, if you have Gnome's netapplet or network-selector installed, hit "Disconnect." If you have KIntenet, right click and select "Hang Up." If you have none of those, type "sudo /sbin/ifdown eth*" where * is the number of your wireless, usually 0 or 1. You don't need any third-party program.
Just "gittin-r-done," day after day.
Unfortunately, you just described the average Windows user.
the pita bread you are cooking, i can smell it all the way over at my home... by your logic, i guess i can just head over and eat your pita bread when you leave it at window sill for cooling ?
i can smell you smoking out in my back yard.. i guess i'll come over and take away some of your cigs to smoke
light strays from your living room is entering mine.. i guess i'll read my newspaper in your living room
you are watering your grass and it is leaking into my yard.. i guess i'll use your hose to water my grass
try again
bob
Here's how to fix this on Windows:
Start->Control Panel->Network Connections->Double Click on your Wireless Connection->Properties->Wireless Networks->Advanced->Choose "Access point (infrastructure) networks only. Click the Close button then Click OK all the way back. Done.
Because they are not being broadcast into your private property. They are being broadcast within his own private property and spill over into yours.
If your neighbor calls out to his kids in the yard that its dinner time, and you can hear him from your yard would you show up at his table ready to eat? After all, "it was a clear invitation for dinner broadcast into your private property" right? Your neighbor wasn't speaking in code, and his door was unlocked too.
Perhaps your neighbour ought to install some sort of sound dampener -- say a 20ft tall concrete wall, at the border between your yards to ensure you don't get confused? Perhaps with a lead sheet inside to keep his radio waves from entering your property too?
Communication not intended for you ought to be ignored by you. Common courtesy and all that.