Windows Wireless Networking Flaw Identified

An anonymous reader writes "Washingtonpost.com is reporting from the 2nd annual Shmoocon hacker conference about the release of a previously undocumented vulnerability in Windows. The flaw takes advantage of a feature on Windows laptops that have wireless cards built-in. Security researcher Mark Loveless found that Windows laptops which cannot find a wireless connection are configured to broadcast the name of the last SSID they associated with. They assign themselves an ad-hoc 'link local' (think 169.254.x.x.) address, and an attacker can configure his machine to broadcast an SSID of the same name. Thus, the attacker associates with that 'network' and communicates directly with the victim's machine. The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."

Re:Class Action Lawsuite

[nurb432]

Ever read the EULA? You hold microsoft not responsible by agreeing. So the answer would be no, no class action suits.

I'm sorry, this is old info

[dangermen]

This is old info and has been known for a while. Anyone having used Kismet or some other sniffer at a public place has see this.

String quartet?

[julesh]

Loveless then created an ad hoc network with the same name, and told his computer to go ahead and connect to "hackme." Viola!

Violin! Cello!

Seriously, though, TFA doesn't seem to say quite the same thing as the summary. The demonstration the reporter saw involved him setting up an ad-hoc network, and then the security researcher was able to connect to it. Err... that's how it's supposed to work.

The article then goes on to assume that this will happen when you connect to access points and then leave them, but you don't usually set up an ad hoc network for that process. Has he just got something wrong? Missed a step out or something? Is there a URL for a technical level article on this flaw?

Should you at a later date happen to open up your laptop in the vicinity of another Windows user who also had recently gotten online at Starbucks, those two machines may connect to each other without any obvious notification to either user

You mean other than the big speech bubble thing popping up and saying "Wireless Network Connection now connected to T-MOBILE"?

Re:Should be standard on all laptops and desktops

[bot24]

This isn't really good advice in my opinion; if your computer's security is ready for the 21st century it won't be a problem at all. The only reasons this may be a vulnerability you should care about are:

• You are not running a firewall
• Your firewall doesn't block access to unsecured services
• Your firewall makes exceptions solely based on IP subnets

The no firewall design is great if your computer is on a secured wired network that uses IPv4 networking. However, secured networks should be defined as having:

• No unsecured wireless access points
• No WEP secured wireless access points
• No internet-accessable computers
• No internet-exposed computers that may contract any form of malware
• A system that ensures that computers may only be used by the intended user
• No possibility of a disgruntled workers or pranksters

This effectively means that you should treat your local area network as you treat your internet connection unless you are only working on your personal home network consisting only of computers behind a network address translator, and exposing no services to the internet. With the coming of IPv6 network address translation should become less popular, and this method of securing your computers will become even more dangerous.
Run a properly configured firewall on all your computers. Do not use services that do not require authentication or base their authentication off of IP subnets.