Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Wireless Networking Flaw Identified

Posted by Zonk on from the like-me-complicated-but-interesting dept.

An anonymous reader writes "Washingtonpost.com is reporting from the 2nd annual Shmoocon hacker conference about the release of a previously undocumented vulnerability in Windows. The flaw takes advantage of a feature on Windows laptops that have wireless cards built-in. Security researcher Mark Loveless found that Windows laptops which cannot find a wireless connection are configured to broadcast the name of the last SSID they associated with. They assign themselves an ad-hoc 'link local' (think 169.254.x.x.) address, and an attacker can configure his machine to broadcast an SSID of the same name. Thus, the attacker associates with that 'network' and communicates directly with the victim's machine. The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."

8 of 225 comments (clear)

  1. Should be standard on all laptops and desktops by oilisgood · · Score: 5, Interesting

    Also, many laptops have a button you can push that disables the built-in wireless feature until you hit that button again. Turning off the wireless connection when you are not using it also prevents this from being a problem.

    Best advice in the article...

  2. Encryption? by joepeg · · Score: 5, Interesting

    What if the laptop's last SSID required WEP or WPA (and has it configured in a profile)? Will it still connect if _less_ security is required?

    --

    ZEN is a prime number in base-36

  3. Connecting to a network is a vulnerability now? by m50d · · Score: 4, Interesting

    I mean, I know windows security is bad, but is it really considered a compromise to simply be on the same network as the attacker's machine?

    --
    I am trolling
  4. Re:Class Action Lawsuite by rikkards · · Score: 2, Interesting

    I agree with what you are saying but the only thing that could become an issue is depending on how the laptop is configured (i.e ICS is enabled), theoretically someone could use the wireless access that they have now acquired to get access to the rest of the network. I have seen with so many companies how the three top rules are ignored:
    1. No admin access with a user account. If the person is required in their job to need that level of access, create them an account that they can run the necessary app with.
    2. Utilize proxies to get access to the internet, no direct connection through the firewall. Reduces specific applications from getting out (oh and log everything)
    3. Patch your machines dammit. Hell using MS's SAS will make your job easier. Once you have tested to make sure it doesn't break anything then approve the patch for your users.

  5. Re:Class Action Lawsuite by AgentTim3 · · Score: 2, Interesting

    Disclaimers of warranty are not necessarily legally binding. A decision in court would involve questions of how fair it is for MS to disclaim liability for this.

    Unfortunately it's not even about fair. With regards to security, Windows is provided "AS IS". Show me one place where Microsoft even makes the slightest guarantee about security. The product was never engineered to be secure and barring a complete rewrite it never will be. They're not dumb, they know it's not very secure, and they don't advertise it as such. They don't need to "disclaim liability", the courts need to prove why it should be assigned to them in the first place.

    Anyone who has an expectation of security in Windows is a sucker, plain and simple. Think about the common excuses: "99% of our customers use it so we have to also." "We store all our data on it, it OUGHT to be secure." "It's too expensive to switch to something else." You choose to use Windows, you get what you pay for. If you failed to do proper research and just created an assumption of security inside your head, it's your own fault. Quit whining about it.

    Everyone wants to sue Microsoft just because they exploit human stupidity, and they're really good at it. Great use of the court system.

  6. Not reall that funny by MECC · · Score: 2, Interesting

    "The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."

    I really don't see how MS helping to author a usefull RFC is funny, or even relevant. What's funny is that someone at MS somehow thought it would be a good idea to open up a system to the entire world, since its clearly a thinking flaw as opposed to the usual QA flaw.

    Speaking of thinking flaws, how about this one: If a laptop running XP has a wired and wireless connections going, XP asks the user if they want to share their connection. User clicks 'yes'. XP bridges wired and wireless for them. XP also broadcasts on both sides that it will be a gateway for other systems running XP (via netbios-over-ip, IIRC). Those systems get on board, and make that computer their default gateway.

    Then the computer 'sharing' its connection, and all its 'victims' are suddenly very slow. There never seemed to be a straightforward way to prevent the other XP computers from making the dual-connected XP system their default gateway. If you manually change the default gateway on the victim systems, they just switch back to the dual-connected XP box. I don't know if XP still does this, but talk about stupid.

    Seriously, who the hell thinks this kind of thing up? Do they have brain stem storming sessions or something?

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
  7. Re:Security? by kevinl · · Score: 2, Interesting

    He shouldn't be connecting to his neighbor's open network at all. Would you stroll into your neighbor's house if you found a door left ajar?

    Printing your name and phone number is just as wrong as printing instructions for securing the network, and is way dumber. There are lots of people in the world who are going to consider this an intrusion, and report it to law enforcement. Do you really want a visit from the police as thanks for your "helpful" offer?

    If you find an open network, leave it alone. If you feel you must help, use the signal strength to determine which neighbor has the open access point, and make a personal visit. But don't be surprised if you get told to mind your own business.

  8. Re:Security? by TerranFury · · Score: 2, Interesting

    > WTF are you smoking? how the hell can you conclude that leaving a network open creates an implied "use me" policy?

    If things like public municipal WiFi are to take off, we can't have that point of view.

    Let's say I'm the city of Philadelphia and I want to put free WiFi in the parks. If there's a legal precedent that says you're not allowed to use WAPs you stumble across, then this idea will never take off.

    Or what if we want WiFi to become a truly open broadcasting medium? What if I want to stream my own MP3s to whoever is nearby who might care? This vision of the future can't happen with implied non-permission.

    The problem is the "breaking-and-entry" metaphor we've been using. What we're talking about is radio communication. CB operators have never had an expectation of privacy, nor have HAMs. Unless there's an explicit lock -- it doesn't even need to be cryptographically secure; it just needs to send the message "you do not belong here" -- then I think we need to use the same assumptions we use for other radio communications.