Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Wireless Networking Flaw Identified

Posted by Zonk on from the like-me-complicated-but-interesting dept.

An anonymous reader writes "Washingtonpost.com is reporting from the 2nd annual Shmoocon hacker conference about the release of a previously undocumented vulnerability in Windows. The flaw takes advantage of a feature on Windows laptops that have wireless cards built-in. Security researcher Mark Loveless found that Windows laptops which cannot find a wireless connection are configured to broadcast the name of the last SSID they associated with. They assign themselves an ad-hoc 'link local' (think 169.254.x.x.) address, and an attacker can configure his machine to broadcast an SSID of the same name. Thus, the attacker associates with that 'network' and communicates directly with the victim's machine. The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."

2 of 225 comments (clear)

  1. Should be standard on all laptops and desktops by oilisgood · · Score: 5, Interesting

    Also, many laptops have a button you can push that disables the built-in wireless feature until you hit that button again. Turning off the wireless connection when you are not using it also prevents this from being a problem.

    Best advice in the article...

  2. Encryption? by joepeg · · Score: 5, Interesting

    What if the laptop's last SSID required WEP or WPA (and has it configured in a profile)? Will it still connect if _less_ security is required?

    --

    ZEN is a prime number in base-36