Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Wireless Networking Flaw Identified

Posted by Zonk on from the like-me-complicated-but-interesting dept.

An anonymous reader writes "Washingtonpost.com is reporting from the 2nd annual Shmoocon hacker conference about the release of a previously undocumented vulnerability in Windows. The flaw takes advantage of a feature on Windows laptops that have wireless cards built-in. Security researcher Mark Loveless found that Windows laptops which cannot find a wireless connection are configured to broadcast the name of the last SSID they associated with. They assign themselves an ad-hoc 'link local' (think 169.254.x.x.) address, and an attacker can configure his machine to broadcast an SSID of the same name. Thus, the attacker associates with that 'network' and communicates directly with the victim's machine. The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."

3 of 225 comments (clear)

  1. Maybe they'll work out all of the bugs ... by barfomar · · Score: 0, Troll
    Maybe they'll work all of these bugs out by the time Vista comes out.

    Or create a whole new batch to ensure job security...

  2. Re:Security? by defaria · · Score: 0, Troll

    Leaving your wireless network flat open is stupid. You deserve what you get. Others are under no obligation to inform you of your stupidity and printing the relevant sections of the manual is akin to "A word to the wise". I'm sorry you were not able to figure out how to enable the proper security for your network card and that you were still stupid enough to use is unprotected. As for treatment of IT people, there are far too many stupid and lazy people out there to teach them all how to crack a book once in a while but it does pay the bills - quite nicely I might add. However I've figured out long ago that dealing with idiots and morons who never bother to take the time to learn how to use the sophisticated piece of hardware and software that their company places on their desks is not one of the better paying positions in IT. So I deal with people who know what they are doing and who have much more complex problems and are willing to pay well into the 6 figures for somebody who knows how to solve their problems. I've long ago passed the helping the stupid exec who cares more about their office location, what people are wearing and what title they have managed to obtain while the company is managing to pay him less than 6 figures. Helping him learn the difference betweenn capturing just the image of the active window and capturing the whole desktop and why that's a waste of resources when all that is required is the one line error message itself, is a waste of time!

  3. Re:Should be standard on all laptops and desktops by sconeu · · Score: 0, Troll

    My Toshiba Satellite has a physical on/off switch for the 802.11. I'd like to see any company block that in software.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.