Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Wireless Networking Flaw Identified

Posted by Zonk on from the like-me-complicated-but-interesting dept.

An anonymous reader writes "Washingtonpost.com is reporting from the 2nd annual Shmoocon hacker conference about the release of a previously undocumented vulnerability in Windows. The flaw takes advantage of a feature on Windows laptops that have wireless cards built-in. Security researcher Mark Loveless found that Windows laptops which cannot find a wireless connection are configured to broadcast the name of the last SSID they associated with. They assign themselves an ad-hoc 'link local' (think 169.254.x.x.) address, and an attacker can configure his machine to broadcast an SSID of the same name. Thus, the attacker associates with that 'network' and communicates directly with the victim's machine. The funny part from the Post blog entry is that Microsoft helped author the RFC for link local."

15 of 225 comments (clear)

  1. Damn!!!! by Anonymous Coward · · Score: 4, Funny

    There goes my mobile botnet...

  2. Should be standard on all laptops and desktops by oilisgood · · Score: 5, Interesting

    Also, many laptops have a button you can push that disables the built-in wireless feature until you hit that button again. Turning off the wireless connection when you are not using it also prevents this from being a problem.

    Best advice in the article...

    1. Re:Should be standard on all laptops and desktops by tunah · · Score: 4, Funny

      I hope he's not referring to the power button.

      --
      Free Java games for your phone: Tontie, Sokoban
    2. Re:Should be standard on all laptops and desktops by bot24 · · Score: 4, Informative
      This isn't really good advice in my opinion; if your computer's security is ready for the 21st century it won't be a problem at all. The only reasons this may be a vulnerability you should care about are:
      • You are not running a firewall
      • Your firewall doesn't block access to unsecured services
      • Your firewall makes exceptions solely based on IP subnets
      The no firewall design is great if your computer is on a secured wired network that uses IPv4 networking. However, secured networks should be defined as having:
      • No unsecured wireless access points
      • No WEP secured wireless access points
      • No internet-accessable computers
      • No internet-exposed computers that may contract any form of malware
      • A system that ensures that computers may only be used by the intended user
      • No possibility of a disgruntled workers or pranksters
      This effectively means that you should treat your local area network as you treat your internet connection unless you are only working on your personal home network consisting only of computers behind a network address translator, and exposing no services to the internet. With the coming of IPv6 network address translation should become less popular, and this method of securing your computers will become even more dangerous.
      Run a properly configured firewall on all your computers. Do not use services that do not require authentication or base their authentication off of IP subnets.
  3. Dont panic by Anonymous Coward · · Score: 5, Insightful


    FTA
    First of all, if you are running any kind of network firewall -- including the firewall that comes built in to Windows XP -- you won't have to worry about some stranger connecting to your laptop. In fact, I had to shut down my firewall for both of us to successfully conduct our test.

    its one of those "if you have no firewall and ignore all the alerts and warnings and have filesharing enabled and have a wifi card set to auto DHCP and an attacker is targeting you specifically" flaws

    yawn, seems like much ado over nothing, you have more chance dropping and breaking your laptop than you have of being exploited by this "flaw" and if you goto Starbucks (and support their disgusting business model) you deserve everything you get

  4. Encryption? by joepeg · · Score: 5, Interesting

    What if the laptop's last SSID required WEP or WPA (and has it configured in a profile)? Will it still connect if _less_ security is required?

    --

    ZEN is a prime number in base-36

  5. Security? by yobjob · · Score: 5, Funny

    Does anyone actually secure their wireless network? I actually have the problem that, on startup, my computer connects to my neighbour's wireless network instead of my own!

    --
    Czech language for absolute beginners
    1. Re:Security? by Lxy · · Score: 4, Funny

      No they don't. True story:

      I bought a new wireless card for Christmas. I was working on getting the madwifi stuff working in Debian and I decided not to set up my AP until I had my wireless card working. Besides, I'm a n00b to wireless under linux so I wanted to take appropriate precauitons.

      I got the card working, and iwlist brought up two APs in my neighborhood. One name "simpsons" and one name "zr45ytg" or something similar with WEP enabled. Not being 1337, I left the WEP one alone (for now) and decided to hop onto simpsons. As you can probably guess, I was given a private IP and internet access. A quick nmap showed two Windows machines connected, using smbclient I found an open printer share.

      Digging farther, I tried to log into the AP itself. Linksys WRT54G with, you guessed it, defult passwords. Oh, let the fun begin! I changed his SSID to "0wn3d" and sent the relevant sections of the Linksys WRT54G manual to his printer. This guy now should know how to set up WEP and change his admin password. He should also notice that his SSID changed.

      One week later, still broadcasting an SSID of 0wn3d, no WEP, and default admin password. Either he didn't get the message or he's illiterate. Oh well, free internet for me!

      --

      There is no reasonable defense against an idiot with an agenda
      :wq
    2. Re:Security? by David+Horn · · Score: 5, Insightful

      And suppose he doesn't want to have to worry about securing his wireless network if all he uses it for is checking the news on his laptop? Little scroats like you who think it's helpful to mess around with other people's equipment should be shot.

      If you're capable of doing that, why didn't you just print off something telling him his network was unsecure, include your phone number and offer to go over and sort it out for him? Let me guess, you're about 13 years old?

      I'm unfortunate enough to have one of those WRT54G access points, and due to a hardware flaw I can't run it with WEP *OR* WMA *OR* MAC filtering. I need to get a replacement, but right now I don't have the time to sort it out. So it's unsecured (but I did change the admin password.)

      What you need to do is try to help other people, rather than lord it over them. This is why anyone that works in IT is treated like shit, because end users assume we hate them and won't do anything to help.

      Get a life, and to hell with my karma.

      --
      PocketGamer.org - For the gamer on the go!
  6. RTFA - Nothing to See . . . Move Along by Anonymous Coward · · Score: 5, Insightful

    O.K. Folks, if you program your Linux laptop to connect to an ad-hoc network and broadcast SSIDs, this behaviour is going to occur on Linux too.

    This isn't just an MS Windows flaw . . . it is a flaw in the way that the administrators (users) manage the machines.

    I wish you all would quit pointing fingers. This isn't some kind of new thing.

    1. Re:RTFA - Nothing to See . . . Move Along by Fnord666 · · Score: 5, Insightful

      The point is that you would have to program your Linux machine to behave like this whereas the Windows machine comes configured this way by default.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  7. I'm sorry, this is old info by dangermen · · Score: 4, Informative

    This is old info and has been known for a while. Anyone having used Kismet or some other sniffer at a public place has see this.

  8. Connecting to a network is a vulnerability now? by m50d · · Score: 4, Interesting

    I mean, I know windows security is bad, but is it really considered a compromise to simply be on the same network as the attacker's machine?

    --
    I am trolling
  9. Err...vulnerability? by avalys · · Score: 5, Insightful

    I would hardly call this a vulnerability. You're certainly no more vulnerable if someone exploits this little "feature" than you are at any other time you're
    connected to a network.

    This is such a complete non-issue, it's like a freaking joke. Read the article - all a hacker might gain some this vulnerability is the ability to connect to your computer, as if it was still on a wireless network, after you've moved outside the range of an access point. Big deal. But the author and "discoverer" both talk about it like this is a remote root exploit or something. At one point, the author includes this little gem: "As Loveless pointed out, this "feature" of Windows actually behaves somewhat like a virus." Virus, my ass.

    What's with all the foaming-at-the-mouth hype about these minor little things lately? It's counterproductive - going beserk over every slight issue that might, in some fantastic combination of circumstances be a security problem, takes away attention from flaws that actually matter.

    --
    This space intentionally left blank.
  10. HELP! NIC works as intenden1?!!?!?!!? by vsync64 · · Score: 5, Funny
    Oh noes! If my network interface is up you can send me packets that I have to accept or reject?1!!?!? HWATEVER SHALL I DO PLEASE HELPE ME

    i have heard of an even worse vulnerabelity! if you hack yuor micthorwave oven to have teh door open it will JAM MY 80211 packets!!?!!?!!?!?!?!!?!

    Also risk of cooking!

    tell steve gibson of GRC he will save us

    --
    TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.