Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 7 Can Create Rogue Wi-Fi Access Point

Posted by timothy on from the feature-not-bug dept.

alphadogg writes "Windows 7 contains a 'SoftAP' feature, also called 'virtual Wi-Fi,' that allows a PC to function simultaneously as a Wi-Fi client and as an access point to which other Wi-Fi-capable devices can connect. The capability is handy when users want to share music and play interactive games. But it also can allow on-site visitors and parking-lot hackers to piggyback onto the user's laptop and 'ghost ride' into a corporate network unnoticed." While this means a bit more policing for networks meant to be locked down, it sounds like a good thing overall. Linux users, meanwhile, have had kernel support (since 2.6.26) for 802.11s mesh networking, as well as Host AP support for certain chipsets.

14 of 123 comments (clear)

  1. Hard shell, gooey centre security obsolete by anti-NAT · · Score: 4, Insightful

    De-perimeterization (perimeter erosion) Explained

    Distributed Firewalls

    --
    The Internet's nature is peer to peer - 20050301_cs_profs.pdf
  2. Serious issues found with X by Josh04 · · Score: 5, Insightful

    Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

    1. Re:Serious issues found with X by goldaryn · · Score: 5, Insightful

      Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

      True. Incompetent users are the problem irrespective of platform. Never forget - computers do what you tell them to do, not what you meant them to do

      Watch us both get modded down now

    2. Re:Serious issues found with X by recoiledsnake · · Score: 2, Insightful

      Slashdot reported on it earlier, then it was complaining that it wasn't finished. Now it's complaining that it can be made to work.

      http://mobile.slashdot.org/story/09/11/03/1649246/Unfinished-Windows-7-Hotspot-Feature-Exploited?from=rss

      "It wasn't all that long ago that Microsoft was talking up the Virtual WiFi feature developed by Microsoft Research and set for inclusion in Windows 7, but something got lost along the road to release day, and the functionality never officially made it into the OS. As you might expect with anything as big and complicated as an operating system though, some of that code did make it into the final release, and there was apparently enough of it for the folks at Nomadio to exploit into a full fledged feature. That's now become Connectify, a free application from the company that effectively turns any Windows 7 computer into a virtual WiFi hotspot — letting you, for instance, wirelessly tether a number of devices to your laptop at location where only an Ethernet jack is available, or even tether a number of laptops together at a coffee shop that charges for WiFi."

      --
      This space for rent.
    3. Re:Serious issues found with X by natehoy · · Score: 4, Insightful

      No, a VENDOR who wants to sell you lockdown software is complaining that it can be made to work.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    4. Re:Serious issues found with X by hairyfeet · · Score: 2, Insightful

      You know, I always wondered why /. never points that out in TFA, because you would think that would be pretty relevant to the discussion. company with vested interest in selling you solution A says product B is insecure, therefor you need to buy solution A.

      From reading TFA (I know, but I got bored) it sounds like pretty much anything that connects to anything is gonna be labeled insecure by this guy, as it gives him a reason to sell you solution A. But pretty much any business should have figured out by now with things such as wardriving that wireless needs to be locked down, yes? Given the fact that MSFT has always been good about having just about every feature and piece of software that comes with Windows easily locked down via group policies, I don't see what the big whoop is. I'm sure Windows 7 Enterprise and Business has group policies for turning this off without requiring solution A.

      But any technology can be exploited if used incorrectly or just left unlocked for anyone to use. It will always have to be locked down by the IT department before deployment if they don't want to be pwned and are actually worth the money they are being paid. How exactly is this news again?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    5. Re:Serious issues found with X by hairyfeet · · Score: 4, Insightful

      While all that you say is true, from what I understand (and I could be wrong) Windows doesn't have this activated by default, you have to turn it on. Any Linux install has the capacity to be an unsecured server, just hanging out there in the breeze for anybody to infect. We don't say that is a bad thing though, do we?

      MSFT added a feature. Now this feature, which could be very handy for those that need to share files or want to set up a quick gaming LAN, can be misused and cause security problems. That a handy OS feature can be misused and cause a security problem applies to just about every single program that can access the net. As for corporations? Well if they pay bottom dollar and and only hire the cheapest most underpaid flunky they can get to save a few buck, and they get pwned, I should care....why exactly? Good things cost good money, the same goes for people. if a company is so badly run that this single feature can completely turn their network security into a house of cards I think they have bigger problems, don't you agree?

      In the end the whole TFA felt to me like creating a bogeyman for them to defeat with their super neato security product. But you and I know security doesn't come in a can. it isn't some product you can just slap on the network and all is well. Security is an ongoing process, that must be planned, implemented, and adapt with changing conditions. And that all needs competent staff to implement correctly. in the end companies that go for bandaids like the TFAs product (which may be good for all I know) will end up failing miserably when some fool on their network does something stupid. This feature won't kill any networks, piss poor admins and security policies that don't exist will take care of that all by themselves, thanks.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  3. No biased reporting here on /. Just the facts. by DiamondGeezer · · Score: 4, Insightful

    I don't participate much in the bore-a-thon dick-measuring contest called "Windows v Linux" on /. but for the record, its crap reporting to claim that Windows 7's "SoftAP" is a "rogue" which allows "ghostriding" while Linux's "802.11s mesh networking" is somehow better because it pre-dates Windows 7 when it allows the same problem which needs to be policed.

    I have lots of criticisms of Windows generally and I run XP and Kubuntu, but SoftAP is a network management issue for corporate networks, not a "rogue".

    --
    Tubby or not tubby. Fat is the question
    1. Re:No biased reporting here on /. Just the facts. by maxrate · · Score: 2, Insightful

      I couldn't agree with you more - seems a good few of the /. linux user base has 'something to prove' quite often. It gets old real quick. I just wish it would end.

    2. Re:No biased reporting here on /. Just the facts. by kevingolding2001 · · Score: 4, Insightful

      Also, how many corporate machines are running with wireless cards?

      More than you might think. At my work they issue everybody with laptops. They all have inbuilt wireless.

    3. Re:No biased reporting here on /. Just the facts. by ChunderDownunder · · Score: 2, Insightful

      Quite a number. Perhaps not your average cubicle-slave but certainly those in 'client-facing roles' and those encouraged to take work home with them (read unpaid overtime). If security is lax, don't underestimate teenage children in re-enabling features on their parent's work laptop. Then there's consultant teams hired on a project basis that bring their own hardware and aren't subject to internal re-imaging of machines.

  4. What is this crap by CSHARP123 · · Score: 5, Insightful

    Any OS will have problems if used incorrectly. This biased reporting is BS. It needs to stop.

  5. Re:Linux Treats You Like An Adult.... by CannonballHead · · Score: 2, Insightful

    Yes, it's that simple... and for most people, they don't want to research all that.

    And if Linux wants to be popular with those people, it's going to have to change a bit.

    It's more than knowing how a computer works. The only thing you're talking about right now is software. You're not talking about having to know how a graphics card works in order to use it. You're talking about software configuration. But the problem I have with your simplistic explanation is this: for most people, a generic configuration does work nicely.

    And allow me to say I'm glad "Linux" didn't make my digital camera. I'd hate to have to go research on forums just to figure out how to take a picture at a different resolution than it was set at ;) Joking aside, I'm somewhat serious. Most people want to research how to configure things they like working on. Most people don't like working on the computer... most people like working on something ELSE on the computer.

  6. Re:Easy Solution by DavidD_CA · · Score: 4, Insightful

    Group Policy can disable this for all domain users in one click.

    And even if left on, what admin would allow a non-authenticated user access to anything on the network?

    Besides, if I had enough access to a machine to turn this feature on, couldn't I just take control of it via traditional means? Why bother.

    --
    -David