Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Insidious Wireless "Flaw" ?


  • Please log in to reply

#1
Johanna

Johanna

    The Leather Lady

  • Moderator
  • 3,038 posts

from here emphasis mine

Lurking threat for wireless laptops

  • By Louisa Hearn
    January 16, 2006 - 2:02PM

Windows security is once again in the spotlight, this time with a vulnerability in wireless laptop software stealing some of the limelight at an annual US hacker conference called ShmooCon.

The two-day convention held in Washington DC aims to tap into the collective expertise of hackers and security specialists. It is attended by about 500 hackers, technology professionals and law enforcement agents.

In a presentation at the conference, Mark Loveless, (aka Simple Nomad), a senior security researcher for Vernier Threat Labs and self-confessed hacker, revealed the wireless security flaw that has the potential to affect any laptop computer running a recent version of the Microsoft Windows operating system.

His address, which was detailed in a security blog on the Washington Post, divulged that Mr Loveless had successfully exploited the vulnerability on airline flights to gain access to Windows machines that other passengers were using.

The vulnerability was exposed on Windows XP or Windows 2000 laptops that were unprotected by a firewall, according to Mr Loveless.

Built-in wireless capabilities in the operating system are configured to search for any available wireless connections on start up, but when no wireless link is found then the software establishes an ad-hoc link to a local address.

This can then be exploited using a network connection on another computer that matches the name of the network that the target computer is broadcasting.

The two computers can then "associate" with one another on the same local network giving the attacker direct access to a victim's machine.

According the Washington Post blog, Microsoft was aware of the problem and said a fix would be released in its next scheduled service pack.

Windows security issues have figured prominently in the headlines this month. A new "high-risk" vulnerability associated with formatting images in Microsoft's Windows software emerged a fortnight ago for which the company has issued a patch.

The company also recently issued a similar patch for the Vista operating system which is currently in beta testing.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:tazz: Use firewalls and use passwords, people. IRL, there are more "hot spots" than you think, and you don't want to be one of them.

Johanna


  • 0

Advertisements


#2
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Thanks for posting that, Johanna -- I'm just glad I don't use wireless (laptops) :)
Very good info :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP