from here emphasis mine
Lurking threat for wireless laptops
- By Louisa Hearn
January 16, 2006 - 2:02PM
Windows security is once again in the spotlight, this time with a vulnerability in wireless laptop software stealing some of the limelight at an annual US hacker conference called ShmooCon.
The two-day convention held in Washington DC aims to tap into the collective expertise of hackers and security specialists. It is attended by about 500 hackers, technology professionals and law enforcement agents.
In a presentation at the conference, Mark Loveless, (aka Simple Nomad), a senior security researcher for Vernier Threat Labs and self-confessed hacker, revealed the wireless security flaw that has the potential to affect any laptop computer running a recent version of the Microsoft Windows operating system.
His address, which was detailed in a security blog on the Washington Post, divulged that Mr Loveless had successfully exploited the vulnerability on airline flights to gain access to Windows machines that other passengers were using.
The vulnerability was exposed on Windows XP or Windows 2000 laptops that were unprotected by a firewall, according to Mr Loveless.
Built-in wireless capabilities in the operating system are configured to search for any available wireless connections on start up, but when no wireless link is found then the software establishes an ad-hoc link to a local address.
This can then be exploited using a network connection on another computer that matches the name of the network that the target computer is broadcasting.
The two computers can then "associate" with one another on the same local network giving the attacker direct access to a victim's machine.
According the Washington Post blog, Microsoft was aware of the problem and said a fix would be released in its next scheduled service pack.
Windows security issues have figured prominently in the headlines this month. A new "high-risk" vulnerability associated with formatting images in Microsoft's Windows software emerged a fortnight ago for which the company has issued a patch.
The company also recently issued a similar patch for the Vista operating system which is currently in beta testing.
Use firewalls and use passwords, people. IRL, there are more "hot spots" than you think, and you don't want to be one of them.