All the latest UK technology news, reviews and analysis
|
|
|
16 Jan 2006
Hackers have exposed details of a previously undocumented flaw in Microsoft's handling of Wi-Fi which affects users of Windows 2000 and XP.
The vulnerability was detailed at the Shmoocon hackers conference in Washington DC by self-confessed hacker Mark Loveless, (aka Simple Nomad), a senior security researcher for Vernier Threat Labs.
Loveless explained that the issue centres on the way in which the operating systems look for wireless networks during start-up.
When a Wi-Fi equipped laptop starts up using Windows 2000 or XP it immediately starts scanning for wireless networks. If none is found it sets up an ad hoc link using the name of the last wireless network accessed.
If a hacker was aware of the last used network ID, for example knowing the name of a corporate Wi-Fi network address, it could be used to establish a direct local link with the Windows PC offering access to all local drives.
However, the problem only arises if the target machine is not running a firewall. One of the changes in Windows XP SP2 turns the built-in firewall on by default.
Microsoft is aware of the problem, according to a report in the Washington Post, and has promised a fix in the next Windows service pack.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
My client is a well established, non profit organisation;...
PHP Web Developer – £30,000 - £35,000 PHP, MySQL, HTML...
HEAD OF DIGITAL - London - £80-95K + Excellent Bens...
Agile C# Developer - (North London) £55,000 - £65,000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
True
Very true, windows firewall will prevent such intrusions and so will 3rd party version. Most people disable WiFi as it is not needed for general use
Posted by: Mihai G. 17 Jan 2006
Hackers can do more than this!!!
I have seen the same problems in our computers in Addis Ababa University.The problem initially comes due to lower security level of the inventor of windows XP programs.So it is a new lesson before starting to introduce a new technology we should establish a good security system.
Posted by: Muluken Aschale 17 Jan 2006
MS messed up
No, it's definitely Microsoft's fault: http://www.nmrc.org/pub/advise/20060114.txt
Posted by: big sigh 17 Jan 2006
This is not new!
This is not new! It has been happening for at least 2-4 years now and is well known in the hacker and security communities. It's hardly a Microsoft issue either. The issue is primarily with the Wireless NIC Manufacturer - or really the manufacturer of the driver - as they are the ones who create the defaults in the WNIC driver to stay on and search for other WNICs to attach to.
Posted by: Dean F 16 Jan 2006
Clearly Microsoft Is At Fault
Its clear that Microsoft is to blame for every security flaw and hole ever discovered. Talk to any security expert and they will let you know that the evil dictators in Redmond are responsible for every hole, flaw, and exploit ever. Microsoft is well known for surgical and neurological operations on Windows users to ensure that Windows users leave firewalls turned off, set their password to "password" (or use some combination of Christian dogma, and/or their children's names), routinely leave their fly down, and dramatically underfund the Department of Homeland Security. It's true! I read it here, and on slashdot, so it must be proven in fact!
Posted by: Mistah MG 16 Jan 2006
Wireless on flights?
I thought this was not allowed except before and after takeoff.
Posted by: Mark 16 Jan 2006
Not New
It may not be new to experts, but it is new to the layperson. Either way, it deserves attention. Also, hate to bust your bubble, but it is a Microsoft problem. It was a Microsoft programmer who coded this behavior.
Posted by: Dan 16 Jan 2006