Hackers have exposed details of a previously undocumented flaw in
Microsoft's handling of
Wi-Fi which affects users of Windows 2000 and XP.
The vulnerability was detailed at the
Shmoocon hackers
conference in Washington DC by self-confessed hacker Mark Loveless, (aka
Simple Nomad), a senior
security researcher for
Vernier Threat Labs.
Loveless explained that the issue centres on the way in which the operating
systems look for wireless networks during start-up.
When a Wi-Fi equipped laptop starts up using Windows 2000 or XP it
immediately starts scanning for wireless networks. If none is found it sets up
an ad hoc link using the name of the last wireless network accessed.
If a hacker was aware of the last used network ID, for example knowing the
name of a corporate Wi-Fi network address, it could be used to establish a
direct local link with the Windows PC offering access to all local drives.
However, the problem only arises if the target machine is not running a
firewall. One of the changes in Windows XP SP2 turns the built-in firewall on by
default.
Microsoft is aware of the problem, according to a report in the
Washington Post, and has promised a fix in the next Windows service
pack.
Do you agree?
Have your say on this article