Brian Krebs of The Washington Post reports on a "a staggeringly simple but very dangerous wireless security problem" that impacts wireless-capable laptops running Windows XP or 2000 which, as Brian notes, "includes most laptops on the market today." The laptops not only remember the SSID from the last hotspot or wireless connection that was successful, once that connection is no longer available, they create an ad hoc network using the name of this SSID and an IP of 169.254.x.x - and broadcast it to any computers nearby. Other computers using that same name and IP range (accidentally or deliberately) can then connect to any susceptible machines in the area.
As with the recently discovered WMF exploit, this is not a bug - it's a 'feature'. Ironically, a Microsoft employee helped pen the actual RFC that specifies this type of dynamic local linking and the RFC specifically warns of the hazards of its use without proper security precautions.
The vulnerability was reported by Mark Loveless of Simple Nomad, at the second annual ShmooCon hacker conference. Simple Nomad has released an advisory for the Microsoft Windows Silent Adhoc Network Advertisement. The advisory also provides data collected during four U.S. flights and a layover at the Charlotte Douglas airport.
The Microsoft Windows Silent Adhoc Network Advertisement isn't the only security concern of which laptop users should be aware. Your best bet? Follow the tips outlined in Using Your Laptop at Starbucks: Is it Safe? to enjoy the freedom of wireless without being tethered by exploit.
As with the recently discovered WMF exploit, this is not a bug - it's a 'feature'. Ironically, a Microsoft employee helped pen the actual RFC that specifies this type of dynamic local linking and the RFC specifically warns of the hazards of its use without proper security precautions.
The vulnerability was reported by Mark Loveless of Simple Nomad, at the second annual ShmooCon hacker conference. Simple Nomad has released an advisory for the Microsoft Windows Silent Adhoc Network Advertisement. The advisory also provides data collected during four U.S. flights and a layover at the Charlotte Douglas airport.
The Microsoft Windows Silent Adhoc Network Advertisement isn't the only security concern of which laptop users should be aware. Your best bet? Follow the tips outlined in Using Your Laptop at Starbucks: Is it Safe? to enjoy the freedom of wireless without being tethered by exploit.
Comments
No comments yet. Leave a Comment