Windows Wireless Flaw Found
Microsoft Windows is under the scanner for security-related issues... once again. At "ShmooCon," the annual US hacker conference held in Washington DC, a vulnerability in wireless laptop software was high-lighted. Mark Loveless aka "Simple Nomad," senior security researcher, Vernier Threat Labs, and self-confessed hacker, revealed the wireless security flaw which has the potential to affect any laptop running a recent version of the Microsoft Windows operating system. According to Loveless the vulnerability is exposed on Windows XP or Windows 2000 laptops that are unprotected by a firewall. Apparently Loveless successfully exploited the flaw on airline flights, to gain access to Windows machines being used by other passengers. Built-in wireless capabilities in the operating systems of laptops powered by Windows XP or Windows 2000 are configured to search for any available wireless connections on start-up; but when no wireless link is found, the software establishes an ad-hoc link to a local address. This can then be exploited using a network connection on another computer, which matches the name of the network that the target computer is broadcasting. The two computers can "associate" with one another on the same local network, thereby giving the hacker direct access to a victim's machine. Microsoft reportedly is aware of this problem and has said that it will release a fix in its next scheduled service pack. Meanwhile suggested remedies to counter the problem are using a network firewall; turning-off the wireless connection when not in use; and changing the setting on the computer's wireless card to connect only to "infrastructure networks".
Reproduced from an article published by TechTree.com
© TechTree.com
The original article can be viewed here:
http://www.techtree.com/techtree/jsp/article.jsp?article_id=70674&cat_id=58...
Permalink Bookmark Digg this story
