Windows 2000/XP Vulnerability for Wireless Laptops
Posted by Chris Leckness on 01/15/06 in Laptops, Wifi / Bluetooth
WashingtonPost.com is reporting that a new vulnerability was made public at ShmooCon yesterday for Windows 2000/XP laptops that have integrated wireless adapters.
For those who are unfamiliar with how Windows handles network (wired or wireless) connections, I’ll give a brief rundown. Assuming DHCP is enabled on the network that you’re connecting to, your computer will be assigned an IP address automatically. If your computer cannot find the DHCP server, then Windows will instead assign you a local/private IP address of 169.254.*.*. This is where the vulnerability comes into play.
If you are trying to connect to a wireless network and the DHCP server is not found, then Windows will assign you the private IP as noted above. At the same time, however, Windows will also tell your laptop to allow adhoc (PC-to-PC) wireless connections and to broadcast the SSID of the last wireless network that you connected to.
This means that regardless of your network’s security, anyone could come along and connect to that SSID in ad-hoc mode. Since your laptop is not on the network, the hacker would actually be connected straight to your computer.
So if you’ve got a secure wireless network, always make sure that your laptop is actually on the network. Otherwise, the security is completely pointless because of this vulnerability. Hopefully we’ll see a patch for this in next month’s Windows security updates, but I’m not holding my breath.
Source: WashingtonPost.com
Written by Chris Leckness · Filed Under Laptops, Wifi / Bluetooth
Tagged:
Did you like this post?
Share your vote!
(No Ratings Yet)
Leave a Reply