Windows Wi-Fi patch could be long time coming

Microsoft has confirmed that there is a Wi-Fi security vulnerability in Windows XP, but it may not be fixed for as long as 18 months.

The flaw, within a Windows feature that automatically searches for a Wi-Fi network to connect to, was made public Saturday by security researcher Mark Loveless at hacker conference ShmooCon. It can be used by a hacker to gain access to files on a victim's laptop, Loveless said.

Microsoft said Wednesday that it had finished investigating this claim, and had found that there is scope for vulnerable Windows systems to be compromised. However, it said it does not plan to rush out a fix.

"Due to the design of this feature, the most appropriate method for adjusting the default behavior is in a future Service Pack or update rollup," Microsoft said in a statement.

On Tuesday, Microsoft revealed that it was not planning to release the next service pack for Windows XP, called XP SP3, until the second half of 2007. A service pack is a unified group of fixes and new features. An update rollup is typically a collection of previously released patches. Although it may include some new features, the advances are usually more limited than those found in a service pack.

Loveless told ShmooCon that when a PC running Windows XP or Windows 2000 boots up, it will automatically try to connect to a wireless network. If the computer can't set up a wireless connection, it will establish an ad hoc connection to a local address. This is assigned an IP address, and Windows associates this address with the SSID of the last wireless network the PC connected to.

The machine will then broadcast this SSID, looking to connect with other computers in the immediate area. The danger arises if an attacker listens for PCs that are broadcasting in this way and creates a network connection with that same SSID. This would allow the two machines to associate together, potentially giving the attacker access to files on the victim's PC.

Security experts said on Monday it's unlikely laptop users would be at risk if they had installed Service Pack 2 for Windows and enabled a local firewall.

Microsoft recommended on Wednesday that customers enable a firewall, get software updates and install antivirus software. Customers who believe they may have been affected can contact Microsoft Product Support Services via its Web site.

Tom Espiner of ZDNet UK reported from London.

[Mister C]

Holly Eavesdropping Batman!

My son, who is a computer security guy was helping a neighbor with her new laptop. Upon boot up he said hey look at this, there are 3 Wi-Fi's in the area and only one is secure. I could do what ever I want with the other 2. I wonder how many kids are out there going through peoples machine without the owners having a clue?

[206538395198018178908092208948]

Holly Eavesdropping Batman!

it is called wardriving, and yes you can connect and ********************************* are full, all they have is potentially a mac address, but how will anyone know what that is, if they did not bother to set up the AP properly??, how can they say it is me or you using it if your not connected for hours on end?? to get the mac address??

at my shop here i see 6 unsecured AP's and 4 maybe 1/2 secured systems, i can connect and get online to all the unsecured and 2 of the secured systems, and they would be clueless to begin with

[Mister C]

Holly Eavesdropping Batman!

My son, who is a computer security guy was helping a neighbor with her new laptop. Upon boot up he said hey look at this, there are 3 Wi-Fi's in the area and only one is secure. I could do what ever I want with the other 2. I wonder how many kids are out there going through peoples machine without the owners having a clue?

[206538395198018178908092208948]

Holly Eavesdropping Batman!

it is called wardriving, and yes you can connect and ********************************* are full, all they have is potentially a mac address, but how will anyone know what that is, if they did not bother to set up the AP properly??, how can they say it is me or you using it if your not connected for hours on end?? to get the mac address??

at my shop here i see 6 unsecured AP's and 4 maybe 1/2 secured systems, i can connect and get online to all the unsecured and 2 of the secured systems, and they would be clueless to begin with

[nicholasmiller]

It's called WiPhishing

I identified this problem some time ago and coined the phrase "WiPhishing" to describe it. Check out this link for a peice NBC Dallas did on it last year: http://cf.nbc5i.com/dfw/sh/videoplayer/video.cfm?id=4459208&owner=dfw Try sitting outside any office building with a $50 router or access point with an SSID of Linksys and see what happens, the results are shocking as usually within a short time, numerous laptops will start to automatically conect to it.

Also try Googling WiPhishing or check out www.cirond.com for more info.

The problem is actually potentially worse that the article describes, as if the user's laptop is connected to a wired network when it is WiPhished, the hacker can potentially acces not only the laptop but also the network to which it is connected. The bottom line is that whenever a wirelss laptop's wireless adapter is on, data on that laptop and data on a wired network to which it is connected are potentially at risk.

[Mister C]

Yikes!

Makes me want a Wi-Fi in my house so I can do my banking while I watch the Simpsons!

[nicholasmiller]

It's called WiPhishing

I identified this problem some time ago and coined the phrase "WiPhishing" to describe it. Check out this link for a peice NBC Dallas did on it last year: http://cf.nbc5i.com/dfw/sh/videoplayer/video.cfm?id=4459208&owner=dfw Try sitting outside any office building with a $50 router or access point with an SSID of Linksys and see what happens, the results are shocking as usually within a short time, numerous laptops will start to automatically conect to it.

Also try Googling WiPhishing or check out www.cirond.com for more info.

The problem is actually potentially worse that the article describes, as if the user's laptop is connected to a wired network when it is WiPhished, the hacker can potentially acces not only the laptop but also the network to which it is connected. The bottom line is that whenever a wirelss laptop's wireless adapter is on, data on that laptop and data on a wired network to which it is connected are potentially at risk.

[Mister C]

Yikes!

Makes me want a Wi-Fi in my house so I can do my banking while I watch the Simpsons!

[zaznet]

Manual Configuration.

This is why you want to manually configure your network and the devices that attach to it. It is easier to "plug and play" but very dangerous.

Configure your router, enable security options that require a key. Configure your comptuers to add the network and disable auto-joining other networks.

This is just one of those ease of use features that have constantly been a problem for PC users.

If you do not know how to set up the network, get someone to come over who does know how to do it.

[Mister C]

You hit the nail . . .

My son knows how to tighten things up (that's his job) but the girl he was helping sure doesn't. And I would be willing to bet, of the 3 systems he found the 2 that were open didn't either.

Couldn't there be a D/L patch that would shut this off by default? It sure seems to me that way to many systems are needlessly at risk.

[zaznet]

Manual Configuration.

This is why you want to manually configure your network and the devices that attach to it. It is easier to "plug and play" but very dangerous.

Configure your router, enable security options that require a key. Configure your comptuers to add the network and disable auto-joining other networks.

This is just one of those ease of use features that have constantly been a problem for PC users.

If you do not know how to set up the network, get someone to come over who does know how to do it.

[Mister C]

You hit the nail . . .

My son knows how to tighten things up (that's his job) but the girl he was helping sure doesn't. And I would be willing to bet, of the 3 systems he found the 2 that were open didn't either.

Couldn't there be a D/L patch that would shut this off by default? It sure seems to me that way to many systems are needlessly at risk.