On CBS MoneyWatch: Which Credit Cards are Best?
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 12 of 38:
Next »
« Previous
And they can still be heard apologising
"You have to go out of your way to use peer-to-peer Wi-Fi"

The example given was someone using a Wi-Fi access point at
say Starbucks then turning their computer on elsewhere.
Windows will try to reconnect and when it fails will publish the
SSID of the last connected network (e.g. Starbucks) whilst setting
up its own peer-to-peer ip network.

This is dumb, I don't know why you're apologising for it. MS has
acknowledged it is a flaw and has said it will be fixed in an
upcoming patch.

WEP and WPA is also not a consideration as connecting to public
access points usually have neither.

As far as the "firewall will protect" people argument is concerned
it has a failure. If the users has opened ports (say because the
are using file and print sharing or Internet Connection Sharing)
these ports become accessible opening significant potential
attack vectors.

Yet another windows problem, and the funny thing is that RFC
for link local. discussed the risks and was co-authored by a MS
employee:

"NOTE: There are certain kinds of local links, such as wireless
LANs, that provide no physical security. Because of the
existence of these links it would be very unwise for an
implementer to assume that when a device is communicating
only on the local link it can dispense with normal security
precautions. Failure to implement appropriate security
measures could expose users to considerable risks."

http://blogs.washingtonpost.com/securityfix/2006/01/
windows_feature.html
Posted by: Richard Flude   Posted on: 01/17/06 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Rep told us not to worry...  Mike Cox | 01/16/06
How much do you weigh?  TheCrow_z | 01/16/06
Why bother questioning Mike?  Grayson Peddie | 01/16/06
guess his weight...  linuxoverwindows | 01/17/06
Nothing discovered here  george_ou | 01/16/06
Question about this "vulnerability"  NonZealot | 01/16/06
Any kind of authentication would defeat it  george_ou | 01/17/06
using my wireless ap as a reference point...  linuxoverwindows | 01/17/06
time was estimate...  linuxoverwindows | 01/17/06
Thanks for that info! (NT)  NonZealot | 01/17/06
Try a distributed Beowolf setup  cburgess-iPALADIN | 01/21/06
And they can still be heard apologising  Richard Flude | 01/17/06
interesting article.  linuxoverwindows | 01/17/06
True so true  I'm Ye, the MS SHILL . | 01/17/06
true  linuxoverwindows | 01/17/06
My laptop is already secure by now.  Grayson Peddie | 01/16/06
I'm glad I don't use wi-fi.  HypnoToad | 01/16/06
I can't believe how much press this is getting  toadlife | 01/16/06
Fly in the soup  cburgess-iPALADIN | 01/21/06
Wi-Fi  ipfresh@... | 01/17/06
Windows is a gaping security hole  Chad_z | 01/17/06
There's a gaping hole, allright...  John Zern | 01/17/06
Re: Gaping Hole  BXLE | 01/17/06
should be more like...  linuxoverwindows | 01/17/06
smashed  Shelendrea | 01/17/06
Funny thing is...  SGT_Spam | 01/17/06
Oh, really?  Chad_z | 01/17/06
I bet you don't have Norton in your computer.  Grayson Peddie | 01/18/06
The Chicken Little Syndrome  Wolfie2K3 | 01/17/06
SP2  SGT_Spam | 01/17/06
Wi-Use Windows Wi-FI?  IT_Guy_z | 01/17/06
OEM Utility  SGT_Spam | 01/17/06
Not entirely new but none the less a serious problem  nicholasmiller | 01/20/06
Very good  cburgess-iPALADIN | 01/21/06
RIM  garryg24 | 01/24/06
Stopping Bogus Software Patents  roedy | 01/24/06
Patent Vultures  datadoc_z | 01/24/06
R.I.M. patent infringement.....  rickhal | 02/14/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads