CNET News.com: Windows Wi-Fi vulnerability discovered
"A Windows feature that automatically searches for Wi-Fi connections can be exploited by hackers, a security researcher has warned."
The vulnerability revolves around Windows 2000 or XP (pre XP2, which I installed today, for free) trying to connect up to whatever Wi-Fi is available upon booting. As usual, it is extremely easy to protect against this - for example, just enable IEEE 802.1x authentication and specify EAP parameters. Or, you can disable your wireless card until needed (which I also do so I don't get silly Windows messages). Or, just don't configure your system in "ad hoc" mode, but rather limit it to "infrastsructure" mode.
The real problem though is just like that faced with the Sony DRM fiasco. Microsoft ships its operating systems configured for ease of use, and this seems to open up security holes galore. It is typically fairly easy to overcome most of these security problems. However, the vast bulk of Windows users these days don't have a clue as to what is going on in their computers, and, thus, never know until much too late of their vulnerabilities and how easy it would have been to protect against them.
I see Microsoft going through the motions, as they did with the "WPA wireless security update" for Windows XP included in SP2. But, in the end, ease of use sells more computers (and thus, in their case, software) than does safety. So, I don't expect things to change.
The vulnerability revolves around Windows 2000 or XP (pre XP2, which I installed today, for free) trying to connect up to whatever Wi-Fi is available upon booting. As usual, it is extremely easy to protect against this - for example, just enable IEEE 802.1x authentication and specify EAP parameters. Or, you can disable your wireless card until needed (which I also do so I don't get silly Windows messages). Or, just don't configure your system in "ad hoc" mode, but rather limit it to "infrastsructure" mode.
The real problem though is just like that faced with the Sony DRM fiasco. Microsoft ships its operating systems configured for ease of use, and this seems to open up security holes galore. It is typically fairly easy to overcome most of these security problems. However, the vast bulk of Windows users these days don't have a clue as to what is going on in their computers, and, thus, never know until much too late of their vulnerabilities and how easy it would have been to protect against them.
I see Microsoft going through the motions, as they did with the "WPA wireless security update" for Windows XP included in SP2. But, in the end, ease of use sells more computers (and thus, in their case, software) than does safety. So, I don't expect things to change.
posted by Bruce Hayden at 6:20 PM
0 Comments:
Post a Comment
<< Home