At the annual US hacker conference called ShmooCon in Washington, self-confessed hacker and senior security researcher for Vernier Threat Labs Mark Loveless (aka Simple Nomad) released information about how a Windows-based laptop with built in wireless capabilities can be attacked. The laptop should be running Windows XP or 2000, have built-in wireless functionality and the firewall software deactivated. The flaw could allow a hacker’s computer to pose as a local area network, and wirelessly associate with the victim’s system, effectively gaining direct access to its hard drive.
The flaw is related to the built-in wireless capabilities in the operating system, which are configured to search for any available wireless connections on start up. If no wireless link was found, the software establishes an ad-hoc link to a local address. This can then be exploited using a network connection on another computer that matches the name of the network that the target computer is broadcasting.
According to the Washington Post, the specifications for this Windows feature detailed in a technical document entitled "RFC 3927," were actually written in part by a Microsoft employee named B. Aboba.
Microsoft has acknowledged the vulnerability and said it would release a patch to change the default configuration in its next scheduled service pack.
|
