XP laptop Wireless Security follow-up
Follow-up...
- http://www.informationweek.com/share...leID=196700135
Dec 15, 2006
"...The update fixes a long-standing security problem in Windows XP SP2, which starts an automatic scan for wireless networks when a laptop boots or powers up from hibernation. Windows' Wi-Fi client goes through a list of previously-used wireless networks, and if it finds one, connects. The convenience, however, is offset by possible "man-in-the-middle" attacks, where criminals monitor hotspot traffic and then dupe others' notebooks into connecting to their PC, which is posing as an access point. Once an attacker has tricked a user into connecting to the rogue hotspot, he can capture all wireless data, including passwords or other confidential information. "This update helps prevent a Windows wireless client from advertising the wireless networks in its preferred networks list," Microsoft said... When asked to explain why the patch was not distributed through Automatic Updates or posted to the Microsoft Update Web site, a company spokesperson did not directly respond, but only pointed out an October security advisory* that described an earlier edition of the fix. Microsoft typically follows up an advisory with an official patch deployed as a security update, but did not do so in this case. The advisory offers no additional explanation..."
* http://www.microsoft.com/technet/sec...ry/917021.mspx
-------------------------------------------------------------
http://www.f-secure.com/weblog/archi....html#00001052
"...Advertising the name of your preferred networks creates the potential for a man-in-the-middle attack. This patch won't stop your Windows notebook from using a spoofed network, but it will fix it so that the hacker would have to guess the name..."
-------------------------------------------------------------
Download: http://support.microsoft.com/kb/917021
Last Review: November 21, 2006
Revision: 3.2
...APPLIES TO:
• Microsoft Windows XP Service Pack 2, when used with:
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional...
:oops: