Culture

Microsoft quietly tackles known Wi-Fi flaw

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Dec. 13, 2006 4:23 p.m. PT

Earlier this year, security researchers publicized a known flaw with how Microsoft Windows XP SP2 implemented its wireless networking: Windows XP SP2 would automatically scan for wireless networks upon power-up, going through a list of known, previously associated networks.

On the one hand, this makes connecting to your home or office wireless networks a cinch. However, it also means that if you didn't change the default name broadcast on your Linksys router, every time you powered up your laptop in a new space (such as an Internet cafÃ½ or an airport waiting area), a criminal might be sitting nearby broadcasting with a rogue access point with the name "Linksys," in the hopes that you'll connect.

Once connected, the criminal could then act as a man in the middle, relaying your requests to the Internet via the criminal's PC (and perhaps recording strings of valuable data, such as your credit card info or bank login).

Microsoft has quietly posted an update found here. The update prevents a Windows wireless client on a laptop from advertising its preferred wireless network list to the world at large.

But the update appears to leave open the larger problem, which is having your laptop connect to a criminal rogue access point with the same default name as one of your preferred home networks. At least with the patch, the criminal can't see your preferred network list.