Microsoft quietly tackles known Wi-Fi flaw

Earlier this year, security researchers publicized a known flaw with how Microsoft Windows XP SP2 implemented its wireless networking: Windows XP SP2 would automatically scan for wireless networks upon power-up, going through a list of known, previously associated networks.

On the one hand, this makes connecting to your home or office wireless networks a cinch. However, it also means that if you didn't change the default name broadcast on your Linksys router, every time you powered up your laptop in a new space (such as an Internet cafý or an airport waiting area), a criminal might be sitting nearby broadcasting with a rogue access point with the name "Linksys," in the hopes that you'll connect.

Once connected, the criminal could then act as a man in the middle, relaying your requests to the Internet via the criminal's PC (and perhaps recording strings of valuable data, such as your credit card info or bank login).

Microsoft has quietly posted an update found here. The update prevents a Windows wireless client on a laptop from advertising its preferred wireless network list to the world at large.

But the update appears to leave open the larger problem, which is having your laptop connect to a criminal rogue access point with the same default name as one of your preferred home networks. At least with the patch, the criminal can't see your preferred network list.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.