Possible and probably Windows wireless flaw

People find vulnerabilities in Windows machines all the time, but most of them are discovered under very specific, almost lab-like conditions. Trying to re-create the problem in an “everyday use” scenario is often difficult (particularly for the average user), but the latest Windows wireless vulnerability, discovered by Matt Loveless, is anything but irreplicable.

Do something as simple as connect at a Starbucks T-Mobile Hotspot, and next time you go out looking for a connection, someone could be connecting to you. WIndows broadcasts the last SSID it connected to when out looking for new ones. A hacker close by can capture that name, set their computer to the same, and connect to your machine without warning.

Imagine how many people last connected to the largest competitor to those paid HotSpots – that ubiquitous WiFi provider called “linksys.”

Comments

If you don’t let windows manage your wireless connections are you still vulnerable?

Interesting question, for which I don’t have an answer (as I don’t have a Windows laptop to play with anymore). However, I would suspect that would depend on the card and associated software. Most that I have seen add diagnostics and other simple controls, but still maintain inventories of all access points you have connected to – how they treat them is another matter.