Zeroconfig: zerotrust (and pod my ride)

In today's IT Blogwatch, we look at a new Windows vulnerability -- this time in the WiFi configurator. Not to mention adding iPod integration for factory car radios...

Attackers could exploit a bug in the Windows WiFi "zeroconfig" tool, under certain circumstances. Simple workaround: disable ad-hoc mode, or just use a different wireless configurator. Jaikumar Vijayan says that Microsoft is "downplaying" the problem: "A design flaw in Windows XP and Windows 2003 systems with built-in wireless capabilities could be exploited by hackers to lure Wi-Fi users into connecting to malicious wireless networks ... Such a situation could arise, for example, when a laptop user with a wireless setup at home uses the laptop somewhere else ... The company plans to release an update fixing the default configuration in a future service pack or security update rollup."

» Our own Martin McKeay writes in his own blog: "Microsoft has confirmed the wireless flaw found by Simple Nomad [Mark Loveless] and disclosed at Shmoocon. They don't have a patch yet, but they do have several suggestions for mitigating the threat. Paul at Pauldotcom has some more information about the tools that can be used to take advantage of the wireless flaw as well as several suggestions for protecting yourself. Personally, I  keep my wireless card disabled unless I have a specific need for it." [Ditto -- your humble blogwatcher's lappy has a an actual button to turn on the wireless]

» Brian Krebs: "I set up an ad hoc wireless network connection on my Windows XP laptop named 'hackme' ... within a few seconds of hitting 'Ok' to create the network, my laptop was assigned a 169.254.x.x address. A few seconds later, Loveless could see my computer sending out a beacon saying it was ready to accept connections from other computers that might also have the 'hackme' network pre-configured on their machines. Loveless then created an ad hoc network with the same name, and told his computer to go ahead and connect to 'hackme.' Voila! His machine was assigned a different 169.254.x.x address and we both verified that we could send data packets back and forth to each other's computer. Here's the really freaky part about all this: No more than five minutes after I had deleted the 'hackme' network ID from my laptop, Loveless and I spotted the same network name being broadcast from another computer that didn't belong to either of us. Turns out, someone else at the hacker conference was trying to join the fun."

» Nightwish, Arstechnica: "Not every Windows XP computer is at risk, though ... Paul Wood, a security expert with MessageLabs, claims that Windows XP Service Pack 2 PCs are safe. PCs that are not using Service Pack 2 should do one of the following:

• Install a personal firewall
• Disable Wi-Fi when not in use
• Specifically disable peer-to-peer wireless functionality
• Block ports 135, 137, 138, and 139 from accepting NetBIOS connections"

» The Land of Ozz takes a different view: "News flash ... Simply having an IP address on the same IP segment does not constitute hacking a computer as this article suggests. The meat of the story was skipped to satisfy the fear of the general population. In order to gain access to the target Windows computer remotely you must also gain user rights on that computer which requires using software that is not included on Windows computers." [Ah yes, but it opens up the possibility of a man-in-the-middle attack]

Buffer overflow:

• DrunkenData: Whistleblowers and SOX
• Brian Krebs: Service Pack 3? Maybe Next Year
  
• Loosely Coupled: What should an SOA repository look like?
• Philip Letts:  Livedoor shares suspended
• Demian Entrekin: Will Project Management Survive?
• Lewis R Cunningham: Oracle Databases: Starting a Career, Part 1
• Brad Anderson: What about end users?
• Paul Murphy: Why CERT should be decertified
• Ed Felten: How Would Two-Tier Internet Work?
• Douglas Schweitzer: Best practices for safe computing is key
• Martin MC Brown: Not a new software suite company on the block
• Martin McKeay: What are you listening to?
• Robert L. Mitchell: Earthquakes, 9/11 and the shaky truth about raised floors
• Tony Asaro: Storage Jamboree
• Shark Tank: Who ya gonna trust?
• Martin MC Brown: The future of online reviews?

And finally... iPod integration for factory car radios

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk. Also contributing to today's post: Judi Dey, our very own Antipodean.