Good read, Cheek. Listening to a Security now podcast recently. wired LAN isn;t secure either....

Si

Very interesting TCM

Here is a direct link to the related video http://news.com.com/1606-2_3-6101573.html?tag=ne.vid

I wonder if this vulnerability bypasses software firewalls. Where it's the device drivers it just may.

Yeah. I watched it this morning, and reached out for the CAT5 lead!

Si

Edit;

check your intel wireless by clicking on the link below;

http://support.intel.com/support/wireless/wlan/sb/cs-005905.htm

Actually, I was referring to the link that Bluerinse gave. That video and associated link says that most wireless devices are vulnerable as there are so few manufacturers.

Unless I am really misunderstanding the implications from the way the hack was run it seems if you have your laptop set up to do war driving and to hook into any available AP then you're going to really be at risk with this thing. If you're not set up to create a connection to AP's other than ones you trust I don't see how you can get compromised nearly as easily as there has to be a connection made before the problem can be exploited as he demonstrated that he compromised the Apple by setting up the other laptop as an AP, connecting the Apple to the AP, and then used the AP to run the malware script against the client.. That seems to me then that the only vulnerable area is at startup or during roaming where the system scans for all available AP's.

If I'm misunderstand this then I'd like someone to point out how as I'm really curious about this one.

I think he mentions at the beginning of the video that the attacking laptop is only set up as an AP for ease of the demonstration and that the attack would work just as well if it wasn't acting as an AP.

Then that would mean all that is necessary is about the same amount of commuication that it took to spread the SQL Slammer worm. All that took to infect a machine was a udp packet or two. That's pretty scary as just about every laptop in existence is susceptible to this and there is no real defense until the manufacturers come up with new drivers.

Not just laptops but any wireless NIC.

The only good news is that although this vulnerability exists, the script kiddies don't yet know how to take advantage of it.

It's only a matter of time though.

Oh No!

I was about to set up a wireless Lan with some mates from the Neighbourhood. We have just made a ariel out of a pringles tube.

I did wonder if anyone could use the WIFI hotspot for surfing while we are playing UT2004.

I guess it's back to the drawing board!

I have just installed the latest Intel driver for my 2200BG, not sure if it will be any more secure than the last one!

Edit;

Cheek- I wouldn't let it spoil your fun; just make sure it is as secure as the hardware allows you to do so.

Si