[MLB-WIRELESS] Fw: [SNS Advisory No.60] Windows XP Disclosure of Registered AP Information
Steven Haigh
netwiz at optusnet.com.au
Fri Dec 6 14:39:21 EST 2002
Interesting read... There was also a followup that states:
It seems to me that two other steps can be taken to limit or prevent
this problem.
1. Do not use default SSIDs. As you set up a wireless network, change
the SSIDs and then change them on a regular basis after setup as part of
regular network maintenance.
2. Disable automatic association of "broadcast" SSIDs. The only folks
using an AP should be those "known" to you. Disabling the automatic
association allows you to remain in control.
Signed,
Steven Haigh
http://wireless.org.au
(Visit https://wireless.org.au to install our Root Certificate.)
----- Original Message -----
From: <snsadv at LAC.CO.JP>
To: <NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM>
Sent: Thursday, December 05, 2002 12:03 PM
Subject: [SNS Advisory No.60] Windows XP Disclosure of Registered AP
Information
> --------------------------------------------------------------------------
> SNS Advisory No.60
> Windows XP Disclosure of Registered AP Information
>
> Problem first discovered: 30 Aug 2002
> Published: 4 Dec 2002
> http://www.lac.co.jp/security/english/snsadv_e/60_e.html
> --------------------------------------------------------------------------
>
> Overview:
> ---------
> Windows XP's wireless LAN feature may disclose registered access points
> information.
>
> Packets encrypted with WEP could be sent out even if the radio wave of
> the original access point does not propagate well.
>
> There is a risk that the list of SSID values assigned to registered
> access points and the packets encrypted with WEP may be intercepted and
> decrypted.
>
> Problem Description:
> --------------------
> Windows XP machines utilizing wireless LAN automatically search for
> available access points. If not found, requests are continuously sent
for
> already registered access points available until connection is achieved.
>
> If an access point with the same SSID as of an access point already
> configured for XP is installed, Windows XP will recognize it as the same
> access point. Windows XP will then encrypt packets with WEP and start
> transmission.
>
> Information regarding registered SSIDs can be obtained from available
> inquiry packets by using a packet monitoring tool for wireless LAN.
>
> Additionally, packets encrypted with WEP of any registered access point
> for Windows XP machines can also be intercepted by establishing an
access
> point with the same SSID.
>
> As the functions to search for available access points and to send
> inquiry requests are always enabled, Windows XP machines using wireless
> LAN feature will leak SSID information of registered access points if
> they cannot establish a connection with an available access point.
>
> In addition, WEP is susceptible to some already known vulnerabilities.
> Data encrypted with 40-bit keys can be decrypted through brute force
> attacks in a short period of time. In the case of 104-bit encryption
> use, it has been reported that data can be decrypted in approximately
two
> weeks.
>
> Consequently, sending out packets encrypted with WEP is not a
recommended
> security practice in an environment where the original access points are
> not available.
>
> Refer to the following URL for explanatory figures:
> http://www.lac.co.jp/security/english/snsadv_e/60_e.html
>
> Solution:
> ---------
> Disable the wireless LAN function of Windows XP and use drivers made
from
> third-parties that are not susceptible to the problem described above.
>
> Discovered by:
> --------------
> Nobuo Miwa n-miwa at lac.co.jp
>
> Vendor Status:
> --------------
> After carrying out discussions with the Security Response Team of
> Microsoft Asia Limited, who was informed about this issue on August 30,
> 2002, the conclusion drawn was that the problem was related to the
> software specification. Therefore, consent from the Security Response
> Team of Microsoft Asia Limited was obtained to publish this advisory.
>
> Acknowledgements:
> -----------------
> Security Response Team of Microsoft Asia Limited
>
> Disclaimer:
> -----------
> All information in these advisories are subject to change without any
> advanced notices neither mutual consensus, and each of them is released
> as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
> caused by applying those information.
>
> ------------------------------------------------------------------
> SecureNet Service(SNS) Security Advisory <snsadv at lac.co.jp>
> Computer Security Laboratory, LAC http://www.lac.co.jp/security/
>
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> Delivery co-sponsored by TruSecure Corporation
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
> Demonstrate your knowledge and understanding of core IT Security, become
> TICSA certified.
>
> Are you responsible for IT security in job function, but not necessarily
> in title? Do you want to prove your IT security knowledge and increase
> opportunities? Interested? Visit;
>
> http://www.trusecure.com/solutions/certifications/ticsa/
>
> for more information.
>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
>
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list