[ISN] Bad Karma for Wi-Fi on Windows?
isn at c4i.org
Fri Jan 27 05:13:22 EST 2006
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
DSRAZOR for Windows
1. In Focus: Bad Karma for Wi-Fi on Windows?
2. Security News and Features
- Recent Security Vulnerabilities
- Least-Privileged User Accounts on Windows XP
- LANDesk Augments Security with Business Process Management
- Time to Patch QuickTime
3. Security Toolkit
- Security Matters Blog
- Security Forum Featured Thread
- New Instant Poll
- Share Your Security Tips
4. New and Improved
- Passwords on a Stick
==== Sponsor: DSRAZOR for Windows ====
Q: Are you looking for an easy and reliable way to audit your AD? Do
you need a tool that will generate baseline and comprehensive reports
for your auditors?
A: DSRAZOR is your answer. DSRAZOR can easily export your results to a
format that will satisfy even the most demanding auditors.
Q: Looking to replace the native group membership reporting tools? Do
you need a tool to identify group membership security trustees?
A: With DSRAZOR, you can simply and quickly get the group membership
and security trustee reports that you need.
Customized solutions, support & teamwork.
This is how DSRAZOR helps you manage your Active Directory and Windows
Schedule Your FREE Interactive Assessment Today!
==== 1. In Focus: Bad Karma for Wi-Fi on Windows? ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
At the recent SchmooCon conference in Washington, D.C., Mark Lovelace
(aka Simple Nomad) described an interesting behavior of Wi-Fi
connectivity in Windows Server 2003, Windows XP, and Windows 2000. In a
subsequent advisory (at the URL below), Lovelace points out that "If a
laptop connects to an ad-hoc network it can later start beaconing the
ad-hoc network's SSID as its own ad-hoc network without the laptop
owner's knowledge. This can allow an attacker to attach to the laptop
as a prelude to further attack."
There are workarounds to help ensure this doesn't happen to your users'
computers. The best solution is to configure the network connections
(by using the Wireless Network Connection applet) so that they connect
only to Access Points (APs), which will prevent any connections to ad
hoc networks. You'll find step-by-step instructions in Lovelace's
Lovelace checked during various airplane flights to see how many
laptops were available via Wi-Fi connectivity and how many of those
were vulnerable to remote compromise or were open enough to allow files
to be copied to and from their drives. On one flight, 12 laptops were
available, and of those 12, 5 were broadcasting ad hoc networks and 4
were completely vulnerable to intrusion.
These numbers suggest that many people might have had their personal
data copied during in-flight use of their laptops. Of course, a decent
firewall would make such intrusion much more difficult to accomplish.
But many people don't have adequate protection in place.
I recently learned about a new Wi-Fi client security assessment tool
called KARMA. KARMA clearly shows the dangers of wireless networking
given today's technology. Dino A. Dai Zovi, one of the developers of
KARMA, wrote that "Windows and Mac OS X probe for every network in the
preferred/trusted networks list upon boot up and [when] waking from
sleep. Under Windows the entire list is [probed continually] when the
machine is not currently associated to a wireless network." And that's
bad news for Windows users when a tool like KARMA is in use, even if
you use the workarounds described in Lovelace's advisory.
Here's why: KARMA uses a modified Wi-Fi driver on Linux and FreeBSD
systems to establish a wireless AP. KARMA operates in stealth fashion--
it doesn't send out beacons advertising its presence. Instead, it
monitors the airwaves listening for wireless client probes that are
looking for a particular AP by its SSID. When KARMA detects a probe, it
responds to the client as if it were the sought-after AP. That is to
say, KARMA changes its SSID on the fly and mimics a host AP. This
effectively lures unsuspecting Wi-Fi users into KARMA's wireless
network. KARMA also includes a framework that can be used to develop
exploits for use against vulnerabilities in connected client systems.
According to Zovi, "[KARMA] revealed vulnerabilities in how Windows XP
and Mac OS X look for networks, so clients may join even if their
preferred networks list is empty." Zovi also said that Apple already
issued an update (at the URL below) to correct the problem. Microsoft
intends to correct this behavior in an upcoming service pack or update
rollup package. For XP, that could mean Service Pack 3 (SP3), due out
sometime in late 2007.
In the meantime, you might want to get a copy of KARMA (at the URL
below) and try it out on your wireless clients. As best I can tell,
right now the only way to defend against a tool like KARMA is for
wireless clients to require authentication when connecting to APs.
==== Sponsor: Klocwork====
IMPROVE SOFTWARE QUALITY AND REDUCE COSTS
New White Paper from Klocwork: Improve software quality and reduce
life-cycle costs by incorporating Static Analysis tools into your
routine development processes. Results: More maintainable code, more
secure, reliable software and a more predictable development process.
Download White Paper: http://list.windowsitpro.com/t?ctl=1EEB2:4FB69
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
Least-Privileged User Accounts on Windows XP
After a subtantial amount of beta testing, Microsoft published a
document that can help administrators who want to implement least-
privileged user accounts (LUAs) on Windows XP. However, implementing
LUAs could come with significant costs and challenges.
LANDesk Augments Security with Business Process Management
LANDesk announced that it will integrate business process management
into its systems and security management solutions with the acquisition
of privately held NewRoad Software.
Time to Patch QuickTime
Windows metafiles don't represent the only recently discovered
dangerous media file vulnerabilities. Apple released an updated version
of QuickTime that fixes five dangerous vulnerabilities.
==== Resources and Events ====
WEB SEMINAR: Learn to gather evidence of compliance across multiple
systems and link the data to regulatory and framework control
20% off for All Windows IT Pro Subscribers!
Learn how SOA doesn't require investments in new technology to
deliver immediate and lasting bottom-line results. Attend Developing
Service Oriented Architecture, February 20-22 in Orlando.
WHITE PAPER: Optimize your existing Windows Server infrastructure with
the addition of server and storage consolidation software and
WEB SEMINAR: Get the tools, tips, and training that you need to avoid a
messaging meltdown when an outage strikes. View this seminar today:
WEB SEMINAR: Learn how to leverage new features in SQL Server 2005 to
greatly extend your existing backup and restore capabilities.
==== Featured White Paper ====
WHITE PAPER: Evaluate the costs of losing information and learn what
real-time information management means and how to accomplish it in your
==== Hot Spot ====
The Starter PKI Program
Do you need to secure multiple domains or host names? In this free
white paper you'll learn how the Starter PKI Program will benefit your
company with timesaving convenience. Plus--you'll get the chance to
actually test the program!
==== 3. Security Toolkit ====
Security Matters Blog: New Version of Nmap Recently Released
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1EEB1:4FB69
You undoubtedly have Nmap in your security toolkit--it's an incredibly
useful scanning and auditing tool for nearly any platform, including
Windows, Linux, BSD Unix, Mac OS X, Solaris, and more. Do you have the
latest version? Learn about some of the cool features in this blog
by John Savill, http://list.windowsitpro.com/t?ctl=1EEAE:4FB69
Q: How can I monitor registry activity during logon and logoff?
Find the answer at http://list.windowsitpro.com/t?ctl=1EEAC:4FB69
Security Forum Featured Thread: List All Shares a User Has Access To
A forum participant wonders if there's a way to list all the shares
a given user has access to. His servers have dozens of shares, and he'd
like to start auditing those shares for access privileges per user but
doesn't know how. Join the discussion at:
New Instant Poll
Do you plan to upgrade to IE 7.0?
- Yes, I will immediately install the standalone IE 7.0 upgrade.
- Yes, but I will wait for the Vista-integrated IE 7.0 version.
- No, I will continue using IE 6.0.
- No, I'm using a different browser and don't plan to change.
Go to the Security Hot Topic on our Web site and submit your vote
Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
==== Announcements ====
(from Windows IT Pro and its partners)
Become a VIP Monthly Pass Subscriber
Sign up now and get a VIP Monthly Online Pass that includes online
access to ALL the articles, tools, and helpful resources published in
SQL Server Magazine, Windows IT Pro, and the Exchange and Outlook
Administrator, Windows Scripting Solutions, and Windows IT Security
newsletters. You'll also have 24/7 access to a database of more than
25,000 online articles that will give you all the answers you need,
when you need them. BONUS--Includes the latest issue of Windows IT Pro
each month. Sign up now for just $29.95 per month.
Windows Scripting Solutions Newsletter--2006 Special
Order now and SAVE up to $30 off the regular price. You'll get 12
helpful issues loaded with expert-reviewed downloadable code and
scripting techniques, as well as hundreds of tips on automating
repetitive tasks. You'll also get access to the entire online
newsletter archive (more than 500 scripting articles), including the
popular "Shell Scripting 101" series. Order now for just $99:
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Passwords on a Stick
Dekart released Dekart Password Manager, software that runs on a
portable memory device such as a USB key drive and automatically
collects your passwords and personal data as you type them. Password
Manager then encrypts (by using 256-bit AES encryption) and stores your
information on the drive, which only you can use. The next time you
need to supply the information, you insert the drive, and Password
Manager does the rest. Password Manager works directly from the key
drive, with no host PC installation. Password Manager requires Windows
XP/2000/Me/98/95/NT and costs $39. A free 30-day trial period is
available. For more information, go to
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=1EEB3:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
More information about the ISN