NTA Monitor

Latest News

IT Managers get to grips with Internet security issues

4th May 2010 According to NTA Monitor's 2010 Annual Security Report, the average number of Internet security vulnerabilities afflicting organisations has fallen.. Read More

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More
Date: 30th February 2006
Risk: Low

Microsoft doesn't seem to be experiencing a good start to 2006, flaw-wise. After the highly critical WMF flaw was published, exploited and patched, a feature of Windows XP and 2000, enabling PCs to automatically search for wireless connection spots, has been highlighted as a possible security flaw. If exploited, this facility could enable the victim's PC to connect unintentionally to peer-to-peer networks.

The feature was announced at a hacker's conference on Saturday 14th January and is explained on News.com: "When a PC running Windows XP or Windows 2000 boots up, it will automatically try to connect to a wireless network. If the computer can't set up a wireless connection, it will establish an ad hoc connection to a local address. This is assigned with an IP address and Windows associates this address with the SSID of the last wireless network it connected to. The machine will then broadcast this SSID, looking to connect with other computers in the immediate area.

The danger arises if an attacker listens for computers that are broadcasting in this way, and creates a network connection of their own with that same SSID. This would allow the two machines to associate together, potentially giving the attacker access to files on the victim's PC."

Some have called this a 'vulnerability' and some a 'feature' - strictly speaking, a vulnerability makes a PC do something that it's not meant to do, which is not the case in this instance. As this 'feature' is an intentional function of Windows, it can't truly be classified as a vulnerability.

Firewalls should be able to stop this happening, and those using Windows XP Service Pack 2 are not thought to be at risk. Microsoft has stated that: "Due to the design of this feature, the most appropriate method for adjusting the default behaviour is in a future Service Pack or update rollup." On Tuesday 17th January, Microsoft revealed that it was not planning to release the next Service Pack for XP until the second half of 2007, potentially meaning that this feature could remain vulnerable for up to 18 months.

References