more on Windows Wireless Flaw a Danger to Laptops

[David Farber <dave () farber net>]

Begin forwarded message:

From: "David P. Reed" <dpreed () reed com>
Date: January 15, 2006 4:04:49 PM EST
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] Windows Wireless Flaw a Danger to Laptops

As far as I can tell, Dave, the described flaw is present on most  
Linux laptop distros and OSX distros.

It's basically a function of adhoc association being peer-to-peer,  
and the linklocal addressing standard (which is built into Apple's  
Bonjour, for example).

Don't blame Microsoft for this one.   If I were to blame anyone, it  
would be the original decision by ARPA not to allow TCP/IP to  
research and define end-to-end encryption and authentication in the  
protocol from the start.   (the first round of the crypto wars).   
This decision caused the Internet to grow up with protocols that did  
not default to making sure that the counterparties to communications  
were the ones they claimed to be.

The 80% fix is just to make sure your laptop is running a local  
firewall and uses SSH/stunnel/IPSEC/VPN style protection.   In other  
words, practice safe-sex when your machine is mating promiscuously  
through the ether.

(of course arpspoofing and other man-in-the-middle attacks are still  
quite easy).



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/