Frighteningly Simple Wireless Vulnerability in Windows

This flaw, or rather behavior (since it was designed this way) affects Windows 2000, XP (and my guess is, 2003 Server). Brian Krebs of the Washington Post has the full details here. Up front, I’ll say I consider this a misconfiguration of the laptop, but more on that later.

It’s not that complicated, but the explanation is somewhat lengthy. I’ll leave the full details for the Krebs article, but here’s a shorter version.

Windows looks for any available wireless connections when a laptop boots up. If it can’t connect, it creates an ad-hoc private network with your laptop card assigned a random number in the range 169.254.1.1 to 169.254.254.254.

Here’s the kicker. Windows remembers the SSID of the last wireless LAN you successfully connected to. Once this private network is created, the laptop then broadcasts the SSID looking for other computers that may have connected to that network. Someone sniffing the airwaves can pick up on this and connect to the first laptop, at which point, you’ve got a network and can send data back and forth. Not a good thing. Worse, let’s say you have two laptops that have recently connected to a network with the same SSID (Starbucks, anyone) … if those two are booted and there’s no other network to connect to, they will connect to each other seamlessly.

There’s a lot more detail in the Krebs article, including some real-life examples that should make you shudder. How do you prevent this from happening?

Well, you can either disable your wireless connection (some laptops have a button to disable this) or you can go into Start, Settings, Network Connections, right-click on the wireless networking connection and disable it.

Alternatively, get into your wireless networking connection the same way as above (except instead of Disable, select Properties). Then click on the Wireless Networks tab, then the Advanced button, then under “Networks to access” select “Access Point (infrastructure) networks only”. This will prevent ad-hoc connections of the type above from being created. Earlier I said this was really a laptop misconfiguration, and this is why. This is most likely how your laptop should be set. Ad-hoc networks aren’t really something most people would use.

Scariest thing, this isn’t the default setting on a new laptop, but generally this setting is something I change when I first get a laptop, to speed up connections. But on my newest laptop, I totally forgot about it, so it was set to “Any available network (access point preferred)”. Oops.

Technorati Tags : Security

Congress Looks to Require Companies to Resist Chinese Net Censorship

I’ve been quiet on this subject, although it’s been bugging me for some time. It really bothers me when a U.S. company bows to another countries’ requirements for Internet censorship, and the most obvious example is China.

Representative Christopher Smith, Republican, New Jersey, and chairman of the House Subcommittee on Human Rights, isn’t pleased with it either. Next month he plans to hold a hearing with representatives from the U.S. State Department, Google, Yahoo, Microsoft, Cisco and Reporters Without Borders having the opportunity to speak.

Last week Microsoft shut down a popular Chinese blog written by Zhao Jing, also known as Michael Anti. This was widely criticized around the world, and Robert Scoble, Microsoft’s own in-house blogger, said he was “depressed” by the news and offered Anti the opportunity to blog via his site.

Scoble wrote:

“Guys over at MSN: Sorry, I don’t agree with your being used as a state-run thug,” he said. “It’s one thing to pull a list of words out of a blog using an algorithm. It’s another thing to become an agent of a government and censor an entire blogger’s work.”

(Scoble was referring to the story from last year when Microsoft admitted censoring the words freedom and democracy from the Chinese MSN portal.)

All this, plus the story about Yahoo! contributing to the jailing of a Chinese journalist … well, this has all really disappointed me … and I’m sure I can find plenty of other stories if I look hard.

What’s disappointing in this? (Here’s where I’ll lose a lot of people, I’m sure). The attitude of a lot of people. For example, Sonia Arrison, director of technology studies at the free-market Pacific Research Institute says “If Yahoo isn’t doing business in China, someone else will” and “It’s putting American businesses at a disadvantage in the world marketplace.” Look at the Pacific Research Institute website. It says “The Pacific Research Institute (PRI) is a free-market think tank providing practical solutions for the issues that affect the daily lives of all individuals.” Wow, reading that, you’d think they actually cared about human rights. I mean, really, “If Yahoo isn’t doing business in China, someone else will.” That smacks of something a drug dealer might say. “Well, if I’m not selling drugs on that corner, someone else will.” You get the drift.

Bottom line for me: the U.S. used to stand for something … it used to be that we tried to set a standard for the rest of the world. So Yahoo! doesn’t make some money. It will make plenty more. Shouldn’t we take a stand somewhere? And not just on human rights, don’t get me started on the environment.

So I hope Smith gets somewhere with this. Reporters Without Borders called for American companies to establish a voluntary code of conduct to resist censorship demands. Short of that, they said Congress should pass a law enforcing such a code. According to the Boston Globe (via TMCNet):

Smith said such a law is probably the only way to stop US firms from cooperating with overseas censorship. He said that no US company should ever comply with China’s political censorship policies, even if it means they lose the right to do business in China.

I say: go for it, Smith.

Technorati Tags : Internet, Freedom

Converting a Linux PC to Windows (Not as Easy as it Sounds)

My friend purchased a cheap Linux PC. Of course, the idea was to reformat and place Windows on it. However, after starting the install, Windows XP reboots … at this point the message “Disk Boot Error” is displayed. So the install cannot complete.

At this point he was lost. I decided to take a look. I had a feeling there was a Linux boot record that was causing a problem. The reformat wasn’t taking care of it.

What I did was use the Ultimate Boot CD 4 Windows. You create this using a set of freeware tools and your Windows XP CD. I used this to boot the system, and used MBRWiz (Master Boot Record Wizard) to wipe the Master Boot Record.

Crossing my fingers, I started up the Windows XP install again. It went through the first pass, booting from the CD, then it rebooted. At this point in the install XP has to boot from the HD. Here’s where it was failing previously.

And it worked. So the problem was indeed that Linux had mucked with the Master Boot Record. Makes sense, though.

So, if you want to convert a cheap Linux PC into a Windows PC, don’t forget to clear the MBR. It’s not enough to reformat. Remembering this will save you a lot of time and effort.

Technorati Tags : PC, Windows