IT-DISCUSS Archives

January 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Philip Plourde <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Fri, 20 Jan 2006 10:54:15 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (52 lines)
So this threat is about as dangerous as being connection to a network 
with other computers while having file sharing turned on.

I love this line in particular: 
"This would allow the two machines to associate together, potentially 
giving the attacker access to files on the victim's PC." 

Associate together?  Is that like having tea?

This feature, that I believe was deactivated with SP2, is one of the 
first questions we get from people with a new notebook.  They take the 
machine home and find that it won't talk to their home wireless 
gateway/router.  You either have to create a wireless profile for your 
home system and allow it to connect, or you throw the switch back to 
auto connect to any available network.  If you offer the security 
prudent solution and create the profile, your third support call will be 
a few months later with them in their hotel room at some conference and 
their machine will again not connect to the latest wireless network they 
encounter. 

The bottom line is still the same:  If you are not accessing your files 
remotely, leave file sharing blocked by the firewall.  Regardless of 
whether you access files remotely, have good passwords on all accounts 
on the machine, especially Administrator, which should be renamed anyway.

The vector of attack here is the mere ability to pass IP traffic to your 
machine.  If that worries you, I'd consider one word very carefully:  
CatsPAWS

Phil.


Stefanie Ploof wrote:
> Microsoft has acknowledged a wi-fi security flaw in their operating
> system, but will not offer a patch until 2007 when Windows XP SP3 is
> released:
>
> http://newsletters.zdnetuk.cneteu.net/t/103590/1882716/78546/0/
> http://news.zdnet.co.uk/internet/security/0,39020375,39247302,00.htm
> http://news.zdnet.co.uk/software/windows/0,39020396,39247733,00.htm
>
> If you follow the chain of ZDNets you'll see that Vista is taking
> priority over XP SP3, hence the delay.
>
>
> ----
> Stefanie Ploof
> CIT Client Services
> CALS Information Technology Office
> University of Vermont, Burlington
>   

ATOM RSS1 RSS2