Thanks Harlan--I feel slightly chastised by your post ;-) But still, I wondered what would happen if those steps weren't in place--ie users who have the ability to turn off their firewalls/connect to non-infrastructure networks. I'm wondering if there is a deeper way to solve this--obviously turning off the zero config is a start.
Regards Murad Talukdar -----Original Message----- From: Harlan Carvey [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 1:55 AM To: Murad Talukdar; [email protected] Subject: Re: Windows wireless flaw... Murad, > Has anyone tested this out? If so, what are you > thinking about doing to prevent it? RTFB (ie, "Read The Fun Blog"), my friend: "Anyway, you might be wondering now how you can make sure your Windows laptop is protected from this.....er, feature. First of all, if you are running any kind of network firewall -- including the firewall that comes built in to Windows XP -- you won't have to worry about some stranger connecting to your laptop. In fact, I had to shut down my firewall for both of us to successfully conduct our test." ...and... "Another good idea is to change the setting on the computer's wireless card to connect only to "infrastructure networks"..." ...and, oh, yeah... "...Microsoft has acknowledged this vulnerability and says it plans to change the default configuration in the next service packs..." Hope that helps... ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://windowsir.blogspot.com ------------------------------------------ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
