The Network Security. Org

Attacking Automatic Wireless Network Selection

Wireless 802.11 networking is becoming so prevalent that many users have become accustomed to having available wireless networks in their workplace, home, and many public places such as airports and coffee shops. Modern client operating systems implement automatic wireless network discovery and known network identification to facilitate wireless networking for the end-user.

In order to implement known network discovery, client operating systems remember past wireless networks that have been joined and automatically look for these networks (referred to as Preferred or Trusted Networks) whenever the wireless network adapter is enabled. By examining these implementations in detail, we have discovered previously undisclosed vulnerabilities in the implementation of these algorithms under the two most prevalent client operating systems, Windows XP and MacOS X.

With custom base station software, an attacker may cause clients within wireless radio range to associate to the attacker's wireless network without user interaction or notification. This will occur even if the user has never connected to a wireless network before or they have an empty Preferred/Trusted Networks List. We describe these vulnerabilities as well as their implementation and impact. SecuriTeam? - Attacking Automatic Wireless Network Selection

More News

• Website infection rate triples
  



• How to Use Honeypots to Improve Your Network Security
  



• Microsoft Patch Tuesday Targets 26 Application Flaws
  



• SSL VPNs might not be as secure as you think
  



• 8 tips to filter spam effectively
  



• Onus on IP address owner to prove innocence
  



• How to install an SSH Server in Windows Server 2008.
  



• Several vulnerabilities closed in the Linux kernel
  



• 8 Best Practices for Encryption Key Management and Data Security
  



• Free Honeypot Client Could Sting Malware
  



• What Firewalls Do & Donot Do
  



• Symantec fingers D Link for bot attacks
  



• WhiteHat: 90% of Sites Still Vulnerable
  



• Red Hat releases free security code
  



• A new type of Bluetooth security
  



• Dude, where is my perimeter?
  



• Scaring users into IT security
  



• VMware fixes security bugs
  



• The top 10 security land mines
  



• Encrypt volumes through a cross platform GUI with TrueCrypt 5.0