Sunday, July 15, 2007

Why isn't this a critical update?

Got wireless? Have you got this “patch” from Microsoft? KB917021 . If you don't then I'd make sure that you do. You'll also have to download it MANUALLY, yes manually it is not available from Windows download at all. Why is this “patch” important? Well ...

Changes for nonbroadcast networks

In Windows XP with Service Pack 2, Wireless Auto Configuration tries to match preferred wireless networks to wireless networks that broadcast their network name. If no network matches a preferred wireless network, Wireless Auto Configuration sends probe requests to determine whether the preferred networks are nonbroadcast networks. In this manner, a Windows XP wireless client advertises its list of preferred wireless networks. An observer may monitor these probe requests and configure a wireless network by using a name that matches a preferred wireless network. If the wireless network is not secured, this network could enable unauthorized connections to the computer.

Yes, you read right. If you have Windows XP with Service Pack 2 and all the patches and a wireless adapater that you leave on even when it is not connected to a wireless acess point then without this patch Wireless Auto Config sends probe requests to determine whether the network you used to connect to are there. Bottom line Windows XP wireless client tells anyone who wants to listen its list of preferred wireless networks. This ain't good.

Also while you are in fiddling withyour wireless setting turn off your wireless adapters ability to connect to ad hoc networks. This option is default on Windows XP and may allow someone to connect to your computer via ad hoc wireless if you leave your wireless card turn on.

Safest bet? When you aren't using wireless on your laptop - turn the adapter off.