×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows 7 Can Create Rogue Wi-Fi Access Point

timothy posted more than 4 years ago | from the feature-not-bug dept.

Wireless Networking 123

alphadogg writes "Windows 7 contains a 'SoftAP' feature, also called 'virtual Wi-Fi,' that allows a PC to function simultaneously as a Wi-Fi client and as an access point to which other Wi-Fi-capable devices can connect. The capability is handy when users want to share music and play interactive games. But it also can allow on-site visitors and parking-lot hackers to piggyback onto the user's laptop and 'ghost ride' into a corporate network unnoticed." While this means a bit more policing for networks meant to be locked down, it sounds like a good thing overall. Linux users, meanwhile, have had kernel support (since 2.6.26) for 802.11s mesh networking, as well as Host AP support for certain chipsets.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

123 comments

Hard shell, gooey centre security obsolete (4, Insightful)

anti-NAT (709310) | more than 4 years ago | (#31206050)

Re:Hard shell, gooey centre security obsolete (3, Interesting)

jhaar (23603) | more than 4 years ago | (#31206802)

Actually, can someone explain to me what the real difference is between "master mode" and AdHoc or mesh networks?

Why is it that only a few chipsets can "do" proper full-blown "master mode" (ie be an Access Point), and yet other chipsets can be used as AdHoc or mesh? I mean - what's the fundamental difference? I've been through this with Linux systems and can't understand why I can't just grab any WLAN card, bring up the interface and whack a DHCP server on it - why doesn't that work for them all?

Just wonderin...

J

Serious issues found with X (5, Insightful)

Josh04 (1596071) | more than 4 years ago | (#31206058)

Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

Re:Serious issues found with X (5, Insightful)

goldaryn (834427) | more than 4 years ago | (#31206112)

Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

True. Incompetent users are the problem irrespective of platform. Never forget - computers do what you tell them to do, not what you meant them to do

Watch us both get modded down now

Re:Serious issues found with X (2, Insightful)

recoiledsnake (879048) | more than 4 years ago | (#31206398)

Slashdot reported on it earlier, then it was complaining that it wasn't finished. Now it's complaining that it can be made to work.

http://mobile.slashdot.org/story/09/11/03/1649246/Unfinished-Windows-7-Hotspot-Feature-Exploited?from=rss [slashdot.org]

"It wasn't all that long ago that Microsoft was talking up the Virtual WiFi feature developed by Microsoft Research and set for inclusion in Windows 7, but something got lost along the road to release day, and the functionality never officially made it into the OS. As you might expect with anything as big and complicated as an operating system though, some of that code did make it into the final release, and there was apparently enough of it for the folks at Nomadio to exploit into a full fledged feature. That's now become Connectify, a free application from the company that effectively turns any Windows 7 computer into a virtual WiFi hotspot — letting you, for instance, wirelessly tether a number of devices to your laptop at location where only an Ethernet jack is available, or even tether a number of laptops together at a coffee shop that charges for WiFi."

Re:Serious issues found with X (4, Insightful)

natehoy (1608657) | more than 4 years ago | (#31206574)

No, a VENDOR who wants to sell you lockdown software is complaining that it can be made to work.

Re:Serious issues found with X (2, Insightful)

hairyfeet (841228) | more than 4 years ago | (#31206898)

You know, I always wondered why /. never points that out in TFA, because you would think that would be pretty relevant to the discussion. company with vested interest in selling you solution A says product B is insecure, therefor you need to buy solution A.

From reading TFA (I know, but I got bored) it sounds like pretty much anything that connects to anything is gonna be labeled insecure by this guy, as it gives him a reason to sell you solution A. But pretty much any business should have figured out by now with things such as wardriving that wireless needs to be locked down, yes? Given the fact that MSFT has always been good about having just about every feature and piece of software that comes with Windows easily locked down via group policies, I don't see what the big whoop is. I'm sure Windows 7 Enterprise and Business has group policies for turning this off without requiring solution A.

But any technology can be exploited if used incorrectly or just left unlocked for anyone to use. It will always have to be locked down by the IT department before deployment if they don't want to be pwned and are actually worth the money they are being paid. How exactly is this news again?

Re:Serious issues found with X (2)

gbjbaanb (229885) | more than 4 years ago | (#31206950)

But any technology can be exploited if used incorrectly or just left unlocked for anyone to use. It will always have to be locked down by the IT department before deployment if they don't want to be pwned and are actually worth the money they are being paid. How exactly is this news again?

Because most people using their laptop in a coffee shop and setting it up as a wifi hotspot are not going to be business users with a large corporate IT department behind them (mainly because such users will have had it disabled and told not to do it). Of course, the number of businesses who do not have a large corporate IT department (or a competent one) will also be using this feature.

Don't forget that the 'corporate IT' with full TechNet training and MSVP guys is the very rare exception, not the rule. That's one of the things that people say is good about Windows - that it's so easy, anyone can use it.

Re:Serious issues found with X (1)

the_womble (580291) | more than 4 years ago | (#31208368)

the number of businesses who do not have a large corporate IT department (or a competent one)

So that's most of them then!

That's one of the things that people say is good about Windows - that it's so easy, anyone can use it.

They may say that - both they are wrong.

  • Keeping Windows secure (locking stuff down, separating user and admin accounts, installing and updating anti-malware, etc.) is too hard for most home users I know. Why do you think IE has a porn browing mode? Because the whole family shares a single login.
  • Installing software on Windows is difficult (compared to Linux as long as its in the repos, anyway)
  • The Windows UI is very familiar because it is widely used, but it is not actually particularly easy - if someone had never used a computer before Windows would not be the easiest OS to learn.

Re:Serious issues found with X (4, Insightful)

hairyfeet (841228) | more than 4 years ago | (#31208568)

While all that you say is true, from what I understand (and I could be wrong) Windows doesn't have this activated by default, you have to turn it on. Any Linux install has the capacity to be an unsecured server, just hanging out there in the breeze for anybody to infect. We don't say that is a bad thing though, do we?

MSFT added a feature. Now this feature, which could be very handy for those that need to share files or want to set up a quick gaming LAN, can be misused and cause security problems. That a handy OS feature can be misused and cause a security problem applies to just about every single program that can access the net. As for corporations? Well if they pay bottom dollar and and only hire the cheapest most underpaid flunky they can get to save a few buck, and they get pwned, I should care....why exactly? Good things cost good money, the same goes for people. if a company is so badly run that this single feature can completely turn their network security into a house of cards I think they have bigger problems, don't you agree?

In the end the whole TFA felt to me like creating a bogeyman for them to defeat with their super neato security product. But you and I know security doesn't come in a can. it isn't some product you can just slap on the network and all is well. Security is an ongoing process, that must be planned, implemented, and adapt with changing conditions. And that all needs competent staff to implement correctly. in the end companies that go for bandaids like the TFAs product (which may be good for all I know) will end up failing miserably when some fool on their network does something stupid. This feature won't kill any networks, piss poor admins and security policies that don't exist will take care of that all by themselves, thanks.

Re:Serious issues found with X (0)

Anonymous Coward | more than 4 years ago | (#31206682)

Because you said you'd get modded down, you were modded up.

Watch me get modded down now.

Re:Serious issues found with X (5, Funny)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31206822)

Never forget - computers do what you tell them to do, not what you meant them to do

I have a mac you insensitive clod, it does what His Steveness (peace be upon him) meant it to do.

Re:Serious issues found with X (1)

gmuslera (3436) | more than 4 years ago | (#31207010)

computers do what you tell them to do, not what you meant them to do

Who is "you" there? The user? Microsoft? others?

In both activating that requires admin/root access, or giving admin access to a program that do that for you.

That program could be a trojan. Still, you have to run that trojan as admin. Now, running an untrusted binary in linux, as admin, even if is for your architecture, seems to require a bit more complex effort in the social engineering side than in Windows to make you run it. And don't know how many windows owners do their normal use of their machines as unprivileged user over the ones that do most as admin,but once there, even pdfs could enter into the trojan realm.

And won't be so amazed if (maybe targetted) spam or sites start teaching step by step how to do some setting in windows registry to "improve" your wireless performance.

Re:Serious issues found with X (0)

Anonymous Coward | more than 4 years ago | (#31207038)

Watch us both get modded down now

Now that you've said that, you deserve to be.

Re:Serious issues found with X (4, Funny)

goldaryn (834427) | more than 4 years ago | (#31206166)

Insightful? He's got the century wrong!

Re:Serious issues found with X (1)

Zero__Kelvin (151819) | more than 4 years ago | (#31208056)

" Linux has had feature X since 20VV, the 'Year of the Linux Desktop'."

"Insightful? He's got the century wrong!"

Great point! Linux has been the superior desktop environment since sometime in the late 1900s.

Re:Serious issues found with X (1)

Draek (916851) | more than 4 years ago | (#31206464)

Actually, it should be "Linux has had feature W since 20VV" since its about Windows' and Linux' capabilities to work as a WiFi access point which, as TFS states, is actually a pretty useful feature in many scenarios. The only problem with Windows' implementation is that its presumably(*) turned on by default, which can be problematic in some enviroments from a security standpoint.

(*) "presumably" because TFA is awfully thin on details, and is fairly unapologetic about being an ad for some security company's software. I'm merely assuming it's turned on by default because it's the only way it could be considered a problem to begin with.

Re:Serious issues found with X (4, Funny)

DiamondGeezer (872237) | more than 4 years ago | (#31206754)

With Linux you have to recompile the kernel, perform a hardware patch between two delicate components using baling wire, do the hokey-pokey and sacrifice a chicken to Satan. THAT'S why its secure.

Note to Linux fanboys - yes, I was being sarcastic.

Re:Serious issues found with X (1)

nextekcarl (1402899) | more than 4 years ago | (#31206878)

I know you were joking, but you just described our Monday morning routine with these [sunriseimaging.com] (Windows based) film scanners*, which was gleaned after careful work with the current engineers working for Sunrise.

* This is not an ad, it is a warning, they are a POS, IMHO of using them for 3 years.

Re:Serious issues found with X (1)

the_womble (580291) | more than 4 years ago | (#31208386)

Whereas with Windows you have to spend hours trying to find the Windows registry incantation to stop it doing it.

Re:Serious issues found with X (1)

Knackered (311164) | more than 4 years ago | (#31206972)

Microsoft Z has been found to contain feature X, which purports to do Y but used incorrectly could instead cause W! Linux has had feature X since 20VV, the 'Year of the Linux Desktop'.

You got that last bit wrong. It's "Linux has had feature X since 21VV, the 'Year of the Linux Desktop'."

Re:Serious issues found with X (1)

jpmorgan (517966) | more than 4 years ago | (#31207056)

Er, no. In this case, Linux has features Q and R, which aren't anything like X, but chances are nobody will notice.

Ghost ridin' the whip! (5, Funny)

hkz (1266066) | more than 4 years ago | (#31206062)

Ghost ridin' the whip! No seriously, I've been wanting to use the Linux host AP features to bring up a mischievous AP that does man-in-the-middle attacks. I'd be connected to some open wifi somewhere, and someone would connect to my netbook and also see an open access point. I'd then give them the upside-downternet: http://www.ex-parrot.com/pete/upside-down-ternet.html [ex-parrot.com]

Re:Ghost ridin' the whip! (1)

hkz (1266066) | more than 4 years ago | (#31206220)

Note: I was deliberately playing down the consequences of that scenario. You could "own" someone pretty thoroughly if that someone was uninformed enough (which 90% of people are) to send sensitive stuff over the network unencrypted. Which is why I use ssh tunnels to a trusted server whenever I'm on an open AP.

Re:Ghost ridin' the whip! (1)

ehrichweiss (706417) | more than 4 years ago | (#31206462)

I think I need to introduce you to SSLStrip and Moxie Marlinspike.. http://www.thoughtcrime.org/software/sslstrip/ [thoughtcrime.org]

Unencrypted sensitive data isn't even necessary.

Re:Ghost ridin' the whip! (1)

iammani (1392285) | more than 4 years ago | (#31206734)

SSLStrip does nothing to disable SSL. If you see the video posted in your link - the guy types "http://gmail.com" and instead of being sent to "https://www.google.com/accounts/ServiceLogin?" to login, he is being redirected to "http://www.google.com/accounts/ServiceLogin?". That is SSL is still safe, provided you take notice of whether you are on an encrypted page or not.

Re:Ghost ridin' the whip! (1)

Score Whore (32328) | more than 4 years ago | (#31207002)

Perhaps you need to be introduced to ssh and the concept of an ssh tunnel. It has nothing to do with SSL.

Re:Ghost ridin' the whip! (1)

LeperPuppet (1591409) | more than 4 years ago | (#31206592)

The TV show the Real Hustle showed this run as a scam to harvest credit card details. A scammer with a laptop sets up as a fake access point which serves up fake payment screen to anyone who connects to that point. Most of the people connecting to the point assume that the payment screen is legitimate and enter their details. You might not catch the truly paranoid or alert, but there's still plenty of people who would be fooled.

No biased reporting here on /. Just the facts. (4, Insightful)

DiamondGeezer (872237) | more than 4 years ago | (#31206086)

I don't participate much in the bore-a-thon dick-measuring contest called "Windows v Linux" on /. but for the record, its crap reporting to claim that Windows 7's "SoftAP" is a "rogue" which allows "ghostriding" while Linux's "802.11s mesh networking" is somehow better because it pre-dates Windows 7 when it allows the same problem which needs to be policed.

I have lots of criticisms of Windows generally and I run XP and Kubuntu, but SoftAP is a network management issue for corporate networks, not a "rogue".

Re:No biased reporting here on /. Just the facts. (5, Informative)

gad_zuki! (70830) | more than 4 years ago | (#31206242)

Agreed, this is beyond stupid. You could do the same with XP if you like, but now its a little easier. I used to share a cellular card this way years ago. The "policing" and "lockdown" of "rogue" access points is like one click in group policy or a value in a reg key.

Slashdot has become the fox news of tech.

Re:No biased reporting here on /. Just the facts. (1)

recoiledsnake (879048) | more than 4 years ago | (#31206412)

Also, how many corporate machines are running with wireless cards?

Re:No biased reporting here on /. Just the facts. (4, Insightful)

kevingolding2001 (590321) | more than 4 years ago | (#31206640)

Also, how many corporate machines are running with wireless cards?

More than you might think. At my work they issue everybody with laptops. They all have inbuilt wireless.

Re:No biased reporting here on /. Just the facts. (2, Insightful)

ChunderDownunder (709234) | more than 4 years ago | (#31206674)

Quite a number. Perhaps not your average cubicle-slave but certainly those in 'client-facing roles' and those encouraged to take work home with them (read unpaid overtime). If security is lax, don't underestimate teenage children in re-enabling features on their parent's work laptop. Then there's consultant teams hired on a project basis that bring their own hardware and aren't subject to internal re-imaging of machines.

Pee Parties (0)

Anonymous Coward | more than 4 years ago | (#31206460)

...dick-measuring contest called "Windows v Linux" on /.

Slashdot has become the fox news of tech.

I'm going to attend a party that is protesting Windows monopoly and its sucky abilities compared to Linux' superior architecture and abilities.

We're calling it a Pee Party - for the pissing contest element.

Now those in attendance protesting, otherwise know as the Pissers, will be there to try to get MS to straighten up and to promote Linux!

Are you with me! It's for America!

Re:Pee Parties (0)

Anonymous Coward | more than 4 years ago | (#31206720)

> Are you with me! It's for America!

Will the terrorists win if I'm not?

(Captcha: conquest)

Re:No biased reporting here on /. Just the facts. (2, Insightful)

maxrate (886773) | more than 4 years ago | (#31206530)

I couldn't agree with you more - seems a good few of the /. linux user base has 'something to prove' quite often. It gets old real quick. I just wish it would end.

Re:No biased reporting here on /. Just the facts. (0, Offtopic)

Hurricane78 (562437) | more than 4 years ago | (#31206556)

Actually, depending on your p.o.v., there is no such thing as bias or facts. Because there are no absolutes in nature, except in mathematics. Everything is relative. Every information is filtered, interpreted and processed a billion times. And always relative to the processor’s standpoint.

What you call “facts” is what fits your inner model and comes from trusted sources. What you call bias, are simply points of view that differ from yours. That’s all there is to it.
Which means that actually it does not matter, since you can always get out the useful bits that fit your reality, by knowing the standpoint of the sources, and interpreting things accordingly.

(Denying all this, because you thought all your life, that there are absolute truths, won’t make it go away. You can of course develop another explanation that fits you better. But will it improve your life more than this one? :)

About your comment’s actual content: I agree, since it nicely fits my inner model, and your comment shows no signs of trustworthiness or inconsistencies visible to me.

Re:No biased reporting here on /. Just the facts. (1)

DiamondGeezer (872237) | more than 4 years ago | (#31206832)

Yes, your keyboard moved and words came out. Unfortunately the ideas conveyed were nonsense.

Re:No biased reporting here on /. Just the facts. (0)

Anonymous Coward | more than 4 years ago | (#31206894)

No, he's right. It is unfortunate that you lack the imagination to see its truth.

Oh my, what danger! (1)

Jorl17 (1716772) | more than 4 years ago | (#31206106)

So....what's the problem? Hundreds of features can be used to do evil.


Damn!...I forgot to cover the USB hole again! Now a hacker can plug a dirty cable in it!

More seriously, I get it, it's the fact that it is a hidden feature. Still, leave MS alone and stop the fuzz. I may not like them; I may not stand them, but you seem to hate them more^^

Re:Oh my, what danger! (0)

Anonymous Coward | more than 4 years ago | (#31207246)

I remember the time I didn't plug my USB hole...

rouge? (0)

hkz (1266066) | more than 4 years ago | (#31206134)

I'd be more impressed if Windows 7 could create a rouge access point.

Re:rouge? (0)

Anonymous Coward | more than 4 years ago | (#31206816)

I'm sure windows 7 is being used in a store that sells makeup somewhere already. Nothing impressive about it.

Not interesting by itself (1)

FranTaylor (164577) | more than 4 years ago | (#31206146)

And certainly other OS's have this feature too.

But you have to look at the big picture. This feature can be combined with one of the other Microsoft "remote access features" that they have been working so hard to remove from their product.

Yippie ki yay (0)

Anonymous Coward | more than 4 years ago | (#31206156)

As the riders loped on by him, he heard one call his name
If you want to save your server from Hell, a-riding on our range
Then cowboy change your ways today or with us you will ride
Trying to catch the Devil's herd, across these endless skies

Yippie yi Ohhhhh
Yippie yi Yaaaaay

Ghost Riders in, Ghost Riders in your LAN

What is this crap (5, Insightful)

CSHARP123 (904951) | more than 4 years ago | (#31206198)

Any OS will have problems if used incorrectly. This biased reporting is BS. It needs to stop.

Re:What is this crap (0)

Anonymous Coward | more than 4 years ago | (#31207008)

Yeah, there C#123. Not like you have a dog in this hunt right? I actually like reading about possible security vulnerabilities regardless of the OS involved. Although seeing as Windows has such a large share of the market, I'd probably like to here about it's problems even more. And not couched in vague generalities. If you don't like it, don't click.

Linux Treats You Like An Adult.... (1)

pandrijeczko (588093) | more than 4 years ago | (#31206260)

...you make decisions about how you want to configure it, you put some work into researching how it should be configured correctly, and you face the consequences of what can go wrong if you mess it up.

If you need to be nursemaided in your computer use, stick with a Mac or Windows. If you're prepared to put some effort into learning how a computer works and how to search forums and asks questions of people who are more than willing to help you out free-of-charge, then try Linux.

It's that simple.

Re:Linux Treats You Like An Adult.... (2, Insightful)

CannonballHead (842625) | more than 4 years ago | (#31206330)

Yes, it's that simple... and for most people, they don't want to research all that.

And if Linux wants to be popular with those people, it's going to have to change a bit.

It's more than knowing how a computer works. The only thing you're talking about right now is software. You're not talking about having to know how a graphics card works in order to use it. You're talking about software configuration. But the problem I have with your simplistic explanation is this: for most people, a generic configuration does work nicely.

And allow me to say I'm glad "Linux" didn't make my digital camera. I'd hate to have to go research on forums just to figure out how to take a picture at a different resolution than it was set at ;) Joking aside, I'm somewhat serious. Most people want to research how to configure things they like working on. Most people don't like working on the computer... most people like working on something ELSE on the computer.

Re:Linux Treats You Like An Adult.... (0, Troll)

module0000 (882745) | more than 4 years ago | (#31207928)

And if Linux wants to be popular with those people, it's going to have to change a bit

We *don't* want to be popular with "those people", you, or your digital camera that you mention.

We assure you get relevant results when you type search queries into google.com. We do NOT assure your OS detects your digital cameras evidence of you cosplaying at comicon.

Re:Linux Treats You Like An Adult.... (2, Interesting)

pandrijeczko (588093) | more than 4 years ago | (#31208672)

This is precisely the reason why I have a problem with so many people on here...

There is *NO*, repeat, *NO* war being waged by Linux to defeat Microsoft. If there was, then it would have already won several battles when it comes to its penetration into server space and into embedded devices - but in the case of servers, it has done far more damage to displacing Sun Solaris, AIX, HP-UX and other "paid for" UNIX implementations.

So there is no *desire* for Linux to be accepted, it's there as an alternative and some people who write apps or GUIs for it do look at how things are done in Windows and emulate it in Linux, because they assume that anyone who *chooses* to try it and is from a Windows background will at least have some familiarity.

If anything, the fact that Linux is there and, in many cases, now a viable alternative to Windows, it has given Microsoft a "kick up the backside" to focus more on giving Windows users a better experience - I seriously doubt a Windows OS as reliable and as liked as XP would have existed without Microsoft fearing the uptake of Linux...

Anyone see the Linux bias here? (0)

Anonymous Coward | more than 4 years ago | (#31206850)

How come when there's a feature in Linux that can burn you if not set right, the zealots say you're being treated like an adult. If it happens in Windows why is it suddenly it's MS fault for introducing a flaw? Such hypocrisy.

Re:Anyone see the Linux bias here? (1)

Dorsai65 (804760) | more than 4 years ago | (#31208188)

No, not hypocrisy.

Using Linux, you're expected to take responsibility for your computer and how it's configured. If it's borked, that's because you probably didn't research/learn as you should have and almost certainly changed something without knowing what it does or is for.

When a Windows box is borked, it's generally because MS screwed it up FOR you, before you got it, and without telling you -- if you had any interest in it working correctly in the first place (which most Windows users are willing to assume it does).

Re:Anyone see the Linux bias here? (2, Interesting)

pandrijeczko (588093) | more than 4 years ago | (#31208630)

As I'm both a Windows XP and Linux user (and I like them both for their own reasons), let me explain this to you in more detail.

Any Linux application I use holds it configuration in a text-based file somewhere on the system - either in my home directory, or globally under /etc somewhere. Whenever I want to change the configuration of an app, I can back up the old configuration just by making a copy of a text file.

So if I'm messing about with the configuration of, say, Xorg (the modern implementation of the X-Windows GUI) to get a particular graphics card feature to work, it's quite possible I break Xorg and have to go scanning through log files to find out why what I did broke it. But I can also just copy back in the original /etc/X11/xorg.conf file and it will work again...

If I'm messing about with some new kernel features, then I can end up putting in place a kernel that panics when I try to boot. But it's very easy to configure the GRUB bootloader to give you the option of booting from the last working kernel that you always keep a copy of, so if my new kernel borks then I can always boot back on the old kernel and try compiling a new one again.

Yes, this stuff is all complicated, even to a Linux veteran like me, but as long as you act responsibly, think about the ramifications about what you are doing, and make sure you have a backout plan, it's not really a problem.

Now explain to me how this would work in Windows? Don't get me wrong, XP is a bloody reliable OS (I can't comment on Vista or 7 because I've never used either) and uninstalling an application usually works to get you out of any mess you're in.

But what about if that app trashes the registry, what do you do then?

And why is it such a big deal whenever I try to backup my "Documents and Settings" directory in Windows, that it won't let me backup a lot of the files unless I boot into safe mode? Or how about I want to take my app settings from one XP machine to another? Presumably I have to use some convoluted backup program, whereas in Linux I can just use "cp" or "scp" over the network to send my home directory and all it's config contents somewhere else.

I'm sorry, but if something happens on an OS that the user cannot prepare a reasonable backup plan for, then it's a flaw in the OS. No, it doesn't happen often in XP but even as recently as last week, there were reports of some automatic updates trashing users' PCs...

Re:Anyone see the Linux bias here? (1)

pandrijeczko (588093) | more than 4 years ago | (#31208642)

Incidentally, I object to being a called a zealot purely because I happen to utter words in support of Linux.

I do use both XP and Linux, and, for example, I have a handful of killer apps on Windows that I don't have on Linux - so there's a plus for XP to balance it out a bit, if that makes you happier.

Re:Linux Treats You Like An Adult.... (0)

Anonymous Coward | more than 4 years ago | (#31207976)

If you need to be nursemaided in your computer use, stick with a Mac or Windows. If you're prepared to put some effort into learning how a computer works and how to search forums and asks questions of people who are more than willing to help you out free-of-charge, then try Linux.

Sounds to me like somebody's got sour grapes. Are you jealous that I can plug a random USB device into my Win7 or OS X boxes and it will work without me spending five hours figuring out the chipset manufacturer, tracking down the generic drivers, finding all of the dependencies for the drivers, compiling them, and then playing with modprobe to get it to load properly?

Re:Linux Treats You Like An Adult.... (1)

Dorsai65 (804760) | more than 4 years ago | (#31208256)

I've been running Linux for over 5 years, and have never had to do anything like that to get a USB drive to work.

Sure, there's some hardware that won't work under Linux because of drivers -- usually cheap-ass crap that people shouldn't be buying in the first place. Then again, my Linux system does recognise the vast majority of hardware, and doesn't need separate drivers for any of it. Hell, the first thing I do when I buy hardware for my system is throw away the Windows drivers disk(s) that came with it, along with whatever suck-ass "free" program they had to toss in to try and convince me to buy it. On top of that, I don't have to reboot eleventy-seven times while installing said drivers.

Re:Linux Treats You Like An Adult.... (1)

pandrijeczko (588093) | more than 4 years ago | (#31208558)

Actually, your comment tells me that you've never used Linux - or at least not recently.

I have all manner of USB disks, webcams, drives, phones, etc. at home and use them all on dual-booting Gentoo Linux and Windows XP machines. The biggest problem I have had with USB recently (and strictly speaking it's not a USB issue) is how to get NTFS-formatted external USB disks to mount with proper permissions using the ntfs-3g user space driver.

The reason this problem came about in the first place was because Microsoft don't allow you to format any drive over 32GB with FAT32 in recent Windows versions (even though FAT32 partitions have a size limit of 2TB) and I needed to have USB disks readable/writeable by both OSes.

In the end I found fat32format [demon.co.uk] which does allow me to use FAT32 on big external disks (even PartitionMagic sets an arbitrary 200GB FAT32 partition limit) and ditched NTFS completely.

I suggest you go ahead and try a modern Linux distro with built in daemons like hal and udev running on startup - because with a modular kernel these days, hardware detection is pretty much automatic....

Re:Linux Treats You Like An Adult.... (1)

the_womble (580291) | more than 4 years ago | (#31208398)

Rubbish. If you have an installed Linux system, what do you need to learn to do everyday tasks like web surfing or word processing? That you use "firefox" instead of "The blue E" and "OpenOffice" instead of "Office".

Easy Solution (4, Informative)

The MAZZTer (911996) | more than 4 years ago | (#31206290)

This doesn't seem like any more of a problem than someone jacking in to an empty ethernet port on your network, except that a) they can do it from outside the building wirelessly and b) any special software used by the 7 user to access the network could potentially helpfully forward packets from others, but that would probably be a fault of the software not checking the origin IP on packets...

Anyways the fix is simple. Require authentication for all network resources. Windows enterprise solutions are set up like this by default and do it transparently using Windows login credentials. An intruder on your network would be unable to access anything. There is the LITTLE issue of exploits, so you can either batten down the hatches as much as you can and continually scan for suspicious network traffic, or you can try an alternate solution which may work better (a combination of both would be best):

For complete security, IT could notify all employees that use of this feature is not permitted. On corporate machines it could be disabled or removed or steps taken to block access, but you must assume users are clever enough to get it working (not to mention booting from a LiveCD bypasses every protection known, except complete Windows software compatibility. Someone did mention Linux software that did this though, and my brother's WiFi card supposedly does it too with a special included application.). IT could also compromise and allow users to use it if it is properly configured, with clear steps outlining how to check if this is the case. However either way, severe penalties (starting with being kicked off the network until you have resolved the problem) would be issued for having an open access point. IT would have to periodically stage their own "attacks" to look for such hotspots and attempt to connect, and then lock the user out of the network if they are able to access the user's machine anonymously (ie folder shares with company files) or the network.

OK so it's a long winded solution but basically: The problem isn't new, lock down systems with authentication best you can, routinely scan for hotspots and penalize users that put them up.

Disclaimer: I am not a security expert but I like to think I've picked up a few things.

Re:Easy Solution (5, Informative)

Niobe (941496) | more than 4 years ago | (#31206346)

You are misunderstanding the problem. The PC running this feature becomes a router bridging their local and probably unauthenticated network with whatever secure network they are already connected to. Add network connection sharing to the mix and you have a security hole regardless of how 'locked down' the original network is. How big a problem this is will depend on the implementation and I haven't seen it.

Re:Easy Solution (1)

jpmorgan (517966) | more than 4 years ago | (#31207082)

No, you are misunderstanding the problem. None of these features: virtual WiFi, connection sharing and bridging, are turned on by default.

The GP is exactly right. If someone wants to 'attack' your network this way, it's no different from walking in with a laptop and an extra usb wifi device. Windows 7 makes it slightly less expensive, that's all.

Re:Easy Solution (4, Insightful)

DavidD_CA (750156) | more than 4 years ago | (#31207894)

Group Policy can disable this for all domain users in one click.

And even if left on, what admin would allow a non-authenticated user access to anything on the network?

Besides, if I had enough access to a machine to turn this feature on, couldn't I just take control of it via traditional means? Why bother.

Re:Easy Solution (1)

weicco (645927) | more than 4 years ago | (#31208320)

But still they have to authenticate against AD to access shares? Well, I guess this depends how things are configurated but I sure as hell can't access our corporate network shares without proper authentication.

Re:Easy Solution (1)

snowytoxa (1749740) | more than 4 years ago | (#31208394)

[sarcasm] windows ( or any other OS) is so insecure! skilled user/admin can use commands like format c: or rm -rf /, let's wipeout them from our hard drives! [/sarcasm]

Re:Easy Solution (1)

QuantumRiff (120817) | more than 4 years ago | (#31206400)

Cisco Wireless (used to be airespace) and other wireless management controllers have had the ability to detect rouge networks for at least 5 years. If they see a rouge, they can attempt to use the nearest AP to connect, and see if the packets can route back to your network. (Showing you if someone plugged a linksys router into your building's wired network, or if the business next door just got wireless)

The Airespace controller even had a "feature" that was heavily discourgaed that would basically take a few of the nearest AP's, and bombard the rouge with packets and DDOS it. I think that the more advanced ones had the ability to use 802.1x features to shut down the network port that the rouge was going through, if I am not mistaken, but I didn't have a model that could do that.

Re:Easy Solution (0)

Anonymous Coward | more than 4 years ago | (#31206584)

rogue!

Re:Easy Solution (0)

Anonymous Coward | more than 4 years ago | (#31207148)

Cisco Wireless (used to be airespace) and other wireless management controllers have had the ability to detect rouge networks for at least 5 years. If they see a rouge, they can attempt to use the nearest AP to connect, and see if the packets can route back to your network. (Showing you if someone plugged a linksys router into your building's wired network, or if the business next door just got wireless)

The Airespace controller even had a "feature" that was heavily discourgaed that would basically take a few of the nearest AP's, and bombard the rouge with packets and DDOS it. I think that the more advanced ones had the ability to use 802.1x features to shut down the network port that the rouge was going through, if I am not mistaken, but I didn't have a model that could do that.

Wow. I never realized networks had a color.

Re:Easy Solution (1)

Redlazer (786403) | more than 4 years ago | (#31207554)

Cisco's implementation is the most cumbersome and the most expensive. I don't truly know how useful it is compared to Aruba's, but I know that Aruba's works like a charm every time, and is automatic and fast.

Re:Easy Solution (1)

shentino (1139071) | more than 4 years ago | (#31206842)

Where I come from, deliberately bypassing network security is a one-strike-and-you're-out termination offense.

Re:Easy Solution (1)

dave562 (969951) | more than 4 years ago | (#31208110)

Can you stop by and have a conversation with my HR department? The finance department seems to be stripping security out of the network under the guise of "controlling costs", yet I can't get an HR policy to make it a termination worthy offense to bypass the few controls that are left.

Re:Easy Solution (1)

dbIII (701233) | more than 4 years ago | (#31206974)

Anyways the fix is simple

Yes, give cisco sh*tloads of money. It's just like the easy solution with corrosion, coat everything in gold. There are better things to do with budgets.
I had an idiot bring in his own wireless access point instead of borrowing any of the spare 8 port switches and a 2 metre cable - and that idiot turned on dhcpd and took quite a few people off the network. The only real way to stop that is firewalls all over the place or firewalls built into all the switches. Effectively you tell the new device that if you are not on the list you are not sending or receiving anything. Only very expensive switches can do this on every port, so the other answer is a lot of firewalls to quarantine off network segments and limit the damage.
IT notifying people is not enough - because then you still get the clueless n00b that thinks they are a genius so the rules do not apply to them and they decide a production network is a nice place for them to learn the basics of networking by poking it with a stick until it breaks. You have to give them a sandbox and whack them on the nose when they sh*t outside of it.

Re:Easy Solution (1)

grub (11606) | more than 4 years ago | (#31207184)


The only real way to stop that is firewalls all over the place or firewalls built into all the switches.

Most intelligent switches can block with ACLs. We block all sorts of nefarious things at out place.

Re:Easy Solution (1)

mysidia (191772) | more than 4 years ago | (#31208378)

This doesn't seem like any more of a problem than someone jacking in to an empty ethernet port on your network

Unused ports are left unusable. Assigned to a 'quarantine VLAN' which has only an IDS on it designed to set off alarms if anything sends traffic to it.

Ports that are in use, have port security enabled with sticky MAC address, and thus an alarm is also set off on violation.

but you must assume users are clever enough to get it working (not to mention booting from a LiveCD bypasses every protection known, except complete Windows software compatibility.

802.1X authentication required to bring up the wired network port. The certificate is installed and available to Windows, but rebooting the machine would cause connection to be lost, and the Live CD distribution would be unable to re-authenticate and gain access (since Linux has no access to Windows' secure crypto keystores).

So, you see.. This Windows 7 problem is much harder to address, and a much bigger risk than other issues such as LiveCDs or unused ports which are very easily made basically non-risks.

Re:Easy Solution (1)

sam0737 (648914) | more than 4 years ago | (#31208414)

I didn't RTFA, but I guess the problem is user will see an AP with the same SSID that user used to be connecting...and tricked into connecting it but that's actually a rouge one? Even without Win 7, I could do it with a $50 SOHO Wireless Router!...

The parent is right - If your network is that sensitive, please turn on Group Policy to requires IPSec encryption on both ends, and requires Proxy (say MS ISA) to go to the Internet. Then the rouge AP doesn't really matter.

I need to check this out (1)

greymond (539980) | more than 4 years ago | (#31206298)

I need to play with this feature on my W7 laptop, I wonder how far the reach is on this and how well I could daisy chain this, just out of curiosity more than anything useful.

Re:I need to check this out (4, Informative)

mrbene (1380531) | more than 4 years ago | (#31206326)

If you want easy-mode, check out Connectify [connectify.me] . Timothy (the poster for this article) linked a story about Connectify back in November [slashdot.org] .

Re:I need to check this out (1)

xtracto (837672) | more than 4 years ago | (#31208452)

Yeah, I checked connectify when it was first released as a beta. Unfortunately they force WPA security thus it is not useful for connecting other portable devices (say Nintendo DS). In addition it is not possible to make it work if you are behind a proxy.

Not again.. (1)

Niobe (941496) | more than 4 years ago | (#31206324)

Didn't we already go through this with Ad Hoc networks on the original version of Win XP? The 'Free Public Wifi' SSID is still around today thanks to this poorly conceived 'convenience' and it was a nightmare for anyone trying to manage a secure wireless network. I think time will show this feature not being worth the trouble it causes.

Oh I see what you tried to do there.. (1)

synthesizerpatel (1210598) | more than 4 years ago | (#31206344)

What you attempt with 'ghost ride' is better communicated and less retarded with one of the following phrases:

* piggy-backing
* covert channel
* out-of-band

There's no applicable analogy with 'ghost ride' to communicate what you're trying to describe. Don't try to introduce new lingo. You might as well call it 'Dog sledding' as it has just as much in common with covert channels as 'ghost riding' does.

Damn! Should have installed Win7 instead of Ubuntu (1)

rduke15 (721841) | more than 4 years ago | (#31206384)

Seriously! That is exactly what I wanted to do a few months ago, but it seems I can't with my WiFi Link 5300. Hostap seems to be for Prism chipsets. Easily creating an AP to share files or to play with neighbors [ex-parrot.com] was one of the bonuses I expected from my switch to Ubuntu. What is going on? Is Windows now becoming the fun OS for geeks and Linux the boring Desktop for the average users?

Re:Damn! Should have installed Win7 instead of Ubu (1)

mrbene (1380531) | more than 4 years ago | (#31206446)

Is the WiFi Link 5300 Intel based? A recent blog entry [blogspot.com] from Connectify indicates that there may be issues with those drivers - at least for Windows. Mind you, if Intel has outstanding issue in the Windows drivers, it's possible that it's a problem in Linux version as well.

Re:Damn! Should have installed Win7 instead of Ubu (1)

cbhacking (979169) | more than 4 years ago | (#31206712)

Lacking more info, I'm going to venture a guess that yes, the 5300 the GP mentions is the Intel Pro Wireless 5300 chipset (802.11abgn, and generally pretty darn good). The Linux drivers for it are open-source, but that doesn't necessarily mean bug-free or that all features are available. It does mean you could try to get it working yourself if you want, though. I have one such chipset myself, and while I've never tried to make it act as an AP, it would be neat to be able to do so.

On a side note, are there any easy Linux tools to make a WLAC card act as an AP and a client simultaneously (as SoftAP apparently does)? That would be very nice - I've only got *one* WLAN card in the laptop and it would be fantastic to be able to use it as simultaneously a client and a repeater that others could access (I promise I wouldn't even redirect them all to 64.111.96.38 [ex-parrot.com] ).

Re:Damn! Should have installed Win7 instead of Ubu (0)

Anonymous Coward | more than 4 years ago | (#31208406)

The old "not quite free" Atheros madwifi drivers were able to do this on Linux for a long, long time. I could use my Thinkpad T41 WLAN card in this way with Linux, and I had that machine in roughly 2004.

There are two parts to this: use a NIC and driver combination that can create multiple virtual NICs from the same hardware, with one in slave mode and one in master; and also run hostap software to provide WPA services. (You could get by with just the driver features in the WEP era, since you just manually set keys once and it worked... now you need the hostap daemon to perform all the WPA authentication and key rotation functions as the network master.)

Re:Damn! Should have installed Win7 instead of Ubu (1)

rduke15 (721841) | more than 4 years ago | (#31208860)

Yes, it's the Intel WiFi Link 5300 (in a Thinkpad), using the iwlagn driver (in Ubuntu 9.04). Not sure if it's because of the chipset, the driver or their combination, but it doesn't support master mode:

# iwconfig wlan0 mode master
Error for wireless request "Set Mode" (8B06) :
        SET failed on device wlan0 ; Invalid argument.

Re:Damn! Should have installed Win7 instead of Ubu (1)

Xabraxas (654195) | more than 4 years ago | (#31206786)

MAC802.11 supports creating an AP and since the standard intel wireless driver is MAC802.11 based you should be able to do this easily with the aircrack-ng suite.

Re:Damn! Should have installed Win7 instead of Ubu (1)

Redlazer (786403) | more than 4 years ago | (#31207542)

Windows 7 can do lots of cool stuff I like.

Kubuntu can do lots of cool stuff I like.

So, I use both.

this is silly... (1)

BitwiseX (300405) | more than 4 years ago | (#31206424)

you can "what if" lots of features. As near as I can tell from the quick searching I did, it's not like it's on by default. I didn't think it would be, but I haven't fooled with Win7 wireless much.

Domain Administrators can do this. [lmgtfy.com]

Is there an article on Network World that condemns Linux for having this ability? Well I did find this [networkworld.com] when I searched for Linux and HostAP. Don't see anything in the article mentioned that it too, could be a security risk if used incorrectly. It's not called Beware the rogue Wi-Fi access point in Linux Kernel 2.6.26 and up.

AD-hoc (0)

Anonymous Coward | more than 4 years ago | (#31206586)

Its called AD-hoc network.

Aruba (1)

Redlazer (786403) | more than 4 years ago | (#31207528)

Aruba Networks has support for detection and elimination of rogue AP's.

An important network that does not have wireless intrusion detection and control is definitely not protected well.

However, a proper Aruba deployment with AP's and a mobility controller can and do identify, mark, and shut down rogue APs and ad-hoc networks, as well as wireless bridges.

I am not terribly worried.

-Red

Mesh is here (1)

DogDude (805747) | more than 4 years ago | (#31208310)

If this article is accurate, we'll see the beginnings of real ad-hoc mesh networks starting in 2010. This feature has the potential for allowing massive ad-hoc networks. Awesome. ISP's are going to pee themselves. Awesome.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...