About @#$%ing time...

Microsoft has finally released a Hotfix for the Windows XP Wireless Client, and all I can say is that it is about friggin' time. Internet Storm Center has a description of the Hotfix HERE. Among other things, this fix addresses one of the most annoying things (from a Windows XP wireless perspective) I've encountered in a long time: the random Windows XP wireless network. If you've ever used Kismet in the vicinity of Windows XP machines, you know what I'm talking about. Not only does XP continue to cycle through its list of preferred wireless networks (leaks far too much information and makes it waaaaaaay too easy to determine whose laptop you're looking at), but you also get the weird random SSID strings. If you just let Kismet run for days or weeks at a time, it isn't at all uncommon to have a list of several hundred or even several thousand probe requests just because of this odd XP behavior. Here's a little piece from the Hotfix page:

In Windows XP with Service Pack 2, Wireless Auto Configuration tries to match preferred wireless networks to wireless networks that broadcast their network name. If no network matches a preferred wireless network, Wireless Auto Configuration sends probe requests to determine whether the preferred networks are nonbroadcast networks. In this manner, a Windows XP wireless client advertises its list of preferred wireless networks. An observer may monitor these probe requests and configure a wireless network by using a name that matches a preferred wireless network. If the wireless network is not secured, this network could enable unauthorized connections to the computer.

I understand Microsoft's intent in designing their wireless client to work this way. Obviously, they are trying to make the connection to wireless networks easy. They've made it easy at the expense of security. And on an OS that is notoriously difficult to protect without extensive 3rd party software.

By strange coincidence, this Hotfix was released almost to the day of the 5th anniversary of the release of Windows XP. This unusual wireless behavior has been a known issue since that time. Why in the world did it take 5 years to release a fix for this? Ok, I grant you that some of the other things that this Hotfix addresses weren't big issues 5 years ago. But that strange "parking" behavior? C'mon. If I'm a Bad Guy, all I have to do is sit in the parking lot with Kismet running and listen for Windows XP machines to start cycling through their list of preferred networks. Depending upon the number and frequency of these probes, I can start making some fairly educated guesses about these wireless clients, and with a little extra effort on my part, I could setup my trusty Linux laptop in AP mode and start trying to trick unsuspecting users into connecting to me, at which time I can start collecting usernames and passwords and whatnot. If I'm so inclined, I can then take this information and compare it to data that I pull down from WiGLE and I can even start making guesses about where these users are located and places they frequent, based solely on this hemorraghing of information from the Windows XP Wireless Client. If you use Windows XP wirelessly, install this Hotfix immediately. In addition, be very careful with who you are talking to wirelessly. You never know who might be listening.

Tools of the Trade, Part III

A few more "must-have" tools to keep on hand:

• 3D Traceroute (http://www.d3tr.com). Portable! Gotta have a good traceroute program, and 3D Traceroute is about as good as it gets.
  
• Sam Spade (http://www.samspade.org). Fantastic tool for IP lookups, DNS info, etc., etc. The site appears to be unavailable at the moment, but the Sam Spade tool is available for download at lots of sites around the net.
• Wireshark (http://www.wireshark.org). A quality packet sniffer is just something you must have. You can't even hope to dig into what is going on throughout your network if you don't have a good packet sniffer. Formerly known as Ethereal, Wireshark is the cream of the crop.
• Cygwin (http://www.cygwin.com). Cygwin provides a Linux-like environment in Windows. If you can afford the disk space, it is probably worth doing a full install. Tons of tools that we know and love from Linux now available in Windows. For me, it makes life much less stressful.
  

Mapping wireless networks

I recently had reason to do a little wireless investigation at work. There was some concern that there may be a wireless access point attached to the network that had been setup insecurely. So I grabbed my laptop and my USB GPS device and scampered off like a kid on his way to the candy store. I did some passive investigation from the parking lot with Kismet and NetStumbler. If you aren't familiar with these tools, I can't recommend them strongly enough. When using these tools together, the WiFi data you can collect is amazing, especially if you use them in conjunction with GPS. Ok, so you've got this data....now what? That's where WiGLE comes into play. WiGLE, the Wireless Geographic Logging Engine, is a clearing house for files collected by people all over the world when wardriving, warwalking, wardancing, or warskippingaboutlikealoon. You upload your file to the WiGLE site and it crunches the data and makes the results available for download. Using one of the WiGLE clients (I really like the Java-based client, JiGLE), you can download data for any number of areas and it gives you maps and locations of all of the identified APs. JiGLE allows you to view area polygons, displaying the coverage area of a given AP, as shown here:

With a little bit of effort, you can even import JiGLE data into Google Earth. Now that, friends and neighbors, is cool; simple as that. WiGLE is a great tool to have in your back pocket.

Link

Who says network people aren't funny?

I was working on a couple ideas for a few new posts and I happened to blindly stumble across this story: Jessica Simpson on Open-Source Routers. With a title like that, I had to investigate. Ahhhhh.....good humor. Don't get me wrong, it won't have you howling with laughter or anything, but it was just the thing to lighten up an otherwise dreary Monday morning.

Nifty tool

Like any self-respecting techno-geek, I'm always on the lookout for new tools. I love to comb through SourceForge or Freshmeat, looking for new and interesting software. Ever since VMware released VMware Server as a free product earlier this year, I've spent a lot of time messing with it, trying new and interesting ways to use it, etc. I've been doing some really interesting stuff with it recently (I'll make an extensive post on this at some point in the near future), and have downloaded and experimented with dozens of the free Virtual Appliances. Just when I thought that VMware couldn't be any cooler, I found this: VMware Converter. It essentially takes an image of a running Windows machine and creates a virtual machine. They claim that you can image a hot machine without actually disturbing the machine being imaged. And it can all be done over Ethernet. And (this is arguably the best part), it is free. It can also create VMs from older VMware formats, Symantec Bacukp Exec System Recovery, and Microsoft Virtual Server/Virtual PC. I haven't had a chance to extensively test this yet, but assuming it lives up to their claims, this has so much potential, I don't even know where to being.

Kudos to the VMware folks.