Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: And here's how a Windows 0-day works over Wi-Fi (Score 2, Informative) 386

by b33t13 (#14359667) Attached to: Exploit Released for Unpatched Windows Flaw

Beating the rogue access point (AP) dead horse a bit here, and spelling it out for those who don't "get it".

Badguy creates hostile "website" with Windows exploit. Badguy goes to local airport terminal or Starbucks and pretends to be a legitimate wireless hotspot using Airsnarf or similar rogue AP utility. Badguy FORCES any user who joins wireless network to browse the hostile website that has the Windows exploit. User gets owned. Lather, rinse, repeat.

You can do this to your neighbor, too, if they have an open access point. FYI.

The point is that it does NOT require coincidental surfing of hostile websites to gather and exploit targets with a Windows 0-day these days. The rich and elite road warriors carrying all their financial and corporate data with them are prime targets. Attackers with rogue AP setups can make easy money from hotspot users by FORCING them to browse a hostile "website" with a rogue AP "splash page".

Particularly vulnerable, are hotspot users that have the Windows operating system installed and use IE as their default browser.

Sincerely,

Beetle

What the world *really* needs is a good Automatic Bicycle Sharpener.

Working...