“ThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication, can be tricked by a 802.11-based wireless client adapter operating in master mode (“the attacker”) to discard the WEP settings and negotiate a post-association conection with the attacker in the clear.”

I’d like to start by saying that this attack is not known to work against WPA or WPA2(802.11i) protected networks. So, if you are still using WEP, its time to implement WPA. Of course, this may mean that you need a hardware upgrade. The cost of Wireless gear has dropped dramatically. You can get a completely new wireless setup at home for cheap:
Linksys WRT54G, $39.00 from buy.com
Linksys WPC54G PCMCIA 802.11G wireless adapter, $39.00 from buy.com
The above two items are also shipped free, so for $80.00 you can get an entirely new wireless setup. Not bad.

Full Article

Original Advisory

About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.