First, some news:
we have a new look and feel / theme for the blog
and in response to a comment from one reader (Hi William!) the "categories" -
have all been broken-out in the page header, along with links
to the relevant RSS feeds for each.
So if you prefer to separate the Sun Security Alerts from the Security
postings, all you need do is bookmark or subscribe to the relevant
page / feed. I'd like to thank Chandan
for his as-ever superb graphic tastes...
Er.. yes, something like that. You know what I mean.
Second: an observation that I should really have followed-up some time
ago; I run almost exclusively Solaris upon my laptops, and having developed the habit early-on
for some time now I've been faffing with WiFi configuration at a fairly raw level.
- I eschew the GUI convenience of
and the automation of
in favour of handhacked shellscripts.
In these circumstances I have thus become more intimate than most with
the output of Solaris's wifi-administration tools.
For ages I've been plagued by offers of Free Public WiFi - for
that is the name of the network, one sees it everywhere - whenever
I've been scanning for network access, and it finally struck me to
actually look the damned things up. There were too many of these networks for them to be a legitimate enterprise.
Instantly I found a blog posting which not merely explained the
phenomenon, but also outlined my extant fears and my eventual conclusion too;
in short the phenomenon is not a computer-borne virus but a
human-borne viral meme
which is caused (enabled?) by a XP misfeature:
So what are these things? In doing a search, I found some references
in security-related discussion groups to the phenomenon, and lots of
instances of people spotting these, even on airplanes. But didn't see
what I was afraid I'd find -- that this is some kind of virus or
spyware that sets up an ad hoc network as a trap.
It appears to be a manifestation of a feature of Windows that I wrote
about earlier this year. When Windows connects to a network, it
retains that network's name, or SSID, then broadcasts its as an ad hoc
network, essentially inviting a connection. You can find more details
here. Microsoft has said it will fix this in the next XP service pack;
it's unclear if Windows Vista behaves this way.
So why do you see so many of these? My theory: It's viral, but not a
What's the thing almost everyone wants to find when they open a
WiFi-enabled notebook and search for a connection? Why, free public
WiFi! If you see that -- and you don't know any better -- you connect
Your notebook then retains that SSID, broadcasting it as an ad hoc
network. Others see you, connect to you, pick up the name, and later
pass it on. And on and on it goes. Since people travel with their
notebooks, it's easy for this to have moved quickly, across the
country -- like a cold spreading in the closed confines of an airplane
As a student of IT security taxonomy, to me this is clearly different
from all of the typical viruses, worms and trojans; I feel that 'meme'
is the only remaining accurate description, although I'd welcome