* Who's in danger of the recently demonstrated 'Windows wireless flaw'? A little over a week ago, a story broke on the Washington Post’s Web site, which purported to reveal a major security flaw in “laptops powered by Windows XP or Windows 2000 with built-in wireless capabilities.” The writer was given a demonstration by Mark Loveless, a security consultant better known by his online identity of “Simple Nomad”, purporting to demonstrate this flaw.Let me begin by saying that the vulnerability demonstrated by Loveless is real. What’s not real is the spin that the Post’s story puts on it.The story starts with the title: “Windows Wireless Flaw a Danger to Laptops.” It isn’t a “Windows wireless flaw,” but an intentional consequence of the IETF’s Request for Comment (RFC) #3927 (“Dynamic Configuration of IPv4 Link-Local Addresses”) written by three engineers – one from Microsoft, one from Apple and one from Sun. Any computer with an RFC3927-compliant Wireless client – which includes those running the Mac OS, Unix and Linux as well as Windows machines – will exhibit the same behavior. What is even more interesting, though, is that even in Windows XP this is not the default behavior. As the Washington Post article indicates, “First of all, if you are running any kind of network firewall – including the firewall that comes built in to Windows XP – you won’t have to worry about some stranger connecting to your laptop. In fact, I had to shut down my firewall for both of us to successfully conduct our test.” Read that again: the reporter had to shut down his firewall so that the security breach could occur! I’m waiting for the follow-up story that says strangers can wonder into your house if you leave the doors unlocked.So it’s a flaw that affects most laptops – not just ones running Windows. And you have to go out of your way to enable the exploit to occur. Yet I’ll wager that some of your users will pick up on the story and use it to complain about Microsoft. If some (or even one) of those users control budget or stand between you and the CEO, then you’ll need to keep this newsletter around so that you can slowly, using words of one syllable, explain the Chicken Luddle nature of the threat. Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Technology Industry Markets news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Network Management Software Network Management Software news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Mainframes Mainframes Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe