Back at the PDC, I posted “PDC05 - Connect to Trusted Access Points Only” in response to a number of bogus (yet strangely familiar) SSIDs that appeared when connections to access points were spotty. My concern at the time, was malicious users might be hanging SSIDs out there in attempt to hack systems.
The Washington Post has an interesting article, citing this behavior is by design in the way Windows handles wireless connections: the system is intended to broadcast the last successful SSID in the case of a lost access point connection. Seems a bit off to me. I'm sure we'll hear more about this in the coming week.
Read the Washington Post article: “Windows Wireless Flaw a Danger to Laptops”.
What's missing from the terrifying headline? The XPSP2 Firewall; as long as it's enabled and at-risk ports are closed will keep the system safe from unwanted intrusions. By default, the firewall enables itself and requires the user to review inbound ports before users can host games and such. Brian does mention this in his article.
Windows 2000 systems may still be prone to attack,depending on services you have running and the absence of other firewall software.
Users should review your Windows (or other) firewall settings in accordance to their corporate IT standards.
Update: In the news (already; good news always travels fast):