Broadcom Wireless Flaw
Heads up if you are a wireless user.
Computer code that could let an attacker hijack Windows PCs via a Wi-Fi connection was published on the Internet over the weekend.
The code exploits a security vulnerability in a driver from chipmaker Broadcom. The software is used to run wireless networking hardware in Microsoft Windows-based computers sold by Hewlett-Packard, Dell, Gateway, eMachines and others, according to advisories sent out by various security groups and companies. Potentially, millions of systems could be affected.
The vulnerability is caused by improper handling of wireless network service names, called service set identifiers, or SSIDs, according to a Symantec alert sent to DeepSight subscribers on Monday. An intruder could craft a long SSID that would trigger the vulnerability and give him complete control over the vulnerable machine, the security company said.
…
Computer users can check if they have the vulnerable driver by searching for it on their system. The driver filename is: BCMWL5.SYS. As a workaround, some people suggest installing the fixed Linksys drivers for protection. TechRepublic blogger George Ou has instructions on how to do that.
According to George Ou, HP issued a Windows certified driver to Windows Update in October.
They shouldn’t scare me like that.


