“ThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication, can be tricked by a 802.11-based wireless client adapter operating in master mode (“the attacker”) to discard the WEP settings and negotiate a post-association conection with the attacker in the clear.”

I’d like to start by saying that this attack is not known to work against WPA or WPA2(802.11i) protected networks. So, if you are still using WEP, its time to implement WPA. Of course, this may mean that you need a hardware upgrade. The cost of Wireless gear has dropped dramatically. You can get a completely new wireless setup at home for cheap:
Linksys WRT54G, $39.00 from buy.com
Linksys WPC54G PCMCIA 802.11G wireless adapter, $39.00 from buy.com
The above two items are also shipped free, so for $80.00 you can get an entirely new wireless setup. Not bad.

Full Article

Original Advisory